The scenario is intended user will access the servlet (e.g http://someip/myservlet) which in turn authenticates a password protected website (e.g. mysite.com - which is hosted on IIS server with Use Windows authentication enabled) implicitly and then opens that mysite.com – so that:
该方案旨在用户将访问servlet(例如http:// someip / myservlet),该servlet依次验证受密码保护的网站(例如mysite.com - 隐藏在启用了使用Windows身份验证的IIS服务器上),然后打开mysite.com - 这样:
- target users will not get prompt for username & password as he will go through the servlet(hosted on some server like tomcat)
- any other user accessing link text will not be able to access without knowing credentials
目标用户不会得到用户名和密码的提示,因为他将通过servlet(托管在像tomcat这样的服务器上)
访问链接文本的任何其他用户将无法在不知道凭据的情况下访问
The requirement is (it has to open that website not fetch the content as mysite.com has dynamic functionality in it)
要求是(它必须打开该网站不获取内容,因为mysite.com中有动态功能)
Is it possible in Java (HttpURLConnection) ??
是否有可能在Java(HttpURLConnection)?
any help is appreciated.
任何帮助表示赞赏。
Thanks.
3 个解决方案
#1
To be sure I understood your need, here is a summary : you want a given user A to connect on your first server Server1.domain1.com, that would connect (from inside the java server) on a second server server2.domain2.com (currently under IIS). Then server1 would forward user to server2 web page, the challenge being avoiding any authentication popup.
为了确保我理解你的需要,这里有一个摘要:你希望给定的用户A连接你的第一台服务器Server1.domain1.com,它将连接(来自java服务器内部)第二台服务器server2.domain2.com (目前在IIS下)。然后server1会将用户转发到server2网页,挑战是避免任何身份验证弹出。
The root problem is to transmit, from the server1 to the client browser, then from client browser to server2, the authentication ticket that server1 got from server2.
根本问题是从server1传输到客户端浏览器,然后从客户端浏览器传输到server2,即server1从server2获取的身份验证票证。
It is not specifically a java problem but more a global WEB problem. Indeed the only information received by server2 to identify client user is in the http flow, in short words the IP adress, the URL, and cookies.
它不是特定的java问题,而是更多的全局WEB问题。实际上,服务器2接收的用于识别客户端用户的唯一信息是在http流中,简言之,IP地址,URL和cookie。
Cookies is a dead end if server1 and server2 are not the same domain (see RFC 2109 : http://www.ietf.org/rfc/rfc2109.txt), as browser would send cookies to a server of a given domain only if the cookie was returned from a server (the same or another) of the SAME domain.
如果server1和server2不是同一个域(参见RFC 2109:http://www.ietf.org/rfc/rfc2109.txt),那么Cookies就是一个死胡同,因为只有当浏览器将cookie发送到给定域的服务器时cookie是从SAME域的服务器(相同或另一个)返回的。
So the answer is a two step process :
所以答案是两个步骤:
- first, server1 should get a sessionID from server2, probably through submitting a http request with appropriate credentials (basic-auth ? form fields ? or worst, "Windows like domain auth" ?). For this step, I suggest using apache httpclient library.
- Second, server1 should forward client user to an appropriate URL of server2, that would include the sessionID as an argument. It requires that server2 offers such a possibility to get in.
首先,server1应该从server2获取sessionID,可能是通过提交具有适当凭据的http请求(basic-auth?form fields?或者最差,“Windows like domain auth”?)。对于此步骤,我建议使用apache httpclient库。
其次,server1应该将客户端用户转发到server2的适当URL,其中包括sessionID作为参数。它要求server2提供这种进入的可能性。
At first sight I see no other simple solution.
乍一看,我没有看到其他简单的解决方案。
#2
It seems the functionality you like to implement is covered by HTTP reverse proxies. This kind of proxy will "mirror" some site site1.domain1.com at another location like site2.domain2.com
看来你想要实现的功能由HTTP反向代理覆盖。这种代理将在site2.domain2.com等其他位置“镜像”某些站点site1.domain1.com
Most common use-cases are that site1 is not pubic and the reverse proxy will act as a gateway, load balancer, SSL gateway or similar.
最常见的用例是site1不是公共的,反向代理将充当网关,负载均衡器,SSL网关或类似网关。
For implementation in Java: I also recommend the Apache HTTP client library. And it's possible to use NTLM authentication with this client lib.
