<\/p>\n
<\/a> <\/a><\/p>\n \u4efb\u4f55\u7528\u6237\u8ba4\u8bc1\u7684\u8fc7\u7a0b\uff0c\u90fd\u9700\u8981\u4e00\u7cfb\u5217\u7684\u51ed\u8bc1\u6765\u786e\u5b9a\u7528\u6237\u7684\u8eab\u4efd\u3002\u6700\u7b80\u5355\u7684\u7528\u6237\u51ed\u8bc1\u53ef\u4ee5\u662f\u7528\u6237\u540d\u548c\u5bc6\u7801\u8fd9\u79cd\u5f62\u5f0f\u3002 \u8fd9\u4e2a\u7c7b\u5bf9\u4e8eHTTP\u6807\u51c6\u89c4\u8303\u4e2d\u5b9a\u4e49\u7684\u8ba4\u8bc1\u6a21\u5f0f\u6765\u8bf4\u5df2\u7ecf\u8db3\u591f\u4e86\u3002<\/p>\n \u4e0a\u8ff0\u4ee3\u7801\u4f1a\u5728\u63a7\u5236\u53f0\u8f93\u51fa\uff1a<\/p>\n \u4e0a\u8ff0\u4ee3\u7801\u8f93\u51fa\uff1a<\/p>\n <\/a><\/p>\n \u8bf7\u6ce8\u610f\uff1a\u4e00\u4e2a\u8ba4\u8bc1\u65b9\u6848\u53ef\u80fd\u662f\u6709\u72b6\u6001\u7684\uff0c\u56e0\u4e3a\u5b83\u53ef\u80fd\u6d89\u53ca\u5230\u4e00\u7cfb\u5217\u7684\u6311\u6218\/\u54cd\u5e94\u3002<\/p>\n HttpClient\u5b9e\u73b0\u4e86\u4e0b\u9762\u51e0\u79cd <\/a><\/p>\n \u51ed\u8bc1providers\u65e8\u5728\u7ef4\u62a4\u4e00\u5957\u7528\u6237\u7684\u51ed\u8bc1\uff0c\u5f53\u9700\u8981\u67d0\u79cd\u7279\u5b9a\u7684\u51ed\u8bc1\u65f6\uff0cproviders\u5c31\u5e94\u8be5\u80fd\u4ea7\u751f\u8fd9\u79cd\u51ed\u8bc1\u3002\u8ba4\u8bc1\u7684\u5177\u4f53\u5185\u5bb9\u5305\u62ec\u4e3b\u673a\u540d\u3001\u7aef\u53e3\u53f7\u3001realm name\u548c\u8ba4\u8bc1\u65b9\u6848\u540d\u3002\u5f53\u4f7f\u7528\u51ed\u636eprovider\u7684\u65f6\u5019\uff0c\u6211\u4eec\u53ef\u4ee5\u5f88\u6a21\u7cca\u7684\u6307\u5b9a\u4e3b\u673a\u540d\u3001\u7aef\u53e3\u53f7\u3001realm\u548c\u8ba4\u8bc1\u65b9\u6848\uff0c\u4e0d\u7528\u5199\u7684\u5f88\u7cbe\u786e\u3002\u56e0\u4e3a\uff0c\u51ed\u636eprovider\u4f1a\u6839\u636e\u6211\u4eec\u6307\u5b9a\u7684\u5185\u5bb9\uff0c\u7b5b\u9009\u51fa\u4e00\u4e2a\u6700\u5339\u914d\u7684\u65b9\u6848\u3002<\/p>\n \u53ea\u8981\u6211\u4eec\u81ea\u5b9a\u4e49\u7684\u51ed\u636eprovider\u5b9e\u73b0\u4e86 \u4e0a\u9762\u4ee3\u7801\u8f93\u51fa\uff1a<\/p>\n <\/a><\/p>\n HttpClient\u4f9d\u8d56 \u5728Http\u8bf7\u6c42\u6267\u884c\u8fc7\u7a0b\u4e2d\uff0cHttpClient\u4f1a\u5411\u6267\u884c\u4e0a\u4e0b\u6587\u4e2d\u6dfb\u52a0\u4e0b\u9762\u7684\u6388\u6743\u5bf9\u8c61\uff1a<\/p>\n \u6211\u4eec\u53ef\u4ee5\u5728\u8bf7\u6c42\u6267\u884c\u524d\uff0c\u81ea\u5b9a\u4e49\u672c\u5730 <\/a><\/p>\n \u4ece\u7248\u672c4.1\u5f00\u59cb\uff0cHttpClient\u5c31\u4f1a\u81ea\u52a8\u7f13\u5b58\u9a8c\u8bc1\u901a\u8fc7\u7684\u8ba4\u8bc1\u4fe1\u606f\u3002\u4f46\u662f\u4e3a\u4e86\u4f7f\u7528\u8fd9\u4e2a\u7f13\u5b58\u7684\u8ba4\u8bc1\u4fe1\u606f\uff0c\u6211\u4eec\u5fc5\u987b\u5728\u540c\u4e00\u4e2a\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u903b\u8f91\u76f8\u5173\u7684\u8bf7\u6c42\u3002\u4e00\u65e6\u8d85\u51fa\u8be5\u4e0a\u4e0b\u6587\u7684\u4f5c\u7528\u8303\u56f4\uff0c\u7f13\u5b58\u7684\u8ba4\u8bc1\u4fe1\u606f\u5c31\u4f1a\u5931\u6548\u3002<\/p>\n <\/a><\/p>\n HttpClient\u9ed8\u8ba4\u4e0d\u652f\u6301\u62a2\u5148\u8ba4\u8bc1\uff0c\u56e0\u4e3a\u4e00\u65e6\u62a2\u5148\u8ba4\u8bc1\u88ab\u8bef\u7528\u6216\u8005\u9519\u7528\uff0c\u4f1a\u5bfc\u81f4\u4e00\u7cfb\u5217\u7684\u5b89\u5168\u95ee\u9898\uff0c\u6bd4\u5982\u4f1a\u628a\u7528\u6237\u7684\u8ba4\u8bc1\u4fe1\u606f\u4ee5\u660e\u6587\u7684\u65b9\u5f0f\u53d1\u9001\u7ed9\u672a\u6388\u6743\u7684\u7b2c\u4e09\u65b9\u670d\u52a1\u5668\u3002\u56e0\u6b64\uff0c\u9700\u8981\u7528\u6237\u81ea\u5df1\u6839\u636e\u81ea\u5df1\u5e94\u7528\u7684\u5177\u4f53\u73af\u5883\u6765\u8bc4\u4f30\u62a2\u5148\u8ba4\u8bc1\u5e26\u6765\u7684\u597d\u5904\u548c\u5e26\u6765\u7684\u98ce\u9669\u3002<\/p>\n \u5373\u4f7f\u5982\u6b64\uff0cHttpClient\u8fd8\u662f\u5141\u8bb8\u6211\u4eec\u901a\u8fc7\u914d\u7f6e\u6765\u542f\u7528\u62a2\u5148\u8ba4\u8bc1\uff0c\u65b9\u6cd5\u662f\u63d0\u524d\u586b\u5145\u8ba4\u8bc1\u4fe1\u606f\u7f13\u5b58\u5230\u4e0a\u4e0b\u6587\u4e2d\uff0c\u8fd9\u6837\uff0c\u4ee5\u8fd9\u4e2a\u4e0a\u4e0b\u6587\u6267\u884c\u7684\u65b9\u6cd5\uff0c\u5c31\u4f1a\u4f7f\u7528\u62a2\u5148\u8ba4\u8bc1\u3002<\/p>\n <\/a><\/p>\n \u4ece\u7248\u672c4.1\u5f00\u59cb\uff0cHttpClient\u5c31\u5168\u9762\u652f\u6301NTLMv1\u3001NTLMv2\u548cNTLM2\u8ba4\u8bc1\u3002\u5f53\u4eba\u6211\u4eec\u53ef\u4ee5\u4ecd\u65e7\u4f7f\u7528\u5916\u90e8\u7684NTLM\u5f15\u64ce\uff08\u6bd4\u5982Samba\u5f00\u53d1\u7684JCIFS\u5e93\uff09\u4f5c\u4e3a\u4e0eWindows\u4e92\u64cd\u4f5c\u6027\u7a0b\u5e8f\u7684\u4e00\u90e8\u5206\u3002<\/p>\n <\/a><\/p>\n \u76f8\u6bd4 \u7531\u4e8eNTLM\u8fde\u63a5\u662f\u6709\u72b6\u6001\u7684\uff0c\u4e00\u822c\u63a8\u8350\u4f7f\u7528\u6bd4\u8f83\u8f7b\u91cf\u7ea7\u7684\u65b9\u6cd5\u6765\u5904\u7f5aNTLM\u8ba4\u8bc1\uff08\u5982GET\u3001Head\u65b9\u6cd5\uff09\uff0c\u7136\u540e\u4f7f\u7528\u8fd9\u4e2a\u5df2\u7ecf\u5efa\u7acb\u7684\u8fde\u63a5\u5728\u6267\u884c\u76f8\u5bf9\u91cd\u91cf\u7ea7\u7684\u65b9\u6cd5\uff0c\u5c24\u5176\u662f\u9700\u8981\u9644\u4ef6\u8bf7\u6c42\u5b9e\u4f53\u7684\u8bf7\u6c42\uff08\u5982POST\u3001PUT\u8bf7\u6c42\uff09\u3002<\/p>\n <\/a><\/p>\n SPNEGO(Simple and Protected GSSAPI Megotiation Mechanism\uff09\uff0c\u5f53\u53cc\u65b9\u5747\u4e0d\u77e5\u9053\u5bf9\u65b9\u80fd\u4f7f\u7528\/\u63d0\u4f9b\u4ec0\u4e48\u534f\u8bae\u7684\u60c5\u51b5\u4e0b\uff0c\u53ef\u4ee5\u4f7f\u7528SP\u8ba4\u8bc1\u534f\u8bae\u3002\u8fd9\u79cd\u534f\u8bae\u5728Kerberos\u8ba4\u8bc1\u65b9\u6848\u4e2d\u7ecf\u5e38\u4f7f\u7528\u3002It can wrap other mechanisms, however the current version in HttpClient is designed solely with Kerberos in mind.