问题描述
我有一个Linux \\的Java6客户端,将认证通过Kerberos sharepoint2010,然后用发送HTTP REST Web服务的Apache Commons的HttpClient 4.2
如果我的命令行运行为myuser的kinit MYDOMAIN @连接我的客户之前运行平稳地。
我的问题是,我如果我不跑的kinit,我得到提示输入用户名。
我怎么编程认证,而不会提示输入用户名和无需运行命令行程序?
(我创建和密钥表,并在规定login.conf中,所以这需要在密码提示的护理,但不是用户PROMT的)
公共静态无效的主要(字串[] args)抛出异常{ System.setProperty(java.security.auth.login.config,login.conf中);
System.setProperty(java.security.krb5.conf,krb5.conf的);
System.setProperty(sun.security.krb5.debug,真);
System.setProperty(javax.security.auth.useSubjectCredsOnly,假); DefaultHttpClient的HttpClient =新DefaultHttpClient();
尝试{
httpclient.getAuthSchemes()寄存器(AuthPolicy.SPNEGO,新SPNegoSchemeFactory()); 凭据use_jaas_creds =新凭证(){ 公共字符串getPassword来(){
返回null;
} 公共校长getUserPrincipal(){
返回null;
} }; httpclient.getCredentialsProvider()。setCredentials方法(
新AuthScope(NULL,-1,空)
use_jaas_creds); HttpUriRequest请求=新HTTPGET(HTTP:// kerberoshost /);
HTT presponse响应= httpclient.execute(请求);
HttpEntity实体= response.getEntity(); 的System.out.println(----------------------------------------);
的System.out.println(response.getStatusLine());
的System.out.println(----------------------------------------);
如果(实体!= NULL){
的System.out.println(EntityUtils.toString(实体));
}
的System.out.println(----------------------------------------); //这将确保连接被释放回经理
EntityUtils.consume(实体); } {最后
//当HttpClient的实例不再需要,
//关闭连接管理器,以确保
//所有系统资源的直接释放
。httpclient.getConnectionManager()关机();
}
}
您必须提供除密钥表文件中的主体名称得到一个完全透明的客户端Kerberos身份验证(使用kinit):
客户端{
需要com.sun.security.auth.module.Krb5LoginModule
useKeyTab =真
storeKey =真
密钥表= /路径/要/ userKeytab
主要=username的;
};
I have a linux\java6 client that will authenticate to sharepoint2010 with KERBEROS and then send HTTP REST web services using Apache Commons HttpClient 4.2
If I run from command line "kinit myuser@mydomain" before connecting my client runs smoothely.
my problem is that I if i dont run kinit , I get prompted for a username .
how do I authenticate programatically without being prompted for a username and without having to run command line programs?
(I created and keytab and defined it in login.conf, so that takes care of the password prompt but not of the user promt)
public static void main(String[] args) throws Exception {
System.setProperty("java.security.auth.login.config", "login.conf");
System.setProperty("java.security.krb5.conf", "krb5.conf");
System.setProperty("sun.security.krb5.debug", "true");
System.setProperty("javax.security.auth.useSubjectCredsOnly","false");
DefaultHttpClient httpclient = new DefaultHttpClient();
try {
httpclient.getAuthSchemes().register(AuthPolicy.SPNEGO, new SPNegoSchemeFactory());
Credentials use_jaas_creds = new Credentials() {
public String getPassword() {
return null;
}
public Principal getUserPrincipal() {
return null;
}
};
httpclient.getCredentialsProvider().setCredentials(
new AuthScope(null, -1, null),
use_jaas_creds);
HttpUriRequest request = new HttpGet("http://kerberoshost/");
HttpResponse response = httpclient.execute(request);
HttpEntity entity = response.getEntity();
System.out.println("----------------------------------------");
System.out.println(response.getStatusLine());
System.out.println("----------------------------------------");
if (entity != null) {
System.out.println(EntityUtils.toString(entity));
}
System.out.println("----------------------------------------");
// This ensures the connection gets released back to the manager
EntityUtils.consume(entity);
} finally {
// When HttpClient instance is no longer needed,
// shut down the connection manager to ensure
// immediate deallocation of all system resources
httpclient.getConnectionManager().shutdown();
}
}
You have to provide the principal name in addition to the keytab file to get a fully transparent client Kerberos authentication (kinit):
client {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
storeKey=true
keyTab=/path/to/userKeytab
principal="userName";
};
这篇关于设置用户名编程,而不是迅速,与HttpClient的\\ Kerberos的的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!