Hallo
Wir haben ein Problem eine JavaWebStart Anwendung und zwar gelingt keine Autentifizierung im Kontext von Windows-Systemen + Proxy-Server mit NTLM-Authentifizierung. Für Java scheint keine einheitliche Methode für eine entsprechende Authentifizierung zu existieren.
Wir versuchen mit folgendem Code die NTLM Authentifizierung zu verarbeiten:
httpClient.getParams().setParameter(CredentialsProvider.PROVIDER, new FrameAuthPrompter(view));
wobei die Class FrameAuthPrompter eine Interface Implementierung von org.apache.commons.httpclient.auth.CredentialsProvider ist.
Bei einem Nachgestelltem internen Testscenario wird der NTLM Proxy als solches erkannt und eine Aufforderung zum Authentifizierung wird auch korrekt angezeigt, leider geht es dann nicht weiter trotz richtiger Eingabe der Domaine, username und Passwort. Die Authentifizierungsdaten werden immer wieder angefordert.
Unten finden Sie auch das Protokoll.
Wir haben verschiedene Ansätze ausprobiert, also auch mit com.sun.security.auth.NTUserPrincipal es hat aber nicht geholfen.
Wir brauchen hinsichtlich dieser Problematik einen Hinweis auf dem wir ansetzen können.
Protokol
[04 Mrz 2011 12:25:21,179] [DEBUG] [httpclient.wire.header] << "Proxy-Connection: close[\r][\n]"
[04 Mrz 2011 12:25:21,179] [DEBUG] [org.apache.commons.httpclient.auth.AuthChallengeProcessor] Supported authentication schemes in the order of preference: [ntlm, digest, basic]
[04 Mrz 2011 12:25:21,179] [ INFO] [org.apache.commons.httpclient.auth.AuthChallengeProcessor] ntlm authentication scheme selected
[04 Mrz 2011 12:25:21,179] [DEBUG] [org.apache.commons.httpclient.auth.AuthChallengeProcessor] Using authentication scheme: ntlm
[04 Mrz 2011 12:25:21,179] [DEBUG] [org.apache.commons.httpclient.auth.AuthChallengeProcessor] Authorization challenge processed
[04 Mrz 2011 12:25:21,179] [DEBUG] [org.apache.commons.httpclient.HttpMethodDirector] Proxy authentication scope: NTLM <any realm>@webtitan:3128
[04 Mrz 2011 12:25:21,179] [DEBUG] [org.apache.commons.httpclient.HttpState] enter HttpState.getProxyCredentials(AuthScope)
[04 Mrz 2011 12:25:21,179] [DEBUG] [org.apache.commons.httpclient.HttpMethodDirector] Proxy credentials required
[04 Mrz 2011 12:25:35,226] [DEBUG] [org.apache.commons.httpclient.HttpState] enter HttpState.setProxyCredentials(AuthScope, Credentials)
[04 Mrz 2011 12:25:35,226] [DEBUG] [org.apache.commons.httpclient.HttpMethodDirector] NTLM <any realm>@webtitan:3128 new credentials given
[04 Mrz 2011 12:25:35,226] [DEBUG] [org.apache.commons.httpclient.HttpMethodDirector] Retry authentication
[04 Mrz 2011 12:25:35,226] [DEBUG] [httpclient.wire.content] << "<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/tr/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head><title>WebTitan: Access Denied</title><style type="text/css">body { background: #fff; }img { margin: 0 0 24px 0; }h1 { font: 21px arial, sans-serif; color: #900; margin: 15px 0 30px 0; }h2 { font: 15px arial, sans-serif; color: #000; margin: 18px 0 9px 0; }div.a { background: #eee; padding: 12px; }div.a p { margin: 0; }p { font: 13px arial, sans-serif; color: #111; margin: 0 0 9px 0; line-height: 15px; }</style></head><body><div style="margin: 0 auto;width:600px;"><h1>Access Denied</h1><h2>You have attempted to access the following web page:</h2><div class="a" style="word-wrap:break-word"><p><a href="http://seegurke.dimdi.de/signsrv/signserverc">http://seegurke.dimdi.de/signsrv/signserverc</a></p></div><h2>Access has been blocked because:</h2><div class="a"><p>Authentication failed - username or password incorrect</p><"
[04 Mrz 2011 12:25:35,226] [DEBUG] [httpclient.wire.content] << "/div><br><p>Management have deemed that access to this web page is inappropriate at this time. Please contact your supervisor if you feel that this is incorrect.</p></body></html>"
[04 Mrz 2011 12:25:35,226] [DEBUG] [org.apache.commons.httpclient.HttpMethodBase] Should close connection in response to directive: close
[04 Mrz 2011 12:25:35,226] [DEBUG] [org.apache.commons.httpclient.HttpConnection] enter HttpConnection.close()
[04 Mrz 2011 12:25:35,226] [DEBUG] [org.apache.commons.httpclient.HttpConnection] enter HttpConnection.closeSockedAndStreams()
[04 Mrz 2011 12:25:35,226] [DEBUG] [org.apache.commons.httpclient.HttpConnection] enter HttpConnection.releaseConnection()
[04 Mrz 2011 12:25:35,226] [DEBUG] [org.apache.commons.httpclient.HttpConnection] Connection is locked. Call to releaseConnection() ignored.
