当前位置: 首页 > 知识库问答 >
问题:

Apache HttpClient v5.0在Windows上不使用NTLM进行身份验证

丁俊智
2023-03-14

我试图通过NTLM代理发出请求,如下所示:

try (CloseableHttpClient httpClient = WinHttpClients.createDefault()) {
    HttpHost target = HttpHost.create("http://example.com");
    HttpHost proxy = new HttpHost("http", "localhost", 80);
    RequestConfig config = RequestConfig.custom().setProxy(proxy).build();
    HttpGet request = new HttpGet("/");
    request.setConfig(config);
    try (CloseableHttpResponse response = httpClient.execute(target, request)) {
        StatusLine statusLine = new StatusLine(response);
        if (statusLine.getStatusCode() == HttpStatus.SC_OK) {
            System.out.println("Test OK");
        } else if (statusLine.getStatusCode() == HttpStatus.SC_PROXY_AUTHENTICATION_REQUIRED) {
            throw new CredentialException(statusLine.getReasonPhrase());
        }
    }
} catch (Exception e) {
    e.printStackTrace();
}

但它失败了,下面是日志:

[main] DEBUG org.apache.hc.client5.http.impl.classic.InternalHttpClient - ex-00000001: preparing request execution
[main] DEBUG org.apache.hc.client5.http.protocol.RequestAddCookies - Cookie spec selected: strict
[main] DEBUG org.apache.hc.client5.http.protocol.RequestAuthCache - Auth cache not set in the context
[main] DEBUG org.apache.hc.client5.http.impl.classic.ProtocolExec - ex-00000001: target auth state: UNCHALLENGED
[main] DEBUG org.apache.hc.client5.http.impl.classic.ProtocolExec - ex-00000001: proxy auth state: UNCHALLENGED
[main] DEBUG org.apache.hc.client5.http.impl.classic.ConnectExec - ex-00000001: acquiring connection with route {}->http://localhost:80->http://example.com:80
[main] DEBUG org.apache.hc.client5.http.impl.classic.InternalHttpClient - ex-00000001: acquiring endpoint (3 MINUTES)
[main] DEBUG org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager - ex-00000001: endpoint lease request (3 MINUTES) [route: {}->http://localhost:80->http://example.com:80][total available: 0; route allocated: 0 of 5; total allocated: 0 of 25]
[main] DEBUG org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager - ex-00000001: endpoint leased [route: {}->http://localhost:80->http://example.com:80][total available: 0; route allocated: 1 of 5; total allocated: 1 of 25]
[main] DEBUG org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager - ex-00000001: acquired ep-00000000
[main] DEBUG org.apache.hc.client5.http.impl.classic.InternalHttpClient - ex-00000001: acquired endpoint ep-00000000
[main] DEBUG org.apache.hc.client5.http.impl.classic.ConnectExec - ex-00000001: opening connection {}->http://localhost:80->http://example.com:80
[main] DEBUG org.apache.hc.client5.http.impl.classic.InternalHttpClient - ep-00000000: connecting endpoint (3 MINUTES)
[main] DEBUG org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager - ep-00000000: connecting endpoint to http://localhost:80 (3 MINUTES)
[main] DEBUG org.apache.hc.client5.http.impl.io.DefaultHttpClientConnectionOperator - http-outgoing-0: connecting to localhost/127.0.0.1:80
[main] DEBUG org.apache.hc.client5.http.impl.io.DefaultHttpClientConnectionOperator - http-outgoing-0: connection established 127.0.0.1:57194<->127.0.0.1:80
[main] DEBUG org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager - ep-00000000: connected http-outgoing-0
[main] DEBUG org.apache.hc.client5.http.impl.classic.InternalHttpClient - ep-00000000: endpoint connected
[main] DEBUG org.apache.hc.client5.http.impl.classic.MainClientExec - ex-00000001: executing GET http://example.com/ HTTP/1.1
[main] DEBUG org.apache.hc.client5.http.impl.classic.InternalHttpClient - ep-00000000: start execution ex-00000001
[main] DEBUG org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager - ep-00000000: executing exchange ex-00000001 over http-outgoing-0
[main] DEBUG org.apache.hc.client5.http.headers - http-outgoing-0 >> GET http://example.com/ HTTP/1.1
[main] DEBUG org.apache.hc.client5.http.headers - http-outgoing-0 >> Accept-Encoding: gzip, x-gzip, deflate
[main] DEBUG org.apache.hc.client5.http.headers - http-outgoing-0 >> Host: example.com
[main] DEBUG org.apache.hc.client5.http.headers - http-outgoing-0 >> User-Agent: Apache-HttpClient/5.0 (Java/1.8.0_222)
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 >> "GET http://example.com/ HTTP/1.1[\r][\n]"
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 >> "Accept-Encoding: gzip, x-gzip, deflate[\r][\n]"
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 >> "Host: example.com[\r][\n]"
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 >> "User-Agent: Apache-HttpClient/5.0 (Java/1.8.0_222)[\r][\n]"
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 >> "[\r][\n]"
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 << "HTTP/1.1 407 Proxy authorization required[\r][\n]"
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 << "Proxy-Authenticate: NTLM[\r][\n]"
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 << "Proxy-Authenticate: Basic realm="/", charset="UTF-8"[\r][\n]"
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 << "Proxy-Support: session-based-authentication[\r][\n]"
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 << "Cache-control: no-store, no-cache[\r][\n]"
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 << "Content-Type: text/html; charset=utf-8[\r][\n]"
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 << "Content-Length: 855[\r][\n]"