<\/p>\n <\/a><\/p>\n SPNEGO\u8ba4\u8bc1\u65b9\u6848\u517c\u5bb9Sun java 1.5\u53ca\u4ee5\u4e0a\u7248\u672c\u3002\u4f46\u662f\u5f3a\u70c8\u63a8\u8350jdk1.6\u4ee5\u4e0a\u3002Sun\u7684JRE\u63d0\u4f9b\u7684\u7c7b\u5c31\u5df2\u7ecf\u51e0\u4e4e\u5b8c\u5168\u53ef\u4ee5\u5904\u7406Kerberos\u548cSPNEGO token\u3002\u8fd9\u5c31\u610f\u5473\u7740\uff0c\u9700\u8981\u8bbe\u7f6e\u5f88\u591a\u7684GSS\u7c7b\u3002 \u6700\u597d\u7684\u5f00\u59cb\u65b9\u6cd5\u5c31\u662f\u4ece\u793a\u4f8b\u7a0b\u5e8f\u4e2d\u627e\u5230 \u5728Windows\u7cfb\u7edf\u4e2d\uff0c\u5e94\u8be5\u9ed8\u8ba4\u4f7f\u7528\u7528\u6237\u7684\u767b\u9646\u51ed\u636e;\u5f53\u7136\u6211\u4eec\u4e5f\u53ef\u4ee5\u4f7f\u7528 \u786e\u4fdd\u5728krb5.conf\u6587\u4ef6\u4e2d\u5217\u51fa <\/a><\/p>\n \u4e0b\u9762\u7684\u8fd9\u4efd\u6587\u6863\u662f\u9488\u5bf9Windows\u7cfb\u7edf\u7684\uff0c\u4f46\u662f\u5f88\u591a\u4fe1\u606f\u540c\u6837\u9002\u5408Unix\u3002<\/p>\n <\/a><\/p>\n \u4e0b\u9762\u662f\u4e00\u4e2a\u57fa\u672c\u7684login.conf\u6587\u4ef6\uff0c\u4f7f\u7528\u4e8eWindows\u5e73\u53f0\u7684IIS\u548cJBoss Negotiation\u6a21\u5757\u3002<\/p>\n \u7cfb\u7edf\u914d\u7f6e\u6587\u4ef6
\nHttpClient\u65e2\u652f\u6301HTTP\u6807\u51c6\u89c4\u8303\u5b9a\u4e49\u7684\u8ba4\u8bc1\u6a21\u5f0f\uff0c\u53c8\u652f\u6301\u4e00\u4e9b\u5e7f\u6cdb\u4f7f\u7528\u7684\u975e\u6807\u51c6\u8ba4\u8bc1\u6a21\u5f0f\uff0c\u6bd4\u5982NTLM\u548cSPNEGO\u3002<\/p>\n4.1.\u7528\u6237\u51ed\u8bc1<\/h2>\n
UsernamePasswordCredentials<\/code>\u8fd9\u4e2a\u7c7b\u53ef\u4ee5\u7528\u6765\u8868\u793a\u8fd9\u79cd\u60c5\u51b5\uff0c\u8fd9\u79cd\u51ed\u636e\u5305\u542b\u660e\u6587\u7684\u7528\u6237\u540d\u548c\u5bc6\u7801\u3002<\/p>\n UsernamePasswordCredentials creds = new UsernamePasswordCredentials(\"user\", \"pwd\");\n System.out.println(creds.getUserPrincipal().getName());\n System.out.println(creds.getPassword());\n<\/code><\/pre>\n user\n pwd\n<\/code><\/pre>\nNTCredentials<\/code>\u662f\u5fae\u8f6f\u7684windows\u7cfb\u7edf\u4f7f\u7528\u7684\u4e00\u79cd\u51ed\u636e\uff0c\u5305\u542busername\u3001password\uff0c\u8fd8\u5305\u62ec\u4e00\u7cfb\u5217\u5176\u4ed6\u7684\u5c5e\u6027\uff0c\u6bd4\u5982\u7528\u6237\u6240\u5728\u7684\u57df\u540d\u3002\u5728Microsoft