在 Java 发行说明中没有提及任何地方,但 NTLM 身份验证实现发生了变化。
我已经调试了java代码并得出以下结果
在 java.home/lib 中有文件 net.properties,现在提到以下内容
#
# Transparent NTLM HTTP authentication mode on Windows. Transparent authentication
# can be used for the NTLM scheme, where the security credentials based on the
# currently logged in user's name and password can be obtained directly from the
# operating system, without prompting the user. This property has three possible
# values which regulate the behavior as shown below. Other unrecognized values
# are handled the same as 'disabled'. Note, that NTLM is not considered to be a
# strongly secure authentication scheme and care should be taken before enabling
# this mechanism.
#
# Transparent authentication never used.
#jdk.http.ntlm.transparentAuth=disabled
#
# Enabled for all hosts.
#jdk.http.ntlm.transparentAuth=allHosts
#
# Enabled for hosts that are trusted in Windows Internet settings
#jdk.http.ntlm.transparentAuth=trustedHosts
#
jdk.http.ntlm.transparentAuth=disabled
直到 jdk1.8.0_181 为止,都有一个默认的 NTLM 身份验证回调,这在 NTLM 身份验证过程中很有用。
要在 jdk1.8.0_181 及以上版本上运行上述代码,您只需设置jdk.http.ntlm.transparentAuth为你的java进程。
或者,您可以设置 JVM 参数,例如,-Djdk.http.ntlm.transparentAuth=allHosts
,或设置系统属性,例如,System.setProperty("jdk.http.ntlm.transparentAuth", "allHosts")
.
如果你选择可信主机,确保该 URL 添加到 Windows 受信任站点中。
您可以在静态初始化期间看到这里使用的这个新系统属性:sun.net.www.protocol.http.ntlm.NTLMAuthentication
.
此外,您可以看到此处使用了该设置:public static boolean NTLMAuthentication.isTrustedSite(URL)
最后,要以编程方式控制 URL 是否可信,您可以安装回调。看:sun.net.www.protocol.http.ntlm.NTLMAuthenticationCallback