chemistry-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "krzysztoffzielinski@gmail.com"<krzysztoffzielin...@gmail.com>
Subject Re: SPNEGO Authentication Provider impl used with CMIS 1.1.0
Date Tue, 12 Sep 2017 09:39:29 GMT
To be more specific, the jdk low level class (HttpURLConnection) excludes "Authorization" header
for security reasons. So I can't be authorised to access alfresco.

So i dont know what does authentication provider is meant to do if JDK removes the header?

Kind Regards
Krzysztof

On 2017-09-11 22:09, Florian Müller <fmui@apache.org> wrote: 
> Hi,
> 
> SPNEGO is a little bit different than most other authentication mechanisms.
> 
> Please see the SPNEGO section on this web page:
> https://docs.oracle.com/javase/8/docs/technotes/guides/net/http-auth.html
> 
> 
> - Florian
> 
> 
> > I have Alfresco Core repository configured with SPNEGO authentication (Kerberos
SSO).
> > I am writing a service that talks to it using Apache Chemistry opencmis library
1.1.0. Cmis library requires me to provide custom authentication provider, but it drops the
Authorisation header I am adding(DefaultHttpInvoker.invoke() line:129). So far I came up with
following:
> > 
> > public class KerberosAuthProvider extends AbstractAuthenticationProvider {
> > 
> > @Override
> > public Map<String, List<String>> getHTTPHeaders(String url) {   
> >    try {        
> >              String authToken = ….  // generate token       
> >             Map<String, List<String>> headers = Maps.newHashMap(); 
                     
> >             headers.put("Authorization", Lists.newArrayList("Negotiate " + authToken));
      
> >             return headers;   
> >     } catch    (Exception ex) {       
> >                throw new IllegalStateException("Couldn't get token", ex);    }}
> >       }
> > 
> > Alfresco responds with following:
> > 
> > No Proxy-Authorization Header is present.
> > No Authorization Header is present.
> > 
> > I will appreciate any suggestions.
> > 
> 

Mime
View raw message