On 18 July 2014 21:06, <[email protected]> wrote: > Author: pmouawad > Date: Fri Jul 18 20:05:59 2014 > New Revision: 1611785 > > URL: http://svn.apache.org/r1611785 > Log: > Bug 56701 - HTTP Authorization Manager/ Kerberos Authentication: add port to > SPN when server port is neither 80 nor 443 > Add a jmeter property to control behaviour. > By default strip port.
-1. As far as I can tell, the patch changes the default behaviour. The default should be changed, e.g. by setting STRIP_PORT to false by default. > Bugzilla Id: 56701 > > Modified: > jmeter/trunk/bin/jmeter.properties > > jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java > jmeter/trunk/xdocs/changes.xml > jmeter/trunk/xdocs/usermanual/component_reference.xml > > Modified: jmeter/trunk/bin/jmeter.properties > URL: > http://svn.apache.org/viewvc/jmeter/trunk/bin/jmeter.properties?rev=1611785&r1=1611784&r2=1611785&view=diff > ============================================================================== > --- jmeter/trunk/bin/jmeter.properties (original) > +++ jmeter/trunk/bin/jmeter.properties Fri Jul 18 20:05:59 2014 > @@ -337,7 +337,11 @@ log_level.jorphan=INFO > > # AuthManager Kerberos configuration > # Name of application module used in jaas.conf > -#kerberos_jaas_application=JMeter > +#kerberos_jaas_application=JMeter > + > +# Should ports be stripped from urls before constructing SPNs > +# for spnego authentication > +#kerberos.spnego.strip_port=true > > # Sample logging levels for Commons HttpClient > # > @@ -962,8 +966,8 @@ beanshell.server.file=../extras/startup. > #jsyntaxtextarea.maxundos=50 > > # Maximum size of HTML page that can be displayed; default=200 * 1024 > -# Set to 0 to disable the size check > -#view.results.tree.max_size=0 > +# Set to 0 to disable the size check and display the whole response > +#view.results.tree.max_size=204800 > > # Order of Renderers in View Results Tree > # Note full class names should be used for non jmeter core renderers > > Modified: > jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java > URL: > http://svn.apache.org/viewvc/jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java?rev=1611785&r1=1611784&r2=1611785&view=diff > ============================================================================== > --- > jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java > (original) > +++ > jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java > Fri Jul 18 20:05:59 2014 > @@ -96,6 +96,9 @@ public class AuthManager extends ConfigT > > private static final boolean DEFAULT_CLEAR_VALUE = false; > > + /** Decides whether port should be omitted from SPN for kerberos spnego > authentication */ > + private static final boolean STRIP_PORT = > JMeterUtils.getPropDefault("kerberos.spnego.strip_port", true); > + > public enum Mechanism { > BASIC_DIGEST, KERBEROS; > } > @@ -392,8 +395,7 @@ public class AuthManager extends ConfigT > log.debug(username + " > D="+domain+" R="+realm + " > M="+auth.getMechanism()); > } > if (Mechanism.KERBEROS.equals(auth.getMechanism())) { > - boolean stripPort = (url.getPort() == > HTTPConstants.DEFAULT_HTTP_PORT || url.getPort() == > HTTPConstants.DEFAULT_HTTPS_PORT); > - ((AbstractHttpClient) > client).getAuthSchemes().register(AuthPolicy.SPNEGO, new > SPNegoSchemeFactory(stripPort)); > + ((AbstractHttpClient) > client).getAuthSchemes().register(AuthPolicy.SPNEGO, new > SPNegoSchemeFactory(isStripPort(url))); > credentialsProvider.setCredentials(new AuthScope(null, -1, > null), USE_JAAS_CREDENTIALS); > } else { > credentialsProvider.setCredentials( > @@ -403,6 +405,24 @@ public class AuthManager extends ConfigT > } > } > > + /** > + * IE and Firefox will always strip port from the url before constructing > + * the SPN. Chrome has an option > (<code>--enable-auth-negotiate-port</code>) > + * to include the port if it differs from <code>80</code> or > + * <code>443</code>. That behavior can be changed by setting the jmeter > + * property <code>kerberos.spnego.strip_port</code>. > + * > + * @param url to be checked > + * @return <code>true</code> when port should omitted in SPN > + */ > + private boolean isStripPort(URL url) { > + if (STRIP_PORT) { > + return true; > + } > + return (url.getPort() == HTTPConstants.DEFAULT_HTTP_PORT || > + url.getPort() == HTTPConstants.DEFAULT_HTTPS_PORT); > + } > + > /** {@inheritDoc} */ > @Override > public void testStarted() { > > Modified: jmeter/trunk/xdocs/changes.xml > URL: > http://svn.apache.org/viewvc/jmeter/trunk/xdocs/changes.xml?rev=1611785&r1=1611784&r2=1611785&view=diff > ============================================================================== > --- jmeter/trunk/xdocs/changes.xml (original) > +++ jmeter/trunk/xdocs/changes.xml Fri Jul 18 20:05:59 2014 > @@ -213,7 +213,7 @@ A workaround is to use a Java 7 update 4 > <h3>Timers, Assertions, Config, Pre- & Post-Processors</h3> > <ul> > <li><bugzilla>56691</bugzilla> - Synchronizing Timer : Add timeout on > waiting</li> > -<li><bugzilla>56701</bugzilla> - HTTP Authorization Manager/ Kerberos > Authentication: add port to SPN when server port is neither 80 nor 443</li> > +<li><bugzilla>56701</bugzilla> - HTTP Authorization Manager/ Kerberos > Authentication: add port to SPN when server port is neither 80 nor 443. Based > on patches from Dan Haughey (dan.haughey at swinton.co.uk) and Felix > Schumacher (felix.schumacher at internetallee.de)</li> > </ul> > > <h3>Functions</h3> > @@ -253,6 +253,8 @@ A workaround is to use a Java 7 update 4 > <li>Nicola Ambrosetti (ambrosetti.nicola at gmail.com)</li> > <li><a href="http://ubikloadpack.com";>Ubik Load Pack support</a></li> > <li>Mikhail Epikhin (epihin-m at yandex.ru)</li> > +<li>Dan Haughey (dan.haughey at swinton.co.uk)</li> > +<li>Felix Schumacher (felix.schumacher at internetallee.de)</li> > </ul> > > <br/> > > Modified: jmeter/trunk/xdocs/usermanual/component_reference.xml > URL: > http://svn.apache.org/viewvc/jmeter/trunk/xdocs/usermanual/component_reference.xml?rev=1611785&r1=1611784&r2=1611785&view=diff > ============================================================================== > --- jmeter/trunk/xdocs/usermanual/component_reference.xml (original) > +++ jmeter/trunk/xdocs/usermanual/component_reference.xml Fri Jul 18 20:05:59 > 2014 > @@ -3545,6 +3545,18 @@ You can also configure those two propert > Look at the two sample configuration files (krb5.conf and jaas.conf) located > in the jmeter bin folder for references to more documentation, and tweak them > to match > your Kerberos configuration. > </p> > +<p> > +When generating a SPN for Kerberos SPNEGO authentication IE and Firefox will > omit the port number > +from the url. Chrome has an option > (<code>--enable-auth-negotiate-port</code>) to include the port > +number if it differs from the standard ones (<code>80</code> and > <code>443</code>). That behavior > +can be emulated by setting the following jmeter property as below. > +<pre> > +In jmeter.properties or user.properties, set: > +<ul> > +<li>kerberos.spnego.strip_port=false</li> > +</ul> > +</pre> > +</p> > <br></br> > <b>Controls:</b> > <ul> > >
