यहाँ एक उदाहरण है:
public class HttpSpnegoConnection {
/**
* Uses HttpClient 4.3.4 and CommonsIO 2.4
*/
public static void main(String[] args) throws ClientProtocolException, IOException {
String domain = "yourdomain.com";
String kdc = "thekdc.yourdomain.ch";
// careful with aliases, 'somewebsite' has to be in the kerberos database
String url = "http://somewebsite:8080/myresource/";
// if the port does not match the kerberos database entry, skip it during the lookup
boolean skipPortAtKerberosDatabaseLookup = true;
File krb5Config = createKrb5Configuration(domain,kdc);
System.out.println("Created config '"+krb5Config.getAbsolutePath()+"':");
System.out.println(IOUtils.toString(new FileReader(krb5Config)));
System.setProperty("java.security.krb5.conf", krb5Config.toURI().toString());
System.setProperty("sun.security.krb5.debug", "true");
System.setProperty("javax.security.auth.useSubjectCredsOnly","false");
Lookup<AuthSchemeProvider> authSchemeRegistry = RegistryBuilder.<AuthSchemeProvider>create()
.register(AuthSchemes.SPNEGO, new SPNegoSchemeFactory(skipPortAtKerberosDatabaseLookup))
.build();
CloseableHttpClient client = HttpClients.custom().setDefaultAuthSchemeRegistry(authSchemeRegistry).build();
HttpClientContext context = HttpClientContext.create();
BasicCredentialsProvider credentialsProvider = new BasicCredentialsProvider();
// This may seem odd, but specifying 'null' as principal tells java to use the logged in user's credentials
Credentials useJaasCreds = new Credentials() {
public String getPassword() {
return null;
}
public Principal getUserPrincipal() {
return null;
}
};
credentialsProvider.setCredentials(new AuthScope(null, -1, null), useJaasCreds);
context.setCredentialsProvider(credentialsProvider);
HttpGet httpget = new HttpGet(url);
CloseableHttpResponse response = client.execute(httpget,context);
String responseString = IOUtils.toString(response.getEntity().getContent());
System.out.println("HTTP Response:");
System.out.println(responseString);
}
/**
Creates a temporary krb5.conf
[libdefaults]
default_realm = <domain>
[realms]
snb.ch = {
kdc = <kdc>
admin_server = <kdc>
}
*/
private static File createKrb5Configuration(String domain, String kdc) throws IOException {
File tempFile = File.createTempFile("krb5", "kdc");
ArrayList<String> lines = new ArrayList<>();
lines.add("[libdefaults]");
lines.add("\tdefault_realm = "+domain);
lines.add("[realms]");
lines.add("\t"+domain+" = {");
lines.add("\t\tkdc = "+kdc);
lines.add("\t\tadmin_server = "+kdc);
lines.add("\t}");
FileWriter writer = new FileWriter(tempFile);
IOUtils.writeLines(lines, System.lineSeparator(), writer);
IOUtils.closeQuietly(writer);
return tempFile;
}
}
अपने ई विन्यास पर निर्भर करता है, बनाने और krb5.conf को निर्दिष्ट छूट सकते हैं।
जब मैं इसे चलाता हूं ('डोमेन' /' kdc'/'url' को अनुकूलित करने के बाद), यह मुझे पासवर्ड के लिए संकेत देता है (मेरे लॉग-इन क्रेडेंशियल्स का उपयोग करने के बजाय)। – bacar
@bacar मैं आपको यह नहीं बता सकता कि समस्या क्या है, लेकिन यदि आपको कोई संकेत मिलता है तो इसका आमतौर पर मतलब है कि केर्बेरोज स्वाभाविकता विफल रही है या ठीक से स्थापित नहीं है। – chris