在Java中实现:我还推荐Apache HTTP客户端库。并且可以对此客户端lib使用NTLM身份验证。
#3
The built in HTTPURLConnection might be not enough if you really want to implement this kind of request forwarding. Try the Apache HTTPClient which has ample of customization options. You could also look for TCP forward solutions or this post.
如果您真的想要实现这种请求转发,内置的HTTPURLConnection可能还不够。尝试具有大量自定义选项的Apache HTTPClient。您还可以查找TCP转发解决方案或此帖子。
#1
To be sure I understood your need, here is a summary : you want a given user A to connect on your first server Server1.domain1.com, that would connect (from inside the java server) on a second server server2.domain2.com (currently under IIS). Then server1 would forward user to server2 web page, the challenge being avoiding any authentication popup.
为了确保我理解你的需要,这里有一个摘要:你希望给定的用户A连接你的第一台服务器Server1.domain1.com,它将连接(来自java服务器内部)第二台服务器server2.domain2.com (目前在IIS下)。然后server1会将用户转发到server2网页,挑战是避免任何身份验证弹出。
The root problem is to transmit, from the server1 to the client browser, then from client browser to server2, the authentication ticket that server1 got from server2.
根本问题是从server1传输到客户端浏览器,然后从客户端浏览器传输到server2,即server1从server2获取的身份验证票证。
It is not specifically a java problem but more a global WEB problem. Indeed the only information received by server2 to identify client user is in the http flow, in short words the IP adress, the URL, and cookies.
它不是特定的java问题,而是更多的全局WEB问题。实际上,服务器2接收的用于识别客户端用户的唯一信息是在http流中,简言之,IP地址,URL和cookie。
Cookies is a dead end if server1 and server2 are not the same domain (see RFC 2109 : http://www.ietf.org/rfc/rfc2109.txt), as browser would send cookies to a server of a given domain only if the cookie was returned from a server (the same or another) of the SAME domain.
如果server1和server2不是同一个域(参见RFC 2109:http://www.ietf.org/rfc/rfc2109.txt),那么Cookies就是一个死胡同,因为只有当浏览器将cookie发送到给定域的服务器时cookie是从SAME域的服务器(相同或另一个)返回的。
So the answer is a two step process :
所以答案是两个步骤:
- first, server1 should get a sessionID from server2, probably through submitting a http request with appropriate credentials (basic-auth ? form fields ? or worst, "Windows like domain auth" ?). For this step, I suggest using apache httpclient library.
- Second, server1 should forward client user to an appropriate URL of server2, that would include the sessionID as an argument. It requires that server2 offers such a possibility to get in.
首先,server1应该从server2获取sessionID,可能是通过提交具有适当凭据的http请求(basic-auth?form fields?或者最差,“Windows like domain auth”?)。对于此步骤,我建议使用apache httpclient库。
其次,server1应该将客户端用户转发到server2的适当URL,其中包括sessionID作为参数。它要求server2提供这种进入的可能性。
At first sight I see no other simple solution.
乍一看,我没有看到其他简单的解决方案。
#2
It seems the functionality you like to implement is covered by HTTP reverse proxies. This kind of proxy will "mirror" some site site1.domain1.com at another location like site2.domain2.com
看来你想要实现的功能由HTTP反向代理覆盖。这种代理将在site2.domain2.com等其他位置“镜像”某些站点site1.domain1.com
Most common use-cases are that site1 is not pubic and the reverse proxy will act as a gateway, load balancer, SSL gateway or similar.
最常见的用例是site1不是公共的,反向代理将充当网关,负载均衡器,SSL网关或类似网关。
For implementation in Java: I also recommend the Apache HTTP client library. And it's possible to use NTLM authentication with this client lib.
在Java中实现:我还推荐Apache HTTP客户端库。并且可以对此客户端lib使用NTLM身份验证。
#3
The built in HTTPURLConnection might be not enough if you really want to implement this kind of request forwarding. Try the Apache HTTPClient which has ample of customization options. You could also look for TCP forward solutions or this post.
如果您真的想要实现这种请求转发,内置的HTTPURLConnection可能还不够。尝试具有大量自定义选项的Apache HTTPClient。您还可以查找TCP转发解决方案或此帖子。