[
https://issues.apache.org/jira/browse/HTTPCLIENT-523?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12722842#action_12722842
]
Matthew Stevenson commented on HTTPCLIENT-523:
----------------------------------------------
Below should work with Jboss Negotiation package with jdk 1.6. IIS7 works with
Kerberos v5 Oid, Jboss does not. Not sure about other implementations. Would be
nice if SPNEGO was back ported to 1.5 but not going to happen.
protected void init(String server) throws GSSException {
LOG.debug("init " + server);
/* Kerberos v5 GSS-API mechanism defined in RFC 1964.*/
// Oid krb5Oid = new Oid("1.2.840.113554.1.2.2");
/* Using the SPNEGO OID seems to be the correct method.
* Above Kerberos v5 works for IIS but not JBoss. Unwrapping
* the initial token when using SPNEGO OID looks like what is
* described here...
*
* http://msdn.microsoft.com/en-us/library/ms995330.aspx
*
* Another helpful URL...
*
*
http://publib.boulder.ibm.com/infocenter/wasinfo/v7r0/index.jsp?topic=/com.ibm.websphere.express.doc/info/exp/ae/tsec_SPNEGO_token.html
*
* Unfortunately SPNEGO is JRE >=1.6.
*/
String javaVersion = System.getProperty("java.runtime.version");
LOG.debug("System.getProperty(\"java.runtime.version\") = " +
javaVersion);
Oid negotiationOid = null;
if( javaVersion.matches("1\\.6.*") ){
LOG.debug("Using SPNEGO OID");
negotiationOid = new Oid("1.3.6.1.5.5.2");
}else{
LOG.debug("Using Kerberos OID");
negotiationOid = new Oid("1.2.840.113554.1.2.2");
}
GSSManager manager = GSSManager.getInstance();
GSSName serverName = manager.createName("HTTP/"+server, null);
context = manager.createContext(
serverName.canonicalize(negotiationOid),
negotiationOid, null,
GSSContext.DEFAULT_LIFETIME);
context.requestMutualAuth(true);
context.requestCredDeleg(true);
state = INITIATED;
}
> SPNEGO authentication scheme
> ----------------------------
>
> Key: HTTPCLIENT-523
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-523
> Project: HttpComponents HttpClient
> Issue Type: Improvement
> Components: HttpAuth
> Affects Versions: Snapshot
> Environment: Operating System: All
> Platform: All
> Reporter: Mikael Wikström
> Priority: Minor
> Fix For: 4.1.0
>
> Attachments: bcsLogin.conf,
> CustomAuthenticationNegotiateExample.java,
> CustomAuthenticationNegotiateExample.java, KerberosHttpClient.zip,
> NegotiateScheme.java, NegotiateScheme.java, run.sh, submitclient.tar.gz
>
>
> Consider integrating the SPNEGO auth scheme from Commons HttpClient contrib
> package into HttpClient 4.0
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