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 << "Date: Sun, 05 Apr 2020 06:15:20 GMT[\r][\n]"
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 << "Server: WinGate Engine[\r][\n]"
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 << "Connection: Keep-Alive[\r][\n]"
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 << "[\r][\n]"
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 << "<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><title>Proxy authorization required</title>[\r][\n]"
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 << "<style>[\r][\n]"
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 << "body { font-family:helvetica; font-size:11pt; color:#0071BB; margin:30px; padding:0px; }[\r][\n]"
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 << "h1 { color:#005395; margin:0px 0px 0px 0px; }[\r][\n]"
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 << "h2 { color:#005395; }[\r][\n]"
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 << "p { margin:6px 0px 6px 0px;}[\r][\n]"
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 << "p.footer { font-size:8pt; margin:3px 0px 0px 0px;}[\r][\n]"
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 << "b { font-weight:550; color:#7F7F7F; }[\r][\n]"
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 << "</style>[\r][\n]"
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 << "</head>[\r][\n]"
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 << "<body><h1>Proxy authorization required</h1>[\r][\n]"
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 << "<div style="margin:12px 0px 12px 0px; padding:12px 0px 12px 0px; min-height:300px; border-top:1px solid #0071BB; border-bottom:1px solid #0071BB;">You must authenticate to gain access to this resource</div>[\r][\n]"
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 << "<p class="footer"><a href="http://www.wingate.com">WinGate</a>&trade; &copy; Qbik New Zealand Limited 1995-2020[\r][\n]"
[main] DEBUG org.apache.hc.client5.http.wire - http-outgoing-0 << "</p></body></html>[\r][\n]"
[main] DEBUG org.apache.hc.client5.http.headers - http-outgoing-0 << HTTP/1.1 407 Proxy authorization required
[main] DEBUG org.apache.hc.client5.http.headers - http-outgoing-0 << Proxy-Authenticate: NTLM
[main] DEBUG org.apache.hc.client5.http.headers - http-outgoing-0 << Proxy-Authenticate: Basic realm="/", charset="UTF-8"
[main] DEBUG org.apache.hc.client5.http.headers - http-outgoing-0 << Proxy-Support: session-based-authentication
[main] DEBUG org.apache.hc.client5.http.headers - http-outgoing-0 << Cache-control: no-store, no-cache
[main] DEBUG org.apache.hc.client5.http.headers - http-outgoing-0 << Content-Type: text/html; charset=utf-8
[main] DEBUG org.apache.hc.client5.http.headers - http-outgoing-0 << Content-Length: 855
[main] DEBUG org.apache.hc.client5.http.headers - http-outgoing-0 << Date: Sun, 05 Apr 2020 06:15:20 GMT
[main] DEBUG org.apache.hc.client5.http.headers - http-outgoing-0 << Server: WinGate Engine
[main] DEBUG org.apache.hc.client5.http.headers - http-outgoing-0 << Connection: Keep-Alive
[main] DEBUG org.apache.hc.client5.http.impl.classic.MainClientExec - ex-00000001: connection can be kept alive for 3 MINUTES
[main] DEBUG org.apache.hc.client5.http.impl.classic.ProtocolExec - Authentication required
[main] DEBUG org.apache.hc.client5.http.impl.classic.ProtocolExec - localhost:80 requested authentication
[main] DEBUG org.apache.hc.client5.http.impl.DefaultAuthenticationStrategy - Authentication schemes in the order of preference: [Negotiate, Kerberos, NTLM, Digest, Basic]
[main] DEBUG org.apache.hc.client5.http.impl.DefaultAuthenticationStrategy - Challenge for Negotiate authentication scheme not available
[main] DEBUG org.apache.hc.client5.http.impl.DefaultAuthenticationStrategy - Challenge for Kerberos authentication scheme not available
[main] DEBUG org.apache.hc.client5.http.impl.win.WindowsNegotiateScheme - Created WindowsNegotiateScheme using NTLM
[main] DEBUG org.apache.hc.client5.http.impl.DefaultAuthenticationStrategy - Challenge for Digest authentication scheme not available
[main] WARN org.apache.hc.client5.http.impl.classic.ProtocolExec - Missing auth challenge
[main] DEBUG org.apache.hc.client5.http.impl.io.DefaultManagedHttpClientConnection - http-outgoing-0: close connection GRACEFUL
[main] DEBUG org.apache.hc.client5.http.impl.classic.InternalHttpClient - ep-00000000: endpoint closed
[main] DEBUG org.apache.hc.client5.http.impl.classic.InternalHttpClient - ep-00000000: endpoint closed
[main] DEBUG org.apache.hc.client5.http.impl.classic.InternalHttpClient - ep-00000000: discarding endpoint
[main] DEBUG org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager - ep-00000000: releasing endpoint
[main] DEBUG org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager - ep-00000000: connection released [route: {}->http://localhost:80->http://example.com:80][total available: 0; route allocated: 0 of 5; total allocated: 0 of 25]
[main] DEBUG org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager - Shutdown connection pool GRACEFUL
[main] DEBUG org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager - Connection pool shut down
javax.security.auth.login.CredentialException: Proxy authorization required
    at org.kpax.http_client_5_testing.App.main(App.java:47)