Windows\u7684\u7f51\u7edc\u73af\u5883\u4e2d\uff0c\u540c\u4e00\u4e2a\u7528\u6237\u53ef\u4ee5\u5c5e\u4e8e\u4e0d\u540c\u7684\u57df\uff0c\u6240\u4ee5\u4ed6\u4e5f\u5c31\u6709\u4e0d\u540c\u7684\u51ed\u636e\u3002<\/p>\n NTCredentials creds = new NTCredentials(\"user\", \"pwd\", \"workstation\", \"domain\");\n System.out.println(creds.getUserPrincipal().getName());\n System.out.println(creds.getPassword());\n<\/code><\/pre>\n DOMAIN\/user\n pwd\n<\/code><\/pre>\n4.2. \u8ba4\u8bc1\u65b9\u6848<\/h2>\n
AutoScheme<\/code>\u63a5\u53e3\u8868\u793a\u4e00\u4e2a\u62bd\u8c61\u7684\u9762\u5411\u6311\u6218\/\u54cd\u5e94\u7684\u8ba4\u8bc1\u65b9\u6848\u3002\u4e00\u4e2a\u8ba4\u8bc1\u65b9\u6848\u8981\u652f\u6301\u4e0b\u9762\u7684\u529f\u80fd\uff1a<\/p>\n\n
AutoScheme<\/code>:<\/p>\n\n
4.3. \u51ed\u8bc1 provider<\/h2>\n
CredentialsProvider<\/code>\u8fd9\u4e2a\u63a5\u53e3\uff0c\u5c31\u53ef\u4ee5\u5728HttpClient\u4e2d\u4f7f\u7528\u3002\u9ed8\u8ba4\u7684\u51ed\u636eprovider\u53eb\u505aBasicCredentialsProvider<\/code>\uff0c\u5b83\u4f7f\u7528java.util.HashMap<\/code>\u5bf9CredentialsProvider<\/code>\u8fdb\u884c\u4e86\u7b80\u5355\u7684\u5b9e\u73b0\u3002<\/p>\n CredentialsProvider credsProvider = new BasicCredentialsProvider();\n credsProvider.setCredentials(\n new AuthScope(\"somehost\", AuthScope.ANY_PORT), \n new UsernamePasswordCredentials(\"u1\", \"p1\"));\n credsProvider.setCredentials(\n new AuthScope(\"somehost\", 8080), \n new UsernamePasswordCredentials(\"u2\", \"p2\"));\n credsProvider.setCredentials(\n new AuthScope(\"otherhost\", 8080, AuthScope.ANY_REALM, \"ntlm\"), \n new UsernamePasswordCredentials(\"u3\", \"p3\"));\n\n System.out.println(credsProvider.getCredentials(\n new AuthScope(\"somehost\", 80, \"realm\", \"basic\")));\n System.out.println(credsProvider.getCredentials(\n new AuthScope(\"somehost\", 8080, \"realm\", \"basic\")));\n System.out.println(credsProvider.getCredentials(\n new AuthScope(\"otherhost\", 8080, \"realm\", \"basic\")));\n System.out.println(credsProvider.getCredentials(\n new AuthScope(\"otherhost\", 8080, null, \"ntlm\")));\n<\/code><\/pre>\n [principal: u1]\n [principal: u2]\n null\n [principal: u3]\n<\/code><\/pre>\n4.4.HTTP\u6388\u6743\u548c\u6267\u884c\u4e0a\u4e0b\u6587<\/h2>\n
