问题描述
我正在尝试将HttpClient创建为支持NTLM和Basic身份验证的服务。在我的情况下,NTLM将无法工作,因为HttpClient机器处于与服务不同的域下(感谢公司决定非常缓慢地迁移正在使用的域的名称......)。但是看起来HttpClient仍然会尝试使用它。
I am trying to make a HttpClient to a service that support NTLM and Basic auth. In my case NTLM will not work, because the machine HttpClient is on is under a different domain to the service (thanks a corporate decision to very slowly migrate the name of the domain being used...). However it seems HttpClient will still try to use it anyway.
CredentialsProvider credentialsProvider = new BasicCredentialsProvider();
credentialsProvider.setCredentials(AuthScope.ANY,
new UsernamePasswordCredentials(
username, password));
HttpClient client = HttpClientBuilder.create()
.setDefaultCredentialsProvider(credentialsProvider).build();
HttpGet method = new HttpGet(uri);
HttpResponse response = client.execute(method);
我只是希望它发送HTTP 身份验证:基本...
标题。我已经在任何Java HTTP框架之外测试了这个(例如,使用带有手动创建的HTTP请求的原始ssl套接字),所以它似乎是一些Java / Apache HTTP问题,它试图做我没有要求的事情而且真的不喜欢我希望它甚至尝试做...
I just want it to send the HTTP Authentication: Basic ...
header. I have tested this outside any Java HTTP frameworks (e.g. using a raw ssl socket with a manually created HTTP request), so it seems to be some Java/Apache HTTP issue with it trying to do things I did not ask for and really don't want it to even try to do...
推荐答案
这是因为表现良好的客户应该选择一种比本身不安全的BASIC auth更安全的方案。
That is because well behaved clients should choose a more secure scheme over an inherently insecure BASIC auth.
这是永久禁用NTLM(和其他非标准方案)的方式
This is how one can disable NTLM (and other non-standard schemes) permanently
Registry<AuthSchemeProvider> r = RegistryBuilder.<AuthSchemeProvider>create()
.register(AuthSchemes.BASIC, new BasicSchemeFactory())
.register(AuthSchemes.DIGEST, new DigestSchemeFactory())
.build();
CloseableHttpClient client = HttpClients.custom()
.setDefaultAuthSchemeRegistry(r)
.build();
这是强制HttpClient基于每个请求强制选择基于NTLM的BASIC的方法
This is how one can force HttpClient to choose BASIC over NTLM on a per request basis
RequestConfig config = RequestConfig.custom()
.setTargetPreferredAuthSchemes(Arrays.asList(AuthSchemes.BASIC, AuthSchemes.NTLM))
.build();
HttpGet get = new HttpGet("/");
get.setConfig(config);
这篇关于在Apache HttpClient 4.3.6上禁用NTLM的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!