问题
I'm trying to do simple REST calls on a Sharepoint 2010 server that uses SSL encryption (https), as well as NTLM authentication. When the server is set up to not require SSL (just for testing, the server will require SSL in production), my NTLM authentication and subsequent REST calls work fine using HttpClient. However, when SSL is enabled, the authentication no longer works.
Here's the code for the SSL handling (set to accept all certs):
SSLContext sslContext = SSLContext.getInstance("TLS");
// set up a TrustManager that trusts everything
sslContext.init(null, new TrustManager[] { new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(X509Certificate[] certs,
String authType) { }
public void checkServerTrusted(X509Certificate[] certs,
String authType) { }
} }, new SecureRandom());
SSLSocketFactory sf = new SSLSocketFactory(sslContext, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
Scheme httpsScheme = new Scheme("https", 443, sf);
SchemeRegistry schemeRegistry = new SchemeRegistry();
schemeRegistry.register(httpsScheme);
ClientConnectionManager cm = new SingleClientConnManager(schemeRegistry);
Followed by the code to do NTML and the HTTP GET call:
HttpParams params = new BasicHttpParams();
DefaultHttpClient httpclient = new DefaultHttpClient(cm, params);
// Set up the NTLM credentials
NTCredentials creds = new NTCredentials(USERNAME, PASSWORD, MACHINE, DOMAIN);
httpclient.getCredentialsProvider().setCredentials(AuthScope.ANY, creds);
// Setup the HTTP GET and execute it
HttpHost target = new HttpHost(HOSTNAME, 443, "https");
HttpContext localContext = new BasicHttpContext();
HttpGet httpget = new HttpGet("/site/_vti_bin/ListData.svc/TestList");
HttpResponse response1 = httpclient.execute(target, httpget, localContext);
The response I always get back is:
HTTP/1.1 400 Bad Request
The server encountered an error processing the request. See server logs for more details.
Note that I've used FireFox Poster and CURL to do the same thing I'm trying to do here programmatically, and it works fine. So the server appears to be set up correctly.
Thanks for your time!
回答1:
Documenting this for other who may have this problem.
The problem was that the IIS server was set to allow anonymous logins. Apparently, there's a bug where if this is set, any REST or SOAP connections to sharepoint instances under that installation will not succeed. It appeared as though the string "anonymous" was being added to the REST/SOAP URLs, which of course, made it point to a nonexistent service. After we turned off allowing anonymous login on the IIS instance, the calls worked.
回答2:
My guess is that NTLM authentication fails due to SSL connections not being persistent. NTLM scheme requires multiple message exchanges and can function with persistent connections only.
If you post a wire / context log of the HTTP session (either here or to httpclient-users list) I should be able to tell why SSL connections do not stay up.
来源:https://stackoverflow.com/questions/9714615/httpclient-using-both-ssl-encryption-and-ntlm-authentication-fails