AuthState<\/code>\u7c7b\u53bb\u8ddf\u8e2a\u8ba4\u8bc1\u8fc7\u7a0b\u4e2d\u7684\u72b6\u6001\u7684\u8be6\u7ec6\u4fe1\u606f\u3002\u5728Http\u8bf7\u6c42\u8fc7\u7a0b\u4e2d\uff0cHttpClient\u521b\u5efa\u4e24\u4e2aAuthState<\/code>\u5b9e\u4f8b\uff1a\u4e00\u4e2a\u7528\u4e8e\u76ee\u6807\u670d\u52a1\u5668\u8ba4\u8bc1\uff0c\u4e00\u4e2a\u7528\u4e8e\u4ee3\u7406\u670d\u52a1\u5668\u8ba4\u8bc1\u3002\u5982\u679c\u670d\u52a1\u5668\u6216\u8005\u4ee3\u7406\u670d\u52a1\u5668\u9700\u8981\u7528\u6237\u7684\u6388\u6743\u4fe1\u606f\uff0cAuthScope<\/code>\u3001AutoScheme<\/code>\u548c\u8ba4\u8bc1\u4fe1\u606f\u5c31\u4f1a\u88ab\u586b\u5145\u5230\u4e24\u4e2aAuthScope<\/code>\u5b9e\u4f8b\u4e2d\u3002\u901a\u8fc7\u5bf9AutoState<\/code>\u7684\u68c0\u6d4b\uff0c\u6211\u4eec\u53ef\u4ee5\u786e\u5b9a\u8bf7\u6c42\u7684\u6388\u6743\u7c7b\u578b\uff0c\u786e\u5b9a\u662f\u5426\u6709\u5339\u914d\u7684AuthScheme<\/code>\uff0c\u786e\u5b9a\u51ed\u636eprovider\u6839\u636e\u6307\u5b9a\u7684\u6388\u6743\u7c7b\u578b\u662f\u5426\u6210\u529f\u751f\u6210\u4e86\u7528\u6237\u7684\u6388\u6743\u4fe1\u606f\u3002<\/p>\n\n
Lookup<\/code>\u5bf9\u8c61\uff0c\u8868\u793a\u4f7f\u7528\u7684\u8ba4\u8bc1\u65b9\u6848\u3002\u8fd9\u4e2a\u5bf9\u8c61\u7684\u503c\u53ef\u4ee5\u5728\u672c\u5730\u4e0a\u4e0b\u6587\u4e2d\u8fdb\u884c\u8bbe\u7f6e\uff0c\u6765\u8986\u76d6\u9ed8\u8ba4\u503c\u3002<\/li>\nCredentialsProvider<\/code>\u5bf9\u8c61\uff0c\u8868\u793a\u8ba4\u8bc1\u65b9\u6848provider\uff0c\u8fd9\u4e2a\u5bf9\u8c61\u7684\u503c\u53ef\u4ee5\u5728\u672c\u5730\u4e0a\u4e0b\u6587\u4e2d\u8fdb\u884c\u8bbe\u7f6e\uff0c\u6765\u8986\u76d6\u9ed8\u8ba4\u503c\u3002<\/li>\nAuthState<\/code>\u5bf9\u8c61\uff0c\u8868\u793a\u76ee\u6807\u670d\u52a1\u5668\u7684\u8ba4\u8bc1\u72b6\u6001\uff0c\u8fd9\u4e2a\u5bf9\u8c61\u7684\u503c\u53ef\u4ee5\u5728\u672c\u5730\u4e0a\u4e0b\u6587\u4e2d\u8fdb\u884c\u8bbe\u7f6e\uff0c\u6765\u8986\u76d6\u9ed8\u8ba4\u503c\u3002<\/li>\nAuthState<\/code>\u5bf9\u8c61\uff0c\u8868\u793a\u4ee3\u7406\u670d\u52a1\u5668\u7684\u8ba4\u8bc1\u72b6\u6001\uff0c\u8fd9\u4e2a\u5bf9\u8c61\u7684\u503c\u53ef\u4ee5\u5728\u672c\u5730\u4e0a\u4e0b\u6587\u4e2d\u8fdb\u884c\u8bbe\u7f6e\uff0c\u6765\u8986\u76d6\u9ed8\u8ba4\u503c\u3002<\/li>\nAuthCache<\/code>\u5bf9\u8c61\uff0c\u8868\u793a\u8ba4\u8bc1\u6570\u636e\u7684\u7f13\u5b58\uff0c\u8fd9\u4e2a\u5bf9\u8c61\u7684\u503c\u53ef\u4ee5\u5728\u672c\u5730\u4e0a\u4e0b\u6587\u4e2d\u8fdb\u884c\u8bbe\u7f6e\uff0c\u6765\u8986\u76d6\u9ed8\u8ba4\u503c\u3002<\/li>\n<\/ul>\nHttpContext<\/code>\u5bf9\u8c61\u6765\u8bbe\u7f6e\u9700\u8981\u7684http\u8ba4\u8bc1\u4e0a\u4e0b\u6587;\u4e5f\u53ef\u4ee5\u5728\u8bf7\u6c42\u6267\u884c\u540e\uff0c\u518d\u68c0\u6d4bHttpContext<\/code>\u7684\u72b6\u6001\uff0c\u6765\u67e5\u770b\u6388\u6743\u662f\u5426\u6210\u529f\u3002<\/p>\n CloseableHttpClient httpclient = <...