环境类

  • 操作系统:Windows 10
  • JRE: AdoptOpenJdk v11
  • 代理类型:NTLM(Wingate)

问题上面的代码有问题吗?

Obs相同的代码适用于Apache Http客户端v4.5.12

共有1个答案

周瀚
2023-03-14

这是一个小错误,现已解决,适用于v5.0.1。

 类似资料:
  • 要做什么? 我们在 Sharepoint(企业)服务器上部署了一个应用程序,该应用程序使用 Windows 凭据登录到该应用程序。 > 应用程序URL格式:http://testmachine:1000/sites/test/ 视窗凭据格式: user_id@domain.co.in 目标是为如此数量的用户在应用程序上执行负载/性能测试(尤其是登录功能)。 通常,当我在Firefox/IE中点击应

  • 我有一个.NETWCF客户端与Java服务器组件进行对话。服务器端身份验证通过配置为反向代理的中间Apache服务器完成。 NET客户端的配置如下: Apache配置为需要Kerveros身份验证: 如果我在Windows 7上启动我的应用程序,一切都按预期工作:. NET客户端使用Kerberos,Apache验证客户端,我可以使用Spring Security性访问客户端凭据。 如果我在Win

  • 我需要使用 JDBC 连接到使用 Windows 身份验证的 SQL Server,其中我提供了连接字符串中的用户名和密码。这可以通过Windows身份验证实现吗? 我已经用JTDS和msql-jdbc尝试过这个,但无法让它工作。 我已经尝试了用户名和域的各种组合,但通常得到这样的东西: 019-01-18 14:15:31错误com.pts.demo.service.JdbcService-用户

  • 我正在尝试使与和一起工作。我试着按照spring-boot-sample-secure和spring-boot-sample-web-secure中的指南去做,但是我没有让它起作用。 我正在尝试构建一个没有任何ui交互的REST应用程序。因此,我发现这两个样品都不完全适合我的目的。目前我的解决方案是使用AOP。 解决方案对我有效。然而,我想知道这是否是一个好的解决方案。我很好奇是否有更好的解决办法

  • 问题内容: 我想在我的Java应用程序中使用Windows NTLM认证来透明地认证Intranet用户。如果使用浏览器(单点登录),用户将不会注意到任何身份验证。 我发现了一些具有NTLM支持的库,但是不知道要使用哪个库: http://spnego.sourceforge.net/ http://sourceforge.net/projects/ntlmv2auth/ http://jcifs

  • 问题内容: 尝试使用JavaMail中的NTLM连接到Exchange服务器。我可以连接到SMTP,但不能连接到IMAP。我还可以使用相同的主机/用户名/密码通过OS X Mail.app应用程序进行身份验证,帐户类型=“ IMAP”,端口143,ssl = false,authentication = NTLM,域名=“。 连接代码: 输出: 我尝试通过http://www.oracle.com