Hi Roman,
When you take someone else's code and modify it, you might want to look
at the beginning of the file (or the licence file), especially when you
post a file to a public mailing list and thus have no chance of being
able to amend it once archived:
Copyright (c) 2008, The University of Manchester, United Kingdom.
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
* Neither the name of the The University of Manchester nor the names of
its contributors may be used to endorse or promote products derived
from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
This being said, I'm glad you found it useful. In principle, I'm in
favour of including it into the Restlet code. However, the reason I
published it separately in the first place was because it was a small
prototype and I felt this feature should be part of a wider rethink of
the Guard-related classes. This is an objective that Jerome set for
Restlet 1.2, so let's wait for 1.1 final first, although of course we
can already start to talk about it and experiment with new features.
Cheers,
Bruno.
Roman Geus wrote:
Hi Stephan
The NegotiateFilter, together with an example client and server is
attached to this post.
You are free to add this code to the Restlet codebase if you find it
useful. Since I borrowed some ideas and code from Bruno Harbulot's
SpnegoFilter, he should be consulted as well. Also IMHO more testing is
needed.
The README file:
NegotiateFilter is a Restlet filter that implements Negotiate and Basic
authentication on both the client and the server side. The server
accepts both
SPNEGO and Kerberos v5 GSSAPI tokens.
It comes with a runnable test client and test server.
The code has only been tested in a Windows Active Directory
environment but
should work with any Kerberos v5 infrastructure.
The code has been tested with Restlet 1.1rc1 with a patched version of
the
com.noelios.restlet.authentication.AuthenticationUtils.parseAuthenticateHeader()
method (see mailing list).
The jaas.conf file and the some constants in ExampleClient.java and
some system
properties contain site-specific information and need to be adjusted.
Also a working keytab file and krb5.conf file (or similar) are needed.
See the *.launch file for information how to set the system properties.
NegotiateFilter is based on Bruno Harbulot's SpnegoFilter.
Roman Geus
Cheers,
Roman