>\n\n CredentialsProvider credsProvider = <...>\n Lookup<AuthSchemeProvider> authRegistry = <...>\n AuthCache authCache = <...>\n\n HttpClientContext context = HttpClientContext.create();\n context.setCredentialsProvider(credsProvider);\n context.setAuthSchemeRegistry(authRegistry);\n context.setAuthCache(authCache);\n HttpGet httpget = new HttpGet(\"https:\/\/www.yeetrack.com\/\");\n CloseableHttpResponse response1 = httpclient.execute(httpget, context);\n <...>\n\n AuthState proxyAuthState = context.getProxyAuthState();\n System.out.println(\"Proxy auth state: \" + proxyAuthState.getState());\n System.out.println(\"Proxy auth scheme: \" + proxyAuthState.getAuthScheme());\n System.out.println(\"Proxy auth credentials: \" + proxyAuthState.getCredentials());\n AuthState targetAuthState = context.getTargetAuthState();\n System.out.println(\"Target auth state: \" + targetAuthState.getState());\n System.out.println(\"Target auth scheme: \" + targetAuthState.getAuthScheme());\n System.out.println(\"Target auth credentials: \" + targetAuthState.getCredentials());\n<\/code><\/pre>\n4.5. \u7f13\u5b58\u8ba4\u8bc1\u6570\u636e<\/h2>\n
4.6. \u62a2\u5148\u8ba4\u8bc1<\/h2>\n
CloseableHttpClient httpclient = <...>\n\n HttpHost targetHost = new HttpHost(\"localhost\", 80, \"http\");\n CredentialsProvider credsProvider = new BasicCredentialsProvider();\n credsProvider.setCredentials(\n new AuthScope(targetHost.getHostName(), targetHost.getPort()),\n new UsernamePasswordCredentials(\"username\", \"password\"));\n\n \/\/ \u521b\u5efa AuthCache \u5bf9\u8c61\n AuthCache authCache = new BasicAuthCache();\n \/\/\u521b\u5efa BasicScheme\uff0c\u5e76\u628a\u5b83\u6dfb\u52a0\u5230 auth cache\u4e2d\n BasicScheme basicAuth = new BasicScheme();\n authCache.put(targetHost, basicAuth);\n\n \/\/ \u628aAutoCache\u6dfb\u52a0\u5230\u4e0a\u4e0b\u6587\u4e2d\n HttpClientContext context = HttpClientContext.create();\n context.setCredentialsProvider(credsProvider);\n\n HttpGet httpget = new HttpGet(\"\/\");\n for (int i = 0; i < 3; i++) {\n CloseableHttpResponse response = httpclient.execute(\n targetHost, httpget, context);\n try {\n HttpEntity entity = response.getEntity();\n\n } finally {\n response.close();\n }\n }\n<\/code><\/pre>\n4.7. NTLM\u8ba4\u8bc1<\/h2>\n
4.7.1. NTLM\u8fde\u63a5\u6301\u4e45\u6027<\/h3>\n
