Re: Provide auth username/password with system properties or environment?

[Shawn Heisey]

On 11/19/2015 3:03 AM, Oleg Kalnichevski wrote:
> On Wed, 2015-11-18 at 13:17 -0700, Shawn Heisey wrote:
>> In the meantime, I am hoping that there is a way that Solr users can
>> provide credentials to HttpClient via another means, like system
>> properties or environment variables.  Is there anything like that?
> Shawn
>
> One can always use a custom credentials provider instead of the default
> ones.
>
> http://hc.apache.org/httpcomponents-client-4.5.x/httpclient/xref/org/apache/http/impl/client/BasicCredentialsProvider.html
> http://hc.apache.org/httpcomponents-client-4.5.x/httpclient/xref/org/apache/http/impl/client/SystemDefaultCredentialsProvider.html

I'm hoping to give users of the existing code a way to provide
authentication details to HttpClient.  The users aren't creating Java
code, they are using bits that we provide -- a shell script or Windows
command script that executes a binary SolrCLI class.  That class
currently doesn't do anything with authentication.

>From what I can tell, there isn't a way, and users will need to wait for
us to extend our script and SolrCLI class to handle credentials.

Thanks,
Shawn


-
To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
For additional commands, e-mail: httpclient-users-h...@hc.apache.org

Re: Using kerberos + s4u2self/s4u2proxy + apache http client

[Marc Boorshtein]

>
> After you have successfully impersonated the user principal, perform your
HTTP request in a PriviledgedAction with Subject#doAs. That should do.
>
Thanks Micahael. Ill give this a try. Which kerberos server did you try
this against?  I tried using another example with red hats ipa (I think
it's built on MIT kerberos) and it didn't like the response tickets from
the kdc since there were no flags being set.