hc-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ol...@apache.org
Subject svn commit: r818601 - in /httpcomponents/httpclient/trunk: ./ httpclient/src/main/java/org/apache/http/auth/params/ httpclient/src/main/java/org/apache/http/client/params/ httpclient/src/main/java/org/apache/http/client/protocol/ httpclient/src/main/ja...
Date Thu, 24 Sep 2009 19:35:15 GMT
Author: olegk
Date: Thu Sep 24 19:35:03 2009
New Revision: 818601

URL: http://svn.apache.org/viewvc?rev=818601&view=rev
Log:
* Added HTTP parameters to define the order of preference for supported auth schemes for target
host and proxy authentication
* Added SPNEGO auth policy

Modified:
    httpcomponents/httpclient/trunk/RELEASE_NOTES.txt
    httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/auth/params/AuthPNames.java
    httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/client/params/AuthPolicy.java
    httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/client/protocol/ClientContext.java
    httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/client/AbstractAuthenticationHandler.java
    httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/client/DefaultProxyAuthenticationHandler.java
    httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/client/DefaultTargetAuthenticationHandler.java
    httpcomponents/httpclient/trunk/src/docbkx/authentication.xml

Modified: httpcomponents/httpclient/trunk/RELEASE_NOTES.txt
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/RELEASE_NOTES.txt?rev=818601&r1=818600&r2=818601&view=diff
==============================================================================
--- httpcomponents/httpclient/trunk/RELEASE_NOTES.txt (original)
+++ httpcomponents/httpclient/trunk/RELEASE_NOTES.txt Thu Sep 24 19:35:03 2009
@@ -1,6 +1,10 @@
 Changes since 4.0
 -------------------
 
+* Added parameters to define the order of preference for supported auth 
+  schemes for target host and proxy authentication.
+  Contributed by Oleg Kalnichevski <olegk at apache.org>
+
 * [HTTPCLIENT-875] DefaultClientConnectionOperator#openConnection doesn't 
   update the connection state if the connection socket changed after 
   the call to SocketFactory#connectSocket().

Modified: httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/auth/params/AuthPNames.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/auth/params/AuthPNames.java?rev=818601&r1=818600&r2=818601&view=diff
==============================================================================
--- httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/auth/params/AuthPNames.java
(original)
+++ httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/auth/params/AuthPNames.java
Thu Sep 24 19:35:03 2009
@@ -27,6 +27,8 @@
 
 package org.apache.http.auth.params;
 
+import org.apache.http.auth.AuthScheme;
+
 /**
  * Parameter names for HTTP authentication classes.
  * 
@@ -42,4 +44,26 @@
      */
     public static final String CREDENTIAL_CHARSET = "http.auth.credential-charset"; 
 
+    /**
+     * Defines the order of preference for supported {@link AuthScheme}s when 
+     * authenticating with the target host. 
+     * <p>
+     * This parameter expects a value of type {@link java.util.Collection}. The 
+     * collection is expected to contain {@link String} instances representing 
+     * a name of an authentication scheme as returned by 
+     * {@link AuthScheme#getSchemeName()}. 
+     */
+    public static final String TARGET_AUTH_PREF = "http.auth.target-scheme-pref"; 
+
+    /**
+     * Defines the order of preference for supported {@link AuthScheme}s when 
+     * authenticating with the proxy host. 
+     * <p>
+     * This parameter expects a value of type {@link java.util.Collection}. The 
+     * collection is expected to contain {@link String} instances representing 
+     * a name of an authentication scheme as returned by 
+     * {@link AuthScheme#getSchemeName()}. 
+     */
+    public static final String PROXY_AUTH_PREF = "http.auth.proxy-scheme-pref"; 
+
 }

Modified: httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/client/params/AuthPolicy.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/client/params/AuthPolicy.java?rev=818601&r1=818600&r2=818601&view=diff
==============================================================================
--- httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/client/params/AuthPolicy.java
(original)
+++ httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/client/params/AuthPolicy.java
Thu Sep 24 19:35:03 2009
@@ -59,4 +59,11 @@
      */
     public static final String BASIC = "Basic";
     
