【转】Java httpclient 模拟NTLM域登录

NTLM是NT LAN Manager的缩写，是微软windows系统的一种登录认证机制，常用做域内主机的自动认证。为了方便管理，公司、学校等，都会要求接入内部网的电脑加入域，用户的登录名、密码都保存在域中服务器上。简单来说，当用户需要登录系统时，服务器返回401需要进一步授权，然后浏览器和服务器进行协商，确认NTLM版本等内容，然后服务器会随机产生一个字符串（叫做挑战，challenge），发给本机，本机会使用保存在本地域中的用户名和密码对其加密，然后将密文发送给服务器，服务器也使用用户的账号和密码进行加密，将两个密文进行比对，如果匹配，就登录成功。详细说明见http://www.innovation.ch/personal/ronald/ntlm.html

下面使用httpclient包，编写代码来模拟NTLM登录过程。

package com.yeetrack.ntlm;

import java.io.IOException;
import java.util.List;
import java.util.ArrayList;
import org.apache.http.HttpEntity;
import org.apache.http.HttpHost;
import org.apache.http.HttpResponse;
import org.apache.http.ParseException;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.NTCredentials;
import org.apache.http.auth.params.AuthPNames;

import org.apache.http.client.ClientProtocolException;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.params.AuthPolicy;
import org.apache.http.conn.params.ConnRoutePNames;
import org.apache.http.conn.params.ConnRouteParams;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.protocol.BasicHttpContext;
import org.apache.http.protocol.HttpContext;
import org.apache.http.util.EntityUtils;

/**
 * @author youthflies
 * yeetrack.com
 */
public class NtlmTest
{

    public static void main(String[] args)
    {
        DefaultHttpClient httpclient = new DefaultHttpClient();
        List<String> authpref = new ArrayList<String>();
        authpref.add(AuthPolicy.NTLM);
        httpclient.getParams().setParameter(AuthPNames.TARGET_AUTH_PREF,    authpref);
        //参数分别为用户名、密码、服务器url、工作域名称
        NTCredentials creds = new NTCredentials("username", "password",     "serverName", "domain");
        httpclient.getCredentialsProvider().setCredentials(AuthScope.ANY, creds);

        //设置要连接的目标名称、端口
        HttpHost target = new HttpHost("serverName", 80, "http");

        // Make sure the same context is used to execute logically related requests
        HttpContext localContext = new BasicHttpContext();

        // Execute a cheap method first. This will trigger NTLM authentication
        HttpGet httpget = new HttpGet("目标域名的详细url：serverName+端口+路径等");
        //下面是为请求加上一些header信息，来伪装浏览器
        httpget.addHeader("Accept-Language", "zh-Hans-CN,zh-Hans;q=0.8,en-US;q=0.5,en;q=0.3");
        httpget.addHeader("Accept","image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, */*");
        httpget.addHeader("DNT","1");
        httpget.addHeader("User-Agent", "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; WOW64; Trident/6.0; .NET4.0E; .NET4.0C; .NET CLR 3.5.30729; .NET CLR 2.0.50727; .NET CLR 3.0.30729)");
        httpget.addHeader("Accept-Encoding","gzip, deflate");

        try
        {

            HttpResponse response = httpclient.execute(httpget);
            HttpEntity entity = response.getEntity();
            System.out.println(EntityUtils.toString(entity));
        } catch (ParseException e)
        {
            // TODO Auto-generated catch block
            e.printStackTrace();
        } catch (IOException e)
        {
            // TODO Auto-generated catch block
            e.printStackTrace();
        }
    }   
}