On 22. Juli 2014 16:50:20 MESZ, sebb <[email protected]> wrote: >On 18 July 2014 21:06, <[email protected]> wrote: >> Author: pmouawad >> Date: Fri Jul 18 20:05:59 2014 >> New Revision: 1611785 >> >> URL: http://svn.apache.org/r1611785 >> Log: >> Bug 56701 - HTTP Authorization Manager/ Kerberos Authentication: add >port to SPN when server port is neither 80 nor 443 >> Add a jmeter property to control behaviour. >> By default strip port. > >-1. > >As far as I can tell, the patch changes the default behaviour. >The default should be changed, e.g. by setting STRIP_PORT to false by >default.
The default was (and should be) to strip ports. I have tested spnego with default option and it worked. Why do you think the default behavior was changed by this commit? Regards Felix > >> Bugzilla Id: 56701 >> >> Modified: >> jmeter/trunk/bin/jmeter.properties >> >jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java >> jmeter/trunk/xdocs/changes.xml >> jmeter/trunk/xdocs/usermanual/component_reference.xml >> >> Modified: jmeter/trunk/bin/jmeter.properties >> URL: >http://svn.apache.org/viewvc/jmeter/trunk/bin/jmeter.properties?rev=1611785&r1=1611784&r2=1611785&view=diff >> >============================================================================== >> --- jmeter/trunk/bin/jmeter.properties (original) >> +++ jmeter/trunk/bin/jmeter.properties Fri Jul 18 20:05:59 2014 >> @@ -337,7 +337,11 @@ log_level.jorphan=INFO >> >> # AuthManager Kerberos configuration >> # Name of application module used in jaas.conf >> -#kerberos_jaas_application=JMeter >> +#kerberos_jaas_application=JMeter >> + >> +# Should ports be stripped from urls before constructing SPNs >> +# for spnego authentication >> +#kerberos.spnego.strip_port=true >> >> # Sample logging levels for Commons HttpClient >> # >> @@ -962,8 +966,8 @@ beanshell.server.file=../extras/startup. >> #jsyntaxtextarea.maxundos=50 >> >> # Maximum size of HTML page that can be displayed; default=200 * >1024 >> -# Set to 0 to disable the size check >> -#view.results.tree.max_size=0 >> +# Set to 0 to disable the size check and display the whole response >> +#view.results.tree.max_size=204800 >> >> # Order of Renderers in View Results Tree >> # Note full class names should be used for non jmeter core renderers >> >> Modified: >jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java >> URL: >http://svn.apache.org/viewvc/jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java?rev=1611785&r1=1611784&r2=1611785&view=diff >> >============================================================================== >> --- >jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java >(original) >> +++ >jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java >Fri Jul 18 20:05:59 2014 >> @@ -96,6 +96,9 @@ public class AuthManager extends ConfigT >> >> private static final boolean DEFAULT_CLEAR_VALUE = false; >> >> + /** Decides whether port should be omitted from SPN for kerberos >spnego authentication */ >> + private static final boolean STRIP_PORT = >JMeterUtils.getPropDefault("kerberos.spnego.strip_port", true); >> + >> public enum Mechanism { >> BASIC_DIGEST, KERBEROS; >> } >> @@ -392,8 +395,7 @@ public class AuthManager extends ConfigT >> log.debug(username + " > D="+domain+" R="+realm + " >M="+auth.getMechanism()); >> } >> if (Mechanism.KERBEROS.equals(auth.getMechanism())) { >> - boolean stripPort = (url.getPort() == >HTTPConstants.DEFAULT_HTTP_PORT || url.getPort() == >HTTPConstants.DEFAULT_HTTPS_PORT); >> - ((AbstractHttpClient) >client).getAuthSchemes().register(AuthPolicy.SPNEGO, new >SPNegoSchemeFactory(stripPort)); >> + ((AbstractHttpClient) >client).getAuthSchemes().register(AuthPolicy.SPNEGO, new >SPNegoSchemeFactory(isStripPort(url))); >> credentialsProvider.setCredentials(new >AuthScope(null, -1, null), USE_JAAS_CREDENTIALS); >> } else { >> credentialsProvider.setCredentials( >> @@ -403,6 +405,24 @@ public class AuthManager extends ConfigT >> } >> } >> >> + /** >> + * IE and Firefox will always strip port from the url before >constructing >> + * the SPN. Chrome has an option >(<code>--enable-auth-negotiate-port</code>) >> + * to include the port if it differs from <code>80</code> or >> + * <code>443</code>. That behavior can be changed by setting the >jmeter >> + * property <code>kerberos.spnego.strip_port</code>. >> + * >> + * @param url to be checked >> + * @return <code>true</code> when port should omitted in SPN >> + */ >> + private boolean isStripPort(URL url) { >> + if (STRIP_PORT) { >> + return true; >> + } >> + return (url.getPort() == HTTPConstants.DEFAULT_HTTP_PORT || >> + url.getPort() == HTTPConstants.DEFAULT_HTTPS_PORT); >> + } >> + >> /** {@inheritDoc} */ >> @Override >> public void testStarted() { >> >> Modified: jmeter/trunk/xdocs/changes.xml >> URL: >http://svn.apache.org/viewvc/jmeter/trunk/xdocs/changes.xml?rev=1611785&r1=1611784&r2=1611785&view=diff >> >============================================================================== >> --- jmeter/trunk/xdocs/changes.xml (original) >> +++ jmeter/trunk/xdocs/changes.xml Fri Jul 18 20:05:59 2014 >> @@ -213,7 +213,7 @@ A workaround is to use a Java 7 update 4 >> <h3>Timers, Assertions, Config, Pre- & Post-Processors</h3> >> <ul> >> <li><bugzilla>56691</bugzilla> - Synchronizing Timer : Add timeout >on waiting</li> >> -<li><bugzilla>56701</bugzilla> - HTTP Authorization Manager/ >Kerberos Authentication: add port to SPN when server port is neither 80 >nor 443</li> >> +<li><bugzilla>56701</bugzilla> - HTTP Authorization Manager/ >Kerberos Authentication: add port to SPN when server port is neither 80 >nor 443. Based on patches from Dan Haughey (dan.haughey at >swinton.co.uk) and Felix Schumacher (felix.schumacher at >internetallee.de)</li> >> </ul> >> >> <h3>Functions</h3> >> @@ -253,6 +253,8 @@ A workaround is to use a Java 7 update 4 >> <li>Nicola Ambrosetti (ambrosetti.nicola at gmail.com)</li> >> <li><a href="http://ubikloadpack.com";>Ubik Load Pack >support</a></li> >> <li>Mikhail Epikhin (epihin-m at yandex.ru)</li> >> +<li>Dan Haughey (dan.haughey at swinton.co.uk)</li> >> +<li>Felix Schumacher (felix.schumacher at internetallee.de)</li> >> </ul> >> >> <br/> >> >> Modified: jmeter/trunk/xdocs/usermanual/component_reference.xml >> URL: >http://svn.apache.org/viewvc/jmeter/trunk/xdocs/usermanual/component_reference.xml?rev=1611785&r1=1611784&r2=1611785&view=diff >> >============================================================================== >> --- jmeter/trunk/xdocs/usermanual/component_reference.xml (original) >> +++ jmeter/trunk/xdocs/usermanual/component_reference.xml Fri Jul 18 >20:05:59 2014 >> @@ -3545,6 +3545,18 @@ You can also configure those two propert >> Look at the two sample configuration files (krb5.conf and jaas.conf) >located in the jmeter bin folder for references to more documentation, >and tweak them to match >> your Kerberos configuration. >> </p> >> +<p> >> +When generating a SPN for Kerberos SPNEGO authentication IE and >Firefox will omit the port number >> +from the url. Chrome has an option >(<code>--enable-auth-negotiate-port</code>) to include the port >> +number if it differs from the standard ones (<code>80</code> and ><code>443</code>). That behavior >> +can be emulated by setting the following jmeter property as below. >> +<pre> >> +In jmeter.properties or user.properties, set: >> +<ul> >> +<li>kerberos.spnego.strip_port=false</li> >> +</ul> >> +</pre> >> +</p> >> <br></br> >> <b>Controls:</b> >> <ul> >> >>