+    /** 
+     * SPNEGO/Kerberos Authentication scheme.
+     * 
+     * @since 4.1
+     */
+    public static final String SPNEGO = "negotiate";
+    
 }

Modified: httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/client/protocol/ClientContext.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/client/protocol/ClientContext.java?rev=818601&r1=818600&r2=818601&view=diff
==============================================================================
--- httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/client/protocol/ClientContext.java
(original)
+++ httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/client/protocol/ClientContext.java
Thu Sep 24 19:35:03 2009
@@ -89,8 +89,9 @@
     public static final String PROXY_AUTH_STATE      = "http.auth.proxy-scope";
 
     /**
-     * RESERVED. DO NOT USE!!!
+     * @deprecated do not use
      */
+    @Deprecated
     public static final String AUTH_SCHEME_PREF      = "http.auth.scheme-pref";
     
     /**

Modified: httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/client/AbstractAuthenticationHandler.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/client/AbstractAuthenticationHandler.java?rev=818601&r1=818600&r2=818601&view=diff
==============================================================================
--- httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/client/AbstractAuthenticationHandler.java
(original)
+++ httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/client/AbstractAuthenticationHandler.java
Thu Sep 24 19:35:03 2009
@@ -35,18 +35,18 @@
 import java.util.Locale;
 import java.util.Map;
 
-import org.apache.http.annotation.Immutable;
-
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
 import org.apache.http.FormattedHeader;
 import org.apache.http.Header;
 import org.apache.http.HttpResponse;
+import org.apache.http.annotation.Immutable;
 import org.apache.http.auth.AuthScheme;
 import org.apache.http.auth.AuthSchemeRegistry;
 import org.apache.http.auth.AuthenticationException;
 import org.apache.http.auth.MalformedChallengeException;
 import org.apache.http.client.AuthenticationHandler;
+import org.apache.http.client.params.AuthPolicy;
 import org.apache.http.client.protocol.ClientContext;
 import org.apache.http.protocol.HTTP;
 import org.apache.http.protocol.HttpContext;
@@ -64,9 +64,10 @@
     
     private static final List<String> DEFAULT_SCHEME_PRIORITY = 
         Collections.unmodifiableList(Arrays.asList(new String[] {
-            "ntlm",
-            "digest",
-            "basic"
+                AuthPolicy.SPNEGO,
+                AuthPolicy.NTLM,
+                AuthPolicy.DIGEST,
+                AuthPolicy.BASIC
     }));
     
     public AbstractAuthenticationHandler() {
@@ -106,11 +107,31 @@
         return map;
     }
     
+    /**
+     * Returns default list of auth scheme names in their order of preference.
+     * 
+     * @return list of auth scheme names
+     */
     protected List<String> getAuthPreferences() {
         return DEFAULT_SCHEME_PRIORITY;
     }
     
-	public AuthScheme selectScheme(
+    /**
+     * Returns default list of auth scheme names in their order of preference
+     * based on the HTTP response and the current execution context.
+     * 
+     * @param response HTTP response.
+     * @param context HTTP execution context.
+     * 
+     * @since 4.1
+     */
+    protected List<String> getAuthPreferences(
+            final HttpResponse response, 
+            final HttpContext context) {
+        return getAuthPreferences();
+    }
+    
+    public AuthScheme selectScheme(
             final Map<String, Header> challenges, 
             final HttpResponse response,
             final HttpContext context) throws AuthenticationException {
@@ -121,11 +142,9 @@
             throw new IllegalStateException("AuthScheme registry not set in HTTP context");
         }
         
