There is a problem with NTLM in AXIS2. It centres around the ntlm.setHost() method. The entry here is used as both WORKSTATION in the NTLM exchange and as Remote Host when AuthScope is created. This creates a Catch-22 situation where NTLM does not work using the HttpTransportProperties.Authenticator technique. You either get a "401 unauthorized" or you get a "No credentials found for < REALM>@HOST".

AXIS2 中的 NTLM 存在问题。它以 ntlm.setHost() 方法为中心。此处的条目既用作 NTLM 交换中的 WORKSTATION，又用作创建 AuthScope 时的远程主机。这会造成 Catch-22 情况，即 NTLM 无法使用 HttpTransportProperties.Authenticator 技术工作。您要么得到“401 未授权”，要么得到“找不到< REALM>@HOST 的凭据”。

See https://issues.apache.org/jira/browse/AXIS2-4595

请参阅https://issues.apache.org/jira/browse/AXIS2-4595

Peter

彼得

HttpClient doesnt support NTLM v2 hence I use JCIFS library to return NTLM v1,2,3 message type as described in this website

HttpClient 不支持 NTLM v2，因此我使用 JCIFS 库返回 NTLM v1,2,3 消息类型，如本网站所述

http://devsac.blogspot.com/2010/10/supoprt-for-ntlmv2-with-apache.html

http://devsac.blogspot.com/2010/10/supoprt-for-ntlmv2-with-apache.html

I just used the JCIFS_NTLMScheme.java file from the above website to register the auth scheme and it worked !!!!

我只是使用上述网站上的 JCIFS_NTLMScheme.java 文件来注册身份验证方案，并且成功了！！！！

Sample client:

示例客户：

List authSchema = new ArrayList();
AuthPolicy.registerAuthScheme(AuthPolicy.NTLM, org.tempuri.JCIFS_NTLMScheme.class);
HttpTransportProperties.Authenticator auth = new HttpTransportProperties.Authenticator();
auth.setUsername("");
auth.setPassword("");
auth.setDomain("");
auth.setHost("");
auth.setPort();
List authPrefs = new ArrayList(1);
authPrefs.add(AuthPolicy.NTLM);
auth.setAuthSchemes(authPrefs);
stub._getServiceClient().getOptions().setProperty(org.apache.axis2.transport.http.HTTPConstants.AUTHENTICATE, auth); 

Based on the notes at this link NTLM issues with Axis2

基于此链接中的注释NTLM 与 Axis2 的问题

Axis2 still uses old HTTPClient library and it seems that version does not support all versions(v1, v2 ) of NTLM. And also it was not trivial to switch the transport to HTTPClient v4.1

Axis2 仍然使用旧的 HTTPClient 库，并且似乎该版本不支持 NTLM 的所有版本（v1、v2）。而且将传输切换到 HTTPClient v4.1 也并非易事

I gave up on Axis2 and used CXFinstead.

我放弃了 Axis2，转而使用CXF。

The following link really us get past the Kerboros/NTLM issues

以下链接确实让我们克服了 Kerboros/NTLM 问题

http://download.oracle.com/javase/6/docs/technotes/guides/net/http-auth.html

An alternative to JCIFS is to use the Apache HTTPComponents 4 NTLMScheme (which works with new NTLM) inside a custom Apache Commons HTTP AuthScheme:

JCIFS 的替代方法是在自定义 Apache Commons HTTP AuthScheme 中使用 Apache HTTPComponents 4 NTLMScheme（与新的 NTLM 一起使用）：

public class BackportedNTLMScheme extends org.apache.http.impl.auth.NTLMScheme implements org.apache.commons.httpclient.auth.AuthScheme {

    @Override
    public String authenticate(final Credentials credentials, final HttpMethod method) throws AuthenticationException {
        org.apache.commons.httpclient.NTCredentials oldCredentials;
        try {
            oldCredentials = (org.apache.commons.httpclient.NTCredentials) credentials;
        } catch (final ClassCastException e) {
            throw new InvalidCredentialsException(
                    "Credentials cannot be used for NTLM authentication: " 
                    + credentials.getClass().getName());
        }
        final org.apache.http.auth.Credentials adaptedCredentials = new NTCredentials(oldCredentials.getUserName(), oldCredentials.getPassword(), oldCredentials.getHost(), oldCredentials.getDomain());

        try {
            final Header header = super.authenticate(adaptedCredentials, null);
            return header.getValue();
        } catch (final org.apache.http.auth.AuthenticationException e) {
            throw new AuthenticationException("AuthenticationException", e);
        }
    }

    @Override
    public void processChallenge(final String challenge) throws MalformedChallengeException {
        final String s = AuthChallengeParser.extractScheme(challenge);
        if (!s.equalsIgnoreCase(getSchemeName())) {
            throw new MalformedChallengeException("Invalid NTLM challenge: " + challenge);
        }
        int challengeIdx = challenge.indexOf(' ');
        final CharArrayBuffer challengeBuffer;
        if(challengeIdx != -1){
            challengeBuffer = new CharArrayBuffer(challenge.length());
            challengeBuffer.append(challenge);
        } else {
            challengeBuffer = new CharArrayBuffer(0);
            challengeIdx = 0;
        }
        try {
            parseChallenge(challengeBuffer, challengeIdx, challengeBuffer.length());
        } catch (final org.apache.http.auth.MalformedChallengeException e) {
            throw new MalformedChallengeException("MalformedChallengeException", e);
        }
    }

    @Override
    @Deprecated
    public String getID() {
        throw new RuntimeException("deprecated vc.bjn.catalyst.forecast.BackportedNTLMScheme.getID()");
    }


    @Override
    @Deprecated
    public String authenticate(final Credentials credentials, final String method, final String uri) throws AuthenticationException {
        throw new RuntimeException("deprecated vc.bjn.catalyst.forecast.BackportedNTLMScheme.authenticate(Credentials, String, String)");
    }
}

Usage

用法

AuthPolicy.registerAuthScheme(AuthPolicy.NTLM, BackportedNTLMScheme.class);

I tested this on IIS 7.5 on Windows Server 2008 R2.

我在 Windows Server 2008 R2 上的 IIS 7.5 上对此进行了测试。