有一段时间我一直在尝试寻找一种让 jython 使用 NTLM 访问站点的方法。我只有 python 的基本知识,而对 java 几乎没有了解,所以我可以使用一些帮助(或示例)如何在我找到的脚本部分中使用 NTLM 来发出请求。我将其与开源应用程序磨床一起使用。
首先,我开始在脚本中导入 jcifs 以及grinder 使用的其他文件:
from net.grinder.script import Test
from net.grinder.script.Grinder import grinder
from net.grinder.plugin.http import HTTPPluginControl, HTTPRequest
from HTTPClient import NVPair
from jcifs.ntlmssp import Type1Message
from jcifs.ntlmssp import Type2Message, Type3Message
from jcifs.util import Base64
我找到的示例中提供了此代码部分。这是我能找到的最适合我的需求的东西,因为我只需要获得对请求的完整响应。
def NTLMAuthentication1(url, request, info, NTLMfield):
token_type1 = info.token_type1()
params = (NVPair("Authorization", "NTLM "+token_type1), )
result = request.GET(url, None, params)
NTLMfield = result.getHeader("WWW-Authenticate")
return NTLMAuthentication2(url, request, info, NTLMfield)
def NTLMAuthentication2(url, request, info, NTLMfield):
if NTLMfield.startswith("Negotiate"):
token_type2 = NTLMfield[len("Negotiate "):]
else:
token_type2 = NTLMfield[5:]
token_type3 = info.token_type3(token_type2)
params = (NVPair("Cookie", "WSS_KeepSessionAuthenticated=80"),
NVPair("Authorization", "NTLM " + token_type3), )
result = request.GET(url, None, params)
return result
# this function validate request and its result to see if the NTLM authentication is required
def NTLMAuthentication(lastResult, request, info):
# get last http request's url
url = lastResult.getEffectiveURI().toString()[len(request.getUrl()):]
# The result is ask for authentication
if lastResult.statusCode != 401 and lastResult.statusCode != 407:
return lastResult
NTLMfield = lastResult.getHeader("WWW-Authenticate")
if NTLMfield == None:
return lastResult
# check it is the first shakehands
if NTLMfield == "Negotiate, NTLM" or NTLMfield == "NTLM":
return NTLMAuthentication1(url, request, info, NTLMfield)
# check it is the second shakehands
elif len(NTLMfield) > 4 and NTLMfield[:4] == "NTLM":
return NTLMAuthentication2(url, request, info, NTLMfield)
else:
return lastResult
class NTLMAuthenticationInfo:
def __init__(self, domain, host, user, passwd):
self.domain = 'domain'
self.host = 'host'
self.user = 'user'
self.passwd = 'password'
def token_type1(self):
msg = Type1Message(Type1Message.getDefaultFlags(), self.domain, self.host)
return Base64.encode(msg.toByteArray())
def token_type3(self, token_type2):
msg2 = Type2Message(Base64.decode(token_type2))
#if jcifs 1.3.7 using msg3 = Type3Message(msg2, self.passwd, self.domain, self.user, self.host)
msg3 = Type3Message(msg2, self.passwd, self.domain, self.user, self.host)
return Base64.encode(msg3.toByteArray())
在主要部分中,请求看起来像这样:
result = request101.GET('/')
其中 request101 已使用 URL 和 header 进行预定义。所以,基本上,我不知道如何实现
我已经尝试过了
result = request101.GET('/')
print str(NTLMAuthentication(result, request101, NTLMAuthenticationInfo))
还有这个
NTLMAuthentication(request101.GET('/'), request101, NTLMAuthenticationInfo)
但是这些都不起作用。关于如何运行它有什么提示吗?
最佳答案
试试这个
ai = NTLMAuthenticationInfo("domain", "your host", "user", "password")
result = request101.GET('/')
result = NTLMAuthentication(result, request101, ai)
关于java - 在 jython 中使用 jcifs 以便使用 NTLM 安全性访问站点,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/9325980/