chemistry-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "krzysztoffzielinski@gmail.com"<krzysztoffzielin...@gmail.com>
Subject Re: SPNEGO Authentication Provider impl used with CMIS 1.1.0
Date Tue, 12 Sep 2017 08:31:56 GMT
Hello Florian

Thank you very much for your reply. I really appreciate this.

However, I don't have to authenticate the user as this was done by the upstream process. I
just need to pass the ticket down the stream (during call from standalone service to alfresco).
That is SSO.

the call conn.setRequestProperty(header.getKey(), value); is meant to add "Authorisation Negotiate"
header but it is loosing it. I suppose here is the problem.

Have you ever heard of this?

Kind Regards
Krzysztof

On 2017-09-11 22:09, Florian Müller <fmui@apache.org> wrote: 
> Hi,
> 
> SPNEGO is a little bit different than most other authentication mechanisms.
> 
> Please see the SPNEGO section on this web page:
> https://docs.oracle.com/javase/8/docs/technotes/guides/net/http-auth.html
> 
> 
> - Florian
> 
> 
> > I have Alfresco Core repository configured with SPNEGO authentication (Kerberos
SSO).
> > I am writing a service that talks to it using Apache Chemistry opencmis library
1.1.0. Cmis library requires me to provide custom authentication provider, but it drops the
Authorisation header I am adding(DefaultHttpInvoker.invoke() line:129). So far I came up with
following:
> > 
> > public class KerberosAuthProvider extends AbstractAuthenticationProvider {
> > 
> > @Override
> > public Map<String, List<String>> getHTTPHeaders(String url) {   
> >    try {        
> >              String authToken = ….  // generate token       
> >             Map<String, List<String>> headers = Maps.newHashMap(); 
                     
> >             headers.put("Authorization", Lists.newArrayList("Negotiate " + authToken));
      
> >             return headers;   
> >     } catch    (Exception ex) {       
> >                throw new IllegalStateException("Couldn't get token", ex);    }}
> >       }
> > 
> > Alfresco responds with following:
> > 
> > No Proxy-Authorization Header is present.
> > No Authorization Header is present.
> > 
> > I will appreciate any suggestions.
> > 
> 

Mime
View raw message