-        @SuppressWarnings("unchecked")
-        Collection<String> authPrefs = (Collection<String>) context.getAttribute(
-                ClientContext.AUTH_SCHEME_PREF);
+        Collection<String> authPrefs = getAuthPreferences(response, context);
         if (authPrefs == null) {
-            authPrefs = getAuthPreferences();
+            authPrefs = DEFAULT_SCHEME_PRIORITY;
         }
         
         if (this.log.isDebugEnabled()) {

Modified: httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/client/DefaultProxyAuthenticationHandler.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/client/DefaultProxyAuthenticationHandler.java?rev=818601&r1=818600&r2=818601&view=diff
==============================================================================
--- httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/client/DefaultProxyAuthenticationHandler.java
(original)
+++ httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/client/DefaultProxyAuthenticationHandler.java
Thu Sep 24 19:35:03 2009
@@ -27,6 +27,7 @@
 
 package org.apache.http.impl.client;
 
+import java.util.List;
 import java.util.Map;
 
 import org.apache.http.annotation.Immutable;
@@ -36,6 +37,7 @@
 import org.apache.http.HttpStatus;
 import org.apache.http.auth.AUTH;
 import org.apache.http.auth.MalformedChallengeException;
+import org.apache.http.auth.params.AuthPNames;
 import org.apache.http.client.AuthenticationHandler;
 import org.apache.http.protocol.HttpContext;
 
@@ -72,4 +74,18 @@
         return parseChallenges(headers);
     }
 
+    @Override
+    protected List<String> getAuthPreferences(
+            final HttpResponse response, 
+            final HttpContext context) {
+        @SuppressWarnings("unchecked")
+        List<String> authpref = (List<String>) response.getParams().getParameter(
+                AuthPNames.PROXY_AUTH_PREF);
+        if (authpref != null) {
+            return authpref;
+        } else {
+            return super.getAuthPreferences(response, context);
+        }
+    }
+    
 }

Modified: httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/client/DefaultTargetAuthenticationHandler.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/client/DefaultTargetAuthenticationHandler.java?rev=818601&r1=818600&r2=818601&view=diff
==============================================================================
--- httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/client/DefaultTargetAuthenticationHandler.java
(original)
+++ httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/impl/client/DefaultTargetAuthenticationHandler.java
Thu Sep 24 19:35:03 2009
@@ -27,6 +27,7 @@
 
 package org.apache.http.impl.client;
 
+import java.util.List;
 import java.util.Map;
 
 import org.apache.http.annotation.Immutable;
@@ -36,6 +37,7 @@
 import org.apache.http.HttpStatus;
 import org.apache.http.auth.AUTH;
 import org.apache.http.auth.MalformedChallengeException;
+import org.apache.http.auth.params.AuthPNames;
 import org.apache.http.client.AuthenticationHandler;
 import org.apache.http.protocol.HttpContext;
 
@@ -72,4 +74,19 @@
         return parseChallenges(headers);
     }
 
+    @Override
+    protected List<String> getAuthPreferences(
+            final HttpResponse response, 
+            final HttpContext context) {
+        @SuppressWarnings("unchecked")
+        List<String> authpref = (List<String>) response.getParams().getParameter(
+                AuthPNames.TARGET_AUTH_PREF);
+        if (authpref != null) {
+            return authpref;
+        } else {
+            return super.getAuthPreferences(response, context);
+        }
+    }
+    
 }
+

