chemistry-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Florian Müller <f...@apache.org>
Subject Re: SPNEGO Authentication Provider impl used with CMIS 1.1.0
Date Fri, 15 Sep 2017 19:46:45 GMT
Hi Krzysztof,

you can set "Authorization" header in the authentication provider. The
StandardAuthenticationProvider does exactly this for basic auth.

To use the "Proxy-Authorization" header, extend the
StandardAuthenticationProvider instead of the
AbstractAuthenticationProvider.


- Florian


Am 12.09.2017 um 11:39 schrieb krzysztoffzielinski@gmail.com:
> To be more specific, the jdk low level class (HttpURLConnection) excludes "Authorization"
header for security reasons. So I can't be authorised to access alfresco.
> 
> So i dont know what does authentication provider is meant to do if JDK removes the header?
> 
> Kind Regards
> Krzysztof
> 
> On 2017-09-11 22:09, Florian Müller <fmui@apache.org> wrote: 
>> Hi,
>>
>> SPNEGO is a little bit different than most other authentication mechanisms.
>>
>> Please see the SPNEGO section on this web page:
>> https://docs.oracle.com/javase/8/docs/technotes/guides/net/http-auth.html
>>
>>
>> - Florian
>>
>>
>>> I have Alfresco Core repository configured with SPNEGO authentication (Kerberos
SSO).
>>> I am writing a service that talks to it using Apache Chemistry opencmis library
1.1.0. Cmis library requires me to provide custom authentication provider, but it drops the
Authorisation header I am adding(DefaultHttpInvoker.invoke() line:129). So far I came up with
following:
>>>
>>> public class KerberosAuthProvider extends AbstractAuthenticationProvider {
>>>
>>> @Override
>>> public Map<String, List<String>> getHTTPHeaders(String url) {   
>>>    try {        
>>>              String authToken = ….  // generate token       
>>>             Map<String, List<String>> headers = Maps.newHashMap();
                      
>>>             headers.put("Authorization", Lists.newArrayList("Negotiate " + authToken));
      
>>>             return headers;   
>>>     } catch    (Exception ex) {       
>>>                throw new IllegalStateException("Couldn't get token", ex);   
}}
>>>       }
>>>
>>> Alfresco responds with following:
>>>
>>> No Proxy-Authorization Header is present.
>>> No Authorization Header is present.
>>>
>>> I will appreciate any suggestions.
>>>
>>

Mime
View raw message