cxf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dmansfield <...@git.apache.org>
Subject [GitHub] cxf pull request: Implement optional hostname canonicalization for...
Date Fri, 04 Sep 2015 14:12:54 GMT
GitHub user dmansfield opened a pull request:

    https://github.com/apache/cxf/pull/84

    Implement optional hostname canonicalization for kerberos (SPNEGO)

    This commit implements an additional property,
    useCanonicalHostname, which is supported by the AbstractSpnegoAuthSupplier,
    and therefore available to SpnegoAuthSupplier and
    KerberosAuthOutInterceptor.
    
    The default behavior is not modified.  If useCanonicalHostname is set,
    then the service principal will be created using the canonical name of the
    remote host.
    
    For example, if there is a CNAME DNS record for host.example.com which
    refers to an A record host-a-b-c.example.com, the default behavior would
    be to generate a service principal HTTP/host.example.com. When
    useCanonicalHostname is set to true, the service principal would be HTTP/
    host-a-b-c.example.com. Most browsers and many other HTTP user agents
    perform this kind of canonicalization.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/dmansfield/cxf kerberos-canonicalize-hostname

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/cxf/pull/84.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #84
    
----
commit dfa59762b50f26263716bae769bc4078d4059c37
Author: David Mansfield <david@orthanc.cobite.com>
Date:   2015-09-04T14:00:39Z

    Implement optional hostname canonicalization for kerberos (SPNEGO)
    
    This commit implements an additional property,
    useCanonicalHostname, which is supported by the AbstractSpnegoAuthSupplier,
    and therefore available to SpnegoAuthSupplier and
    KerberosAuthOutInterceptor.
    
    The default behavior is not modified.  If useCanonicalHostname is set,
    then the service principal will be created using the canonical name of the
    remote host.
    
    For example, if there is a CNAME DNS record for host.example.com which
    refers to an A record host-a-b-c.example.com, the default behavior would
    be to generate a service principal HTTP/host.example.com. When
    useCanonicalHostname is set to true, the service principal would be HTTP/
    host-a-b-c.example.com. Most browsers and many other HTTP user agents
    perform this kind of canonicalization.

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

Mime
View raw message