Modified: httpcomponents/httpclient/trunk/src/docbkx/authentication.xml
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/src/docbkx/authentication.xml?rev=818601&r1=818600&r2=818601&view=diff
==============================================================================
--- httpcomponents/httpclient/trunk/src/docbkx/authentication.xml (original)
+++ httpcomponents/httpclient/trunk/src/docbkx/authentication.xml Thu Sep 24 19:35:03 2009
@@ -103,8 +103,8 @@
                         those applications that do not want the overhead of full transport
security
                         through TLS/SSL encryption.</para>
                 </formalpara>
-            <listitem>
             </listitem>
+            <listitem>
                 <formalpara>
                     <title>NTLM:</title>
                     <para>NTLM is a proprietary authentication scheme developed by
Microsoft and
@@ -130,8 +130,8 @@
                         If this parameter is not set HttpClient will handle authentication
                         automatically.</para>
                 </formalpara>
-            <listitem>
             </listitem>
+            <listitem>
                 <formalpara>
                     <title>'http.auth.credential-charset':</title>
                     <para>defines the charset to be used when encoding user credentials.
This
@@ -139,7 +139,41 @@
                         this parameter is not set <literal>US-ASCII</literal>
will be used.</para>
                 </formalpara>
             </listitem>
+            <listitem>
+                <formalpara>
+                    <title>'http.auth.target-scheme-pref':</title>
+                    <para>Defines the order of preference for supported
+                            <interfacename>AuthScheme</interfacename>s when authenticating
with the
+                        target host. This parameter expects a value of type
+                            <interface>java.util.Collection</interface>. The
collection is expected
+                        to contain <classname>java.lang.String</classname> instances
representing a
+                        name of an authentication scheme as returned by
+                            <methodname>AuthScheme#getSchemeName()</methodname></para>
+                </formalpara>
+            </listitem>
+            <listitem>
+                <formalpara>
+                    <title>'http.auth.proxy-scheme-pref':</title>
+                    <para>Defines the order of preference for supported
+                            <interfacename>AuthScheme</interfacename>s when authenticating
with the
+                        proxy host. This parameter expects a value of type
+                            <interface>java.util.Collection</interface>. The
collection is expected
+                        to contain <classname>java.lang.String</classname> instances
representing a
+                        name of an authentication scheme as returned by
+                            <methodname>AuthScheme#getSchemeName()</methodname></para>
+                </formalpara>
+            </listitem>
         </itemizedlist>
+        <para>For example, one can force HttpClient to use a different order of preference
for
+            authentication schemes</para>
+        <programlisting><![CDATA[
+DefaultHttpClient httpclient = new DefaultHttpClient(ccm, params);
+// Choose BASIC over DIGEST for proxy authentication
+List<String> authpref = new ArrayList<String>();
+authpref.add(AuthPolicy.BASIC);
+authpref.add(AuthPolicy.DIGEST);
+httpclient.getParams().setParameter(AuthPNames.PROXY_AUTH_PREF, authpref);
+]]></programlisting>
     </section>
     <section>
         <title>Authentication scheme registry</title>
@@ -332,44 +366,59 @@
 