Basic<\/code>\u548cDigest<\/code>\u8ba4\u8bc1\uff0cNTLM\u8ba4\u8bc1\u8981\u660e\u663e\u9700\u8981\u66f4\u591a\u7684\u8ba1\u7b97\u5f00\u9500\uff0c\u6027\u80fd\u5f71\u54cd\u4e5f\u6bd4\u8f83\u5927\u3002\u8fd9\u4e5f\u53ef\u80fd\u662f\u5fae\u8f6f\u628aNTLM\u534f\u8bae\u8bbe\u8ba1\u6210\u6709\u72b6\u6001\u8fde\u63a5\u7684\u4e3b\u8981\u539f\u56e0\u4e4b\u4e00\u3002\u4e5f\u5c31\u662f\u8bf4\uff0cNTLM\u8fde\u63a5\u4e00\u65e6\u5efa\u7acb\uff0c\u7528\u6237\u7684\u8eab\u4efd\u5c31\u4f1a\u5728\u5176\u6574\u4e2a\u751f\u547d\u5468\u671f\u548c\u5b83\u76f8\u5173\u8054\u3002NTLM\u8fde\u63a5\u7684\u72b6\u6001\u6027\u4f7f\u5f97\u8fde\u63a5\u6301\u4e45\u6027\u66f4\u52a0\u590d\u6742\uff0cThe stateful nature of NTLM connections makes connection persistence more complex, as for the obvious reason persistent NTLM connections may not be re-used by users with a different user identity. HttpClient\u4e2d\u6807\u51c6\u7684\u8fde\u63a5\u7ba1\u7406\u5668\u5c31\u53ef\u4ee5\u7ba1\u7406\u6709\u72b6\u6001\u7684\u8fde\u63a5\u3002\u4f46\u662f\uff0c\u540c\u4e00\u4f1a\u8bdd\u4e2d\u903b\u8f91\u76f8\u5173\u7684\u8bf7\u6c42\uff0c\u5fc5\u987b\u4f7f\u7528\u76f8\u540c\u7684\u6267\u884c\u4e0a\u4e0b\u6587\uff0c\u8fd9\u6837\u624d\u80fd\u4f7f\u7528\u7528\u6237\u7684\u8eab\u4efd\u4fe1\u606f\u3002\u5426\u5219\uff0cHttpClient\u5c31\u4f1a\u7ed3\u675f\u65e7\u7684\u8fde\u63a5\uff0c\u4e3a\u4e86\u83b7\u53d6\u88abNTLM\u534f\u8bae\u4fdd\u62a4\u7684\u8d44\u6e90\uff0c\u800c\u4e3a\u6bcf\u4e2aHTTP\u8bf7\u6c42\uff0c\u521b\u5efa\u4e00\u4e2a\u65b0\u7684Http\u8fde\u63a5\u3002\u66f4\u65b0\u5173\u4e8eHttp\u72b6\u6001\u8fde\u63a5\u7684\u4fe1\u606f\uff0c\u70b9\u51fb\u6b64\u5904<\/a>\u3002<\/p>\n CloseableHttpClient httpclient = <...>\n\n CredentialsProvider credsProvider = new BasicCredentialsProvider();\n credsProvider.setCredentials(AuthScope.ANY,\n new NTCredentials(\"user\", \"pwd\", \"myworkstation\", \"microsoft.com\"));\n\n HttpHost target = new HttpHost(\"www.microsoft.com\", 80, \"http\");\n\n \/\/\u4f7f\u7528\u76f8\u540c\u7684\u4e0a\u4e0b\u6587\u6765\u6267\u884c\u903b\u8f91\u76f8\u5173\u7684\u8bf7\u6c42\n HttpClientContext context = HttpClientContext.create();\n context.setCredentialsProvider(credsProvider);\n\n \/\/\u4f7f\u7528\u8f7b\u91cf\u7ea7\u7684\u8bf7\u6c42\u6765\u89e6\u53d1NTLM\u8ba4\u8bc1\n HttpGet httpget = new HttpGet(\"\/ntlm-protected\/info\");\n CloseableHttpResponse response1 = httpclient.execute(target, httpget, context);\n try {\n HttpEntity entity1 = response1.getEntity();\n } finally {\n response1.close();\n }\n\n \/\/\u4f7f\u7528\u76f8\u540c\u7684\u4e0a\u4e0b\u6587\uff0c\u6267\u884c\u91cd\u91cf\u7ea7\u7684\u65b9\u6cd5\n HttpPost httppost = new HttpPost(\"\/ntlm-protected\/form\");\n httppost.setEntity(new StringEntity(\"lots and lots of data\"));\n CloseableHttpResponse response2 = httpclient.execute(target, httppost, context);\n try {\n HttpEntity entity2 = response2.getEntity();\n } finally {\n response2.close();\n }\n<\/code><\/pre>\n4.8. SPNEGO\/Kerberos\u8ba4\u8bc1<\/h2>\n
