[jira] [Commented] (HTTPCLIENT-1625) Completely overhaul GSS-API-based authentication backend

Tue, 07 Apr 2015 07:16:49 -0700 

    [ 
https://issues.apache.org/jira/browse/HTTPCLIENT-1625?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14483222#comment-14483222
 ] 

Moritz Bechler commented on HTTPCLIENT-1625:
--------------------------------------------

Hi,

moving this here from wagon.

I don't think my code will be much of help with your current problem as it is 
based on the current implementation and primarily focused on preemptive 
authentication (in that case the current implementation works if the GSS 
exchange is just request and response), still here it is: 
https://github.com/AgNO3/httpclient4-spnego/

Am I right in assuming that by implemented incorrectly you mean that it does 
not keep connection state? Agreed.

I would add the (not easily changeable) default of adding the port to the SPN 
to this list. This is a Microsoft proprietary usage and breaks Domain->Realm 
mapping in every other implementation I am aware of (including Java's where 
this was classified as WONTFIX as it is well outside the Kerberos spec) i.e. 
fails if client principal realm != server principal realm.

Another suggestion I would have is to still implement an option to have auth 
performed preemptively on every request as there are also a few server 
implementations out there that do not keep connection state.


regards

Moritz


> Completely overhaul GSS-API-based authentication backend
> --------------------------------------------------------
>
>                 Key: HTTPCLIENT-1625
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1625
>             Project: HttpComponents HttpClient
>          Issue Type: Task
>          Components: Documentation, HttpAuth, HttpClient
>    Affects Versions: 4.5 Alpha1
>            Reporter: Michael Osipov
>            Assignee: Michael Osipov
>             Fix For: 4.5 Alpha1
>
>
> The current implementation does not reflect the way GSS-API-based 
> authentication should be done. It has several design flaws.
> This is an umbrella task for:
> 1. Deprecate all old classes
> 2. Investigate how it has to be plugged into HttpClient
> 3. Reimplement from scratch
> 4. Thoroughly test all new stuff
> 5. Rewrite documentation
> Design notes are canonically available under: 
> https://wiki.apache.org/HttpComponents/IssueTracking/HTTPCLIENT-1625



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to