     <section>
         <title><literal>SPNEGO</literal>/Kerberos Authentication</title>
-        <para><literal>SPNEGO</literal> (<emphasis>S</emphasis>imple
and <emphasis>P</emphasis>rotected <literal>GSSAPI</literal>
-<emphasis>Nego</emphasis>tiation Mechanism) is designed to allow for authentication
-to services when neither end knows what the other can use/provide. It is most
-commonly used to do Kerberos authentication. It can wrap other mechanisms, however
-the current version in HTTPClient is designed solely with Kerberos in mind. The image below
shows a simple authentication process.
-        </para>
+        <para><literal>SPNEGO</literal> (<emphasis>S</emphasis>imple
and
+            <emphasis>P</emphasis>rotected <literal>GSSAPI</literal>
+            <emphasis>Nego</emphasis>tiation Mechanism) is designed to allow
for authentication to
+            services when neither end knows what the other can use/provide. It is most commonly
used
+            to do Kerberos authentication. It can wrap other mechanisms, however the current
version
+            in HTTPClient is designed solely with Kerberos in mind. The image below shows
a simple
+            authentication process. </para>
         <mediaobject>
             <imageobject>
-                <imagedata fileref=".//images/SPNEGO_cropped.png" />
+                <imagedata fileref=".//images/SPNEGO_cropped.png"/>
             </imageobject>
         </mediaobject>
-      	<sidebar>
-        <para>1. Client Web Browser does HTTP GET for resource.</para>
-        <para>2. Web server returns HTTP 401 status and a header: &quot;WWW-Authenticate:
Negotiate</para>
-        <para>3. Client generates a NegTokenInit, base64 encodes it, and resubmits
the GET with an Authorization header: &quot;Authorization: Negotiate &lt;base64 encoding&gt;&quot;.</para>
-        <para>4. Server decodes the NegTokenInit, extracts the supported MechTypes
(only Kerberos V5 in our case), ensures it is one of the expected ones, and then extracts
the MechToken (Kerberos Token) and authenticates it.</para>
-        <para>4a. If more processing is required another HTTP 401 is returned to the
client with more data in the the WWW-Authenticate header. Client takes the info and generates
another token passing this back in the Authorization header.... until complete.</para>
-        <para>5. When the client has been authenticated the Web server should return
the HTTP 200 status, a final WWW-Authenticate header and the page content.</para>
+        <sidebar>
+            <para>1. Client Web Browser does HTTP GET for resource.</para>
+            <para>2. Web server returns HTTP 401 status and a header: &quot;WWW-Authenticate:
+                Negotiate</para>
+            <para>3. Client generates a NegTokenInit, base64 encodes it, and resubmits
the GET with
+                an Authorization header: &quot;Authorization: Negotiate &lt;base64
+                encoding&gt;&quot;.</para>
+            <para>4. Server decodes the NegTokenInit, extracts the supported MechTypes
(only
+                Kerberos V5 in our case), ensures it is one of the expected ones, and then
extracts
+                the MechToken (Kerberos Token) and authenticates it.</para>
+            <para>4a. If more processing is required another HTTP 401 is returned to
the client with
+                more data in the the WWW-Authenticate header. Client takes the info and generates
+                another token passing this back in the Authorization header.... until
+                complete.</para>
+            <para>5. When the client has been authenticated the Web server should return
the HTTP
+                200 status, a final WWW-Authenticate header and the page content.</para>
         </sidebar>
         <section>
             <title>HTTPClient Implementation</title>
 
             <para>Supports Sun Java versions 1.5 and up.</para>
-            <para>The JRE provides the supporting classes to do nearly all the kerberos
and SPNEGO token handling. This means that a lot of the setup
-is for the GSS classes. The NegotiateScheme is a simple class to handle marshalling the tokens
and reading and writing the correct headers.</para>
+            <para>The JRE provides the supporting classes to do nearly all the kerberos
and SPNEGO
+                token handling. This means that a lot of the setup is for the GSS classes.
The
+                NegotiateScheme is a simple class to handle marshalling the tokens and reading
and
+                writing the correct headers.</para>
         </section>
         <section>
             <title>Usage.</title>
 
-            <para>The best way to start is to grab the KerberosHttpClient.java file
in examples and try and get it to work.
-There are a lot of issues that can happen but if lucky it'll work without too much problem.
It should also
-provide some output to debug with.</para>
-
-            <para>In windows it should default to using the logged in credentials,
this
-can be overridden by using 'kinit' e.g. <literal>$JAVA_HOME\bin\kinit testuser@AD.EXAMPLE.NET</literal>,
which is very
-helpful for testing and debugging issues. Remove the cache file created to revert back to
the windows
-Kerberos cache.</para>
-            <para>Make sure to list domain_realms in the krb5.conf file. This is a
major source of problems.</para>
+            <para>The best way to start is to grab the KerberosHttpClient.java file
in examples and
+                try and get it to work. There are a lot of issues that can happen but if
lucky it'll
+                work without too much problem. It should also provide some output to debug
+                with.</para>
+
+            <para>In windows it should default to using the logged in credentials,
this can be
+                overridden by using 'kinit' e.g. <literal>$JAVA_HOME\bin\kinit
+                    testuser@AD.EXAMPLE.NET</literal>, which is very helpful for testing
and
+                debugging issues. Remove the cache file created to revert back to the windows
+                Kerberos cache.</para>
+            <para>Make sure to list domain_realms in the krb5.conf file. This is a
major source of
+                problems.</para>
         </section>
         <section>
             <title>NegotiateSchemeFactory Class</title>
@@ -379,35 +428,44 @@
         <section>
             <title>setStripPort(boolean)</title>
 