4.8.1. \u5728HttpCient\u4e2d\u4f7f\u7528SPNEGO<\/h3>\n
SpnegoScheme<\/code>\u662f\u4e2a\u5f88\u7b80\u5355\u7684\u7c7b\uff0c\u53ef\u4ee5\u7528\u5b83\u6765handle marshalling the tokens and \u8bfb\u5199\u6b63\u786e\u7684\u5934\u6d88\u606f\u3002<\/p>\nKerberosHttpClient.java<\/code>\u8fd9\u4e2a\u6587\u4ef6\uff0c\u5c1d\u8bd5\u8ba9\u5b83\u8fd0\u884c\u8d77\u6765\u3002\u8fd0\u884c\u8fc7\u7a0b\u6709\u53ef\u80fd\u4f1a\u51fa\u73b0\u5f88\u591a\u95ee\u9898\uff0c\u4f46\u662f\u5982\u679c\u4eba\u54c1\u6bd4\u8f83\u9ad8\u53ef\u80fd\u4f1a\u987a\u5229\u4e00\u70b9\u3002\u8fd9\u4e2a\u6587\u4ef6\u4f1a\u63d0\u4f9b\u4e00\u4e9b\u8f93\u51fa\uff0c\u6765\u5e2e\u6211\u4eec\u8c03\u8bd5\u3002<\/p>\nkinit<\/code>\u6765\u8986\u76d6\u8fd9\u4e2a\u51ed\u636e\uff0c\u6bd4\u5982$JAVA_HOME\\bin\\kinit testuser@AD.EXAMPLE.NET<\/code>\uff0c\u8fd9\u5728\u6211\u4eec\u6d4b\u8bd5\u548c\u8c03\u8bd5\u7684\u65f6\u5019\u5c31\u663e\u5f97\u5f88\u6709\u7528\u4e86\u3002\u5982\u679c\u60f3\u7528\u56deWindows\u9ed8\u8ba4\u7684\u767b\u9646\u51ed\u636e\uff0c\u5220\u9664kinit\u521b\u5efa\u7684\u7f13\u5b58\u6587\u4ef6\u5373\u53ef\u3002<\/p>\ndomain_realms<\/code>\u3002\u8fd9\u80fd\u89e3\u51b3\u5f88\u591a\u4e0d\u5fc5\u8981\u7684\u95ee\u9898\u3002<\/p>\n4.8.2. \u4f7f\u7528GSS\/Java Kerberos<\/h3>\n
org.ietf.jgss<\/code>\u8fd9\u4e2a\u7c7b\u6709\u5f88\u591a\u7684\u914d\u7f6e\u53c2\u6570\uff0c\u8fd9\u4e9b\u53c2\u6570\u5927\u90e8\u5206\u90fd\u5728krb5.conf\/krb5.ini<\/code>\u6587\u4ef6\u4e2d\u914d\u7f6e\u3002\u66f4\u591a\u7684\u4fe1\u606f\uff0c\u53c2\u8003\u6b64\u5904<\/a>\u3002<\/p>\nlogin.conf\u6587\u4ef6<\/h4>\n
java.security.auth.login.config<\/code>\u53ef\u4ee5\u6307\u5b9alogin.conf<\/code>\u6587\u4ef6\u7684\u8def\u5f84\u3002
\nlogin.conf<\/code>\u7684\u5185\u5bb9\u53ef\u80fd\u4f1a\u662f\u4e0b\u9762\u7684\u6837\u5b50\uff1a<\/p>\n com.sun.security.jgss.login {\n com.sun.security.auth.module.Krb5LoginModule required client=TRUE useTicketCache=true;\n };\n\n com.sun.security.jgss.initiate {\n com.sun.security.auth.module.Krb5LoginModule required client=TRUE useTicketCache=true;\n };\n\n com.sun.security.jgss.accept {\n com.sun.security.auth.module.Krb5LoginModule required client=TRUE useTicketCache=true;\n };\n<\/code><\/pre>\n