Hi StephanThe NegotiateFilter, together with an example client and server is attached to this post.
You are free to add this code to the Restlet codebase if you find it useful. Since I borrowed some ideas and code from Bruno Harbulot's SpnegoFilter, he should be consulted as well. Also IMHO more testing is needed.
The README file:
NegotiateFilter is a Restlet filter that implements Negotiate and Basicauthentication on both the client and the server side. The server accepts bothSPNEGO and Kerberos v5 GSSAPI tokens. It comes with a runnable test client and test server.The code has only been tested in a Windows Active Directory environment butshould work with any Kerberos v5 infrastructure. The code has been tested with Restlet 1.1rc1 with a patched version of thecom.noelios.restlet.authentication.AuthenticationUtils.parseAuthenticateHeader()method (see mailing list).The jaas.conf file and the some constants in ExampleClient.java and some systemproperties contain site-specific information and need to be adjusted. Also a working keytab file and krb5.conf file (or similar) are needed. See the *.launch file for information how to set the system properties. NegotiateFilter is based on Bruno Harbulot's SpnegoFilter. Roman Geus
Cheers, Roman Stephan Koops wrote:
Hi Roman,cool. Could you share the full filter class(es?) to be added to the Restlet API?best regards Stephan Roman Geus schrieb:Hi allI have been working on a Filter that implements client and server side HTTP Negotiate and Basic authentication. The code is based on Bruno Harbulot's nice SpnegoFilter.Everything works fine so far. However to get the client-side authentication working I had to change the parseAuthenticateHeader() method in the com.noelios.restlet.authentication.AuthenticationUtils class a bit.The original implementation (version 1.1rc1) fails to locate the correct AuthenticationHelper, if the realm parameter is missing in the authenticate header, as e.g. for the Negotiate scheme.Would it be possible to fix for this problem? The diff for my quick fix is attached. Best regards, Roman
negotiatefilter_example.tar.gz
Description: GNU Zip compressed data