-            <para>Strips the port off service names e.g. HTTP/webserver.ad.example.net:8080
-> HTTP/webserver.ad.example.net</para>
+            <para>Strips the port off service names e.g. HTTP/webserver.ad.example.net:8080
->
+                HTTP/webserver.ad.example.net</para>
 
             <para>Found it useful when using JbossNegotiation.</para>
         </section>
         <section>
             <title> setSpnegoCreate(boolean)</title>
 
-            <para>If using Java 1.5 or a Kerberos ticket an attempt will be made to
wrap it up into a SPNEGO token. Again for JbossNegotiation. II7 accepts plain Kerberos tickets.</para>
+            <para>If using Java 1.5 or a Kerberos ticket an attempt will be made to
wrap it up into
+                a SPNEGO token. Again for JbossNegotiation. II7 accepts plain Kerberos
+                tickets.</para>
         </section>
         <section>
             <title>setSpengoGenerator(SpnegoTokenGenerator)</title>
 
-            <para>Inject a custom SpnegoTokenGenerator class to do the Kerberos to
SPNEGO token wrapping. BouncySpnegoTokenGenerator example
-is provided. This requires the BouncyCastle libs <ulink url="http://www.bouncycastle.org/java.html">"http://www.bouncycastle.org/java.html"</ulink>
-</para>
+            <para>Inject a custom SpnegoTokenGenerator class to do the Kerberos to
SPNEGO token
+                wrapping. BouncySpnegoTokenGenerator example is provided. This requires the
+                BouncyCastle libs <ulink url="http://www.bouncycastle.org/java.html"
+                    >"http://www.bouncycastle.org/java.html"</ulink>
+            </para>
         </section>
         <section>
             <title>GSS/Java Kerberos Setup.</title>
 
-            <para>This documentation assumes you are using windows but much of the
informationapplies to Unix as well.</para>
-            <para>The org.ietf.jgss classes have lots of possible configuration parameters,
-mainly in the krb5.conf/krb5.ini file. Some more info on the format at
-<ulink url="http://web.mit.edu/kerberos/krb5-1.4/krb5-1.4.1/doc/krb5-admin/krb5.conf.html">http://web.mit.edu/kerberos/krb5-1.4/krb5-1.4.1/doc/krb5-admin/krb5.conf.html</ulink>.</para>
+            <para>This documentation assumes you are using windows but much of the
+                informationapplies to Unix as well.</para>
+            <para>The org.ietf.jgss classes have lots of possible configuration parameters,
mainly
+                in the krb5.conf/krb5.ini file. Some more info on the format at <ulink
+                    url="http://web.mit.edu/kerberos/krb5-1.4/krb5-1.4.1/doc/krb5-admin/krb5.conf.html"
+                    >http://web.mit.edu/kerberos/krb5-1.4/krb5-1.4.1/doc/krb5-admin/krb5.conf.html</ulink>.</para>
         </section>
         <section>
             <title>login.conf file</title>
 
-            <para>The following configuration is a basic setup that works in Windows
XP against both IIS7 and JbossNegotiate modules.</para>
-            <para>The system property that can be use to point to the login.conf file
is <emphasis>java.security.auth.login.config</emphasis>.</para>
+            <para>The following configuration is a basic setup that works in Windows
XP against both
+                IIS7 and JbossNegotiate modules.</para>
+            <para>The system property that can be use to point to the login.conf file
is
+                    <emphasis>java.security.auth.login.config</emphasis>.</para>
             <para>Sample usage...</para>
             <programlisting>System.setProperty("java.security.auth.login.config", "login.conf");</programlisting>
 
@@ -432,7 +490,7 @@
             <para>If unspecified the system default will be used. Override with...</para>
             <programlisting>System.setProperty("java.security.krb5.conf", "krb5.conf");</programlisting>
             <para>Example file contents...</para>
-            
+
             <programlisting><![CDATA[
 [libdefaults]
     default_realm = AD.EXAMPLE.NET



Mime
View raw message