All geek questions in one place

Sharepoint authentication with keberos from Java HttpClient

I have a linux \ java6 client that will authenticate to sharepoint2010 using NTLM and then send HTTP REST HTTP services using Apache Commons HttpClient .

I can do this using NTLM, but I want to use the same REST API to access sharepoint 2010, which uses kerberos auth.

Any examples of authenticating and sending REST over HTTP using sharepoint kerberos? (preferably using HttpClient )

ps I do not have access to the sharepoint code, but I have access to the sharepoint administrator settings. This is roughly how I authenticate with NTLM:

 HttpClient httpClient = new HttpClient(new SimpleHttpConnectionManager(true)); AuthPolicy.registerAuthScheme(AuthPolicy.NTLM, JCIFS_NTLMScheme.class); String localHostName = Inet4Address.getLocalHost().getHostName(); authscope = new AuthScope(uri.getHost(), AuthScope.ANY_PORT); httpClient.getState().setCredentials(authscope,new NTCredentials( getUsername(),getPassword(),localHostName,getDomain())); // after the initial ntlm auth I can call my REST service with "httpClient.executeMethod" int status = httpClient.executeMethod(new GetMethod(accessURI + "/sitecollection/info"));
+6
source share
1 answer

Please make sure your environment is configured correctly for Kerberos, this can be achieved by running kinit. If this fails, you need to make sure that your krb5.ini (windows) or krb5.conf (linux) is configured correctly on your domain controller.

Once you confirm that Kerberos is functional, you can use the sample code from HttpClient, as shown below.

Please note that there are many problems that can lead to Kerberos failure, for example, time synchronization, supported encryption types, trust relationships between domain forests, and it is also worth making sure that your client is on a separate box on the server.

Here is a sample code that is available in the HttpClient download, you need to make sure that your JAAS and krb5.conf or ini configurations are correct!

 public class ClientKerberosAuthentication { public static void main(String[] args) throws Exception { System.setProperty("java.security.auth.login.config", "login.conf"); System.setProperty("java.security.krb5.conf", "krb5.conf"); System.setProperty("sun.security.krb5.debug", "true"); System.setProperty("javax.security.auth.useSubjectCredsOnly","false"); DefaultHttpClient httpclient = new DefaultHttpClient(); try { httpclient.getAuthSchemes().register(AuthPolicy.SPNEGO, new SPNegoSchemeFactory()); Credentials use_jaas_creds = new Credentials() { public String getPassword() { return null; } public Principal getUserPrincipal() { return null; } }; httpclient.getCredentialsProvider().setCredentials( new AuthScope(null, -1, null), use_jaas_creds); HttpUriRequest request = new HttpGet("http://kerberoshost/"); HttpResponse response = httpclient.execute(request); HttpEntity entity = response.getEntity(); System.out.println("----------------------------------------"); System.out.println(response.getStatusLine()); System.out.println("----------------------------------------"); if (entity != null) { System.out.println(EntityUtils.toString(entity)); } System.out.println("----------------------------------------"); // This ensures the connection gets released back to the manager EntityUtils.consume(entity); } finally { // When HttpClient instance is no longer needed, // shut down the connection manager to ensure // immediate deallocation of all system resources httpclient.getConnectionManager().shutdown(); } } }
+3
source

Source: https://habr.com/ru/post/916463/

More articles:


All Articles