[04 Mrz 2011 12:25:35,226] [DEBUG] [org.apache.commons.httpclient.HttpMethodDirector] Authenticating with NTLM <any realm>@webtitan:3128
[04 Mrz 2011 12:25:35,226] [DEBUG] [org.apache.commons.httpclient.HttpState] enter HttpState.getProxyCredentials(AuthScope)
[04 Mrz 2011 12:25:35,226] [DEBUG] [org.apache.commons.httpclient.auth.NTLMScheme] enter NTLMScheme.authenticate(Credentials, HttpMethod)
[04 Mrz 2011 12:25:35,226] [DEBUG] [org.apache.commons.httpclient.params.HttpMethodParams] Credential charset not configured, using HTTP element charset
Wir haben ein Problem eine JavaWebStart Anwendung und zwar gelingt keine Autentifizierung im Kontext von Windows-Systemen + Proxy-Server mit NTLM-Authentifizierung. Für Java scheint keine einheitliche Methode für eine entsprechende Authentifizierung zu existieren.
Wir versuchen mit folgendem Code die NTLM Authentifizierung zu verarbeiten:
httpClient.getParams().setParameter(CredentialsProvider.PROVIDER, new FrameAuthPrompter(view));
wobei die Class FrameAuthPrompter eine Interface Implementierung von org.apache.commons.httpclient.auth.CredentialsProvider ist.
Bei einem Nachgestelltem internen Testscenario wird der NTLM Proxy als solches erkannt und eine Aufforderung zum Authentifizierung wird auch korrekt angezeigt, leider geht es dann nicht weiter trotz richtiger Eingabe der Domaine, username und Passwort. Die Authentifizierungsdaten werden immer wieder angefordert.
Unten finden Sie auch das Protokoll.
Wir haben verschiedene Ansätze ausprobiert, also auch mit com.sun.security.auth.NTUserPrincipal es hat aber nicht geholfen.
Wir brauchen hinsichtlich dieser Problematik einen Hinweis auf dem wir ansetzen können.
Java:
class FrameAuthPrompter implements CredentialsProvider {
JFrame view;
public FrameAuthPrompter(JFrame view) {
super();
this.view = view;
}
public Credentials getCredentials(final AuthScheme authscheme, final String host, int port, boolean proxy) throws CredentialsNotAvailableException {
if (authscheme == null) {
return null;
}
try {
if (authscheme instanceof NTLMScheme) {
JTextField domain = new JTextField();
JTextField user = new JTextField();
JTextField password = new JPasswordField();
JPanel panel = new JPanel(new GridLayout(3, 2));
panel.add(new JLabel("Domain"));
panel.add(domain);
panel.add(new JLabel("User"));
panel.add(user);
panel.add(new JLabel("Password"));
panel.add(password);
int option = JOptionPane.showConfirmDialog(view,
panel, "Proxy"+host+ ":" + port + " benötigt Windows Authentifizierung", JOptionPane.OK_CANCEL_OPTION,
JOptionPane.PLAIN_MESSAGE);
if (option == JOptionPane.OK_OPTION) {
return new NTCredentials(user.getText(), password.getText(), host, domain.getText());
}
else return null;
} else if (authscheme instanceof RFC2617Scheme) {
JTextField user = new JTextField();
JTextField password = new JPasswordField();
JPanel panel = new JPanel(new GridLayout(2, 2));
panel.add(new JLabel("User"));
panel.add(user);
panel.add(new JLabel("Password"));
panel.add(password);
int option = JOptionPane.showConfirmDialog(view,
panel, "Proxy"+host+ ":" + port + " benötigt Authentifizierung mit dem realm " + authscheme.getRealm(), JOptionPane.OK_CANCEL_OPTION,
JOptionPane.PLAIN_MESSAGE);
if (option == JOptionPane.OK_OPTION) {
return new UsernamePasswordCredentials(user.getText(), password.getText());
}
else return null;
}
else {
throw new CredentialsNotAvailableException("Unsupported authentication scheme: "
+ authscheme.getSchemeName());
}
} catch (IOException e) {
throw new CredentialsNotAvailableException(e.getMessage(), e);
}
}
}Protokol
[04 Mrz 2011 12:25:21,179] [DEBUG] [httpclient.wire.header] << "Proxy-Connection: close[\r][\n]"
