So just to help you broaden your search for answers a bit, there's nothing SharePoint-specific about the Kerberos authentication used here. In fact SharePoint doesn't really have it's own authentication mechanisms (at least assuming we're talking about WSS 3/MOSS here). It just relies on the underlying ASP.NET/IIS authentication capabilities.

因此，只是为了帮助您扩大对答案的搜索范围，此处使用的 Kerberos 身份验证没有任何特定于 SharePoint 的内容。事实上，SharePoint 并没有真正拥有自己的身份验证机制（至少假设我们在这里谈论的是 WSS 3/MOSS）。它仅依赖于底层的 ASP.NET/IIS 身份验证功能。

Sooo, if you're running your Java ausing a modern JDK, you'll probably have an easy time. See the docs on HTTP authentication mechanisms. There's some nice code snippets in there. One of which I'll reproduce for reference here. Really though, check out the link.

太好了，如果您使用现代 JDK 运行 Java，您可能会过得很轻松。请参阅有关 HTTP 身份验证机制的文档。那里有一些不错的代码片段。我将在此处复制其中之一以供参考。真的，请查看链接。

import java.io.BufferedReader;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.Authenticator;
import java.net.PasswordAuthentication;
import java.net.URL;

public class RunHttpSpnego {

    static final String kuser = "username"; // your account name
    static final String kpass = "password"; // your password for the account

    static class MyAuthenticator extends Authenticator {
        public PasswordAuthentication getPasswordAuthentication() {
            // I haven't checked getRequestingScheme() here, since for NTLM
            // and Negotiate, the usrname and password are all the same.
            System.err.println("Feeding username and password for " + getRequestingScheme());
            return (new PasswordAuthentication(kuser, kpass.toCharArray()));
        }
    }

    public static void main(String[] args) throws Exception {
        Authenticator.setDefault(new MyAuthenticator());
        URL url = new URL(args[0]);
        InputStream ins = url.openConnection().getInputStream();
        BufferedReader reader = new BufferedReader(new InputStreamReader(ins));
        String str;
        while((str = reader.readLine()) != null)
            System.out.println(str);
    }
}

Here's an example from the Java documentationof the open source SPNEGOHTTP Servlet Filter library.

下面是开源SPNEGO HTTP Servlet 过滤器库的 Java 文档中的一个示例。

The library has a client that can connect to a web server that has integrated Windows authentication turned on.

该库有一个客户端，可以连接到已打开集成 Windows 身份验证的 Web 服务器。

The project also has examples on how to setup your environment for Kerberos/SPNEGO authentication.

该项目还提供了有关如何为 Kerberos/SPNEGO 身份验证设置环境的示例。

 public static void main(final String[] args) throws Exception {
     System.setProperty("java.security.krb5.conf", "krb5.conf");
     System.setProperty("sun.security.krb5.debug", "true");
     System.setProperty("java.security.auth.login.config", "login.conf");

     SpnegoHttpURLConnection spnego = null;

     try {
         spnego = new SpnegoHttpURLConnection("spnego-client", "dfelix", "myp@s5");
         spnego.connect(new URL("http://medusa:8080/index.jsp"));

         System.out.println(spnego.getResponseCode());

     } finally {
         if (null != spnego) {
             spnego.disconnect();
         }
     }
 }

For Kerberos setup, I know of 3 persons who between them knows all there is to know about Kerb: Spence Harbar, Bob Fox and Tom Wisnowski.

对于 Kerberos 设置，我认识 3 个人，他们对 Kerb 了如指掌：Spence Harbar、Bob Fox 和 Tom Wisnowski。

Spence is also brewing with a Kerberos wizard to setup Kerb and export setup scripts.

Spence 还准备使用 Kerberos 向导来设置 Curb 和导出设置脚本。

Check out his blog here: http://www.harbar.net/

在这里查看他的博客：http: //www.harbar.net/

Tom Wiznowski has sent out a white paper. http://my/sites/tomwis/Shared%20Documents/Configuring%20Kerberos%20for%20SharePoint.docx

汤姆·维兹诺夫斯基 (Tom Wiznowski) 发出了一份白皮书。 http://my/sites/tomwis/Shared%20Documents/Configuring%20Kerberos%20for%20SharePoint.docx

Joel Olson got a good article here: http://www.sharepointjoel.com/Lists/Posts/Post.aspx?ID=2

乔尔奥尔森在这里得到了一篇好文章：http: //www.sharepointjoel.com/Lists/Posts/Post.aspx?ID =2

But when the above is said, SharePoint only recommends Kerb for when the company already uses this. You should not install Kerberos on your company network just because of SharePoint. Kerberos is complex to set up and even though it generally is considered faster than NTLM, this is only true when you reach a certain limit of simultanious users on your site. For a low traffic site, the huge tokens that Kerberos send across the network actually makes it slower than NTLM.

但是当上面说到时，SharePoint 仅在公司已经使用它时才推荐 Curb。您不应该仅仅因为 SharePoint 就在您的公司网络上安装 Kerberos。Kerberos 设置起来很复杂，尽管它通常被认为比 NTLM 快，但只有当您的站点上的同时用户数达到一定限制时才会如此。对于低流量站点，Kerberos 通过网络发送的巨大令牌实际上使其比 NTLM 慢。

Sure there is some functionality that will only work with Kerberos (rss feed, cubes in excel services, authentication of web service calls in custom code due to double hops) but trust me when i say that NTLM will do a very good job of running your MOSS also.

当然有一些功能只适用于 Kerberos（rss 提要、excel 服务中的多维数据集、由于双跳而对自定义代码中的 Web 服务调用进行身份验证）但是相信我，当我说 NTLM 会很好地运行您的苔藓也。

When the above is said, could you please specify what kind of integration you are trying to achieve from your Java application?

说到上述内容后，能否请您具体说明您想从 Java 应用程序中实现什么样的集成？

Are you just trying to call the web service layers of SharePoint?

您只是想调用 SharePoint 的 Web 服务层吗？

hth Anders Rask

安德斯·拉斯克