[04 Mrz 2011 12:25:21,179] [DEBUG] [org.apache.commons.httpclient.auth.AuthChallengeProcessor] Supported authentication schemes in the order of preference: [ntlm, digest, basic]
[04 Mrz 2011 12:25:21,179] [ INFO] [org.apache.commons.httpclient.auth.AuthChallengeProcessor] ntlm authentication scheme selected
[04 Mrz 2011 12:25:21,179] [DEBUG] [org.apache.commons.httpclient.auth.AuthChallengeProcessor] Using authentication scheme: ntlm
[04 Mrz 2011 12:25:21,179] [DEBUG] [org.apache.commons.httpclient.auth.AuthChallengeProcessor] Authorization challenge processed
[04 Mrz 2011 12:25:21,179] [DEBUG] [org.apache.commons.httpclient.HttpMethodDirector] Proxy authentication scope: NTLM <any realm>@webtitan:3128
[04 Mrz 2011 12:25:21,179] [DEBUG] [org.apache.commons.httpclient.HttpState] enter HttpState.getProxyCredentials(AuthScope)
[04 Mrz 2011 12:25:21,179] [DEBUG] [org.apache.commons.httpclient.HttpMethodDirector] Proxy credentials required
[04 Mrz 2011 12:25:35,226] [DEBUG] [org.apache.commons.httpclient.HttpState] enter HttpState.setProxyCredentials(AuthScope, Credentials)
[04 Mrz 2011 12:25:35,226] [DEBUG] [org.apache.commons.httpclient.HttpMethodDirector] NTLM <any realm>@webtitan:3128 new credentials given
[04 Mrz 2011 12:25:35,226] [DEBUG] [org.apache.commons.httpclient.HttpMethodDirector] Retry authentication
[04 Mrz 2011 12:25:35,226] [DEBUG] [httpclient.wire.content] << "<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/tr/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"><head><title>WebTitan: Access Denied</title><style type="text/css">body { background: #fff; }img { margin: 0 0 24px 0; }h1 { font: 21px arial, sans-serif; color: #900; margin: 15px 0 30px 0; }h2 { font: 15px arial, sans-serif; color: #000; margin: 18px 0 9px 0; }div.a { background: #eee; padding: 12px; }div.a p { margin: 0; }p { font: 13px arial, sans-serif; color: #111; margin: 0 0 9px 0; line-height: 15px; }</style></head><body><div style="margin: 0 auto;width:600px;"><h1>Access Denied</h1><h2>You have attempted to access the following web page:</h2><div class="a" style="word-wrap:break-word"><p><a href="http://seegurke.dimdi.de/signsrv/signserverc">http://seegurke.dimdi.de/signsrv/signserverc</a></p></div><h2>Access has been blocked because:</h2><div class="a"><p>Authentication failed - username or password incorrect</p><"
[04 Mrz 2011 12:25:35,226] [DEBUG] [httpclient.wire.content] << "/div><br><p>Management have deemed that access to this web page is inappropriate at this time. Please contact your supervisor if you feel that this is incorrect.</p></body></html>"
[04 Mrz 2011 12:25:35,226] [DEBUG] [org.apache.commons.httpclient.HttpMethodBase] Should close connection in response to directive: close
[04 Mrz 2011 12:25:35,226] [DEBUG] [org.apache.commons.httpclient.HttpConnection] enter HttpConnection.close()
[04 Mrz 2011 12:25:35,226] [DEBUG] [org.apache.commons.httpclient.HttpConnection] enter HttpConnection.closeSockedAndStreams()
[04 Mrz 2011 12:25:35,226] [DEBUG] [org.apache.commons.httpclient.HttpConnection] enter HttpConnection.releaseConnection()
[04 Mrz 2011 12:25:35,226] [DEBUG] [org.apache.commons.httpclient.HttpConnection] Connection is locked. Call to releaseConnection() ignored.
[04 Mrz 2011 12:25:35,226] [DEBUG] [org.apache.commons.httpclient.HttpMethodDirector] Authenticating with NTLM <any realm>@webtitan:3128
[04 Mrz 2011 12:25:35,226] [DEBUG] [org.apache.commons.httpclient.HttpState] enter HttpState.getProxyCredentials(AuthScope)
[04 Mrz 2011 12:25:35,226] [DEBUG] [org.apache.commons.httpclient.auth.NTLMScheme] enter NTLMScheme.authenticate(Credentials, HttpMethod)
[04 Mrz 2011 12:25:35,226] [DEBUG] [org.apache.commons.httpclient.params.HttpMethodParams] Credential charset not configured, using HTTP element charset
