hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: NegotiateAuth for HttpClient 4.x
Date Wed, 18 Nov 2009 11:59:48 GMT
On Wed, 2009-11-18 at 10:03 +0100, Kiss Gergely wrote:
> Dear HttpComponent Developers,
> We're using HttpComponents 4.x in out project for some time now, and last
> week I spent a lot of time figuring out how Exchange works with WebDAV and
> Kerberos authentication.
> In the meantime, I have implemented the NegotiateScheme class for 4.x -
> based on Mikael Wikstrom's previous work for HttpClient 3.x - which I'd like
> to contribute back to the community.
> Notes:
> - with 4.x it's a bit harder to add a new authentication scheme, but is
> possible with DefaultHttpClient.setTargetAuthenticationHandler() - so the
> new authPreferences should look like { "negotiate", "ntlm", "digest",
> "basic" }
> - unfortunately the current (4.0) implementation does not fall back to Basic
> or Digest if Negotiate or NTLM authentication failed, so you have to decide
> which one to use before executing the request
> - The execute() call is required to run in a JAAS context (with
> Subject.doAs(...))
> - Kerberos authentication requires a service name to work (the first part of
> the SPN), and this was a constant value ("HTTP") in the previous version -
> but the target service may already have another SPN (so registering HTTP
> would be unnecessary). For this reason, I introduced the
> parameter NegotiateSchemeFactory.SERVICE_PREFIX, which is read from the
> HttpParams specified to the client.
> - Credential delegation was tested and works very nicely
> Best regards
> Gergely Kiss


Support for SPNEGO/Kerberos authentication scheme has been recently
added to the SVN trunk (See HTTPCLIENT-523 in JIRA for details). Did you
base your code on 4.0 release or the latest dev snapshot? If not, it
would be great if you could incorporate the latest changes into your
code line and submit your enhancements as a patch against SVN trunk.

There is also a fairly extensive documentation of how current SPNEGO
support works in the HttpClient tutorial but you will have to generate
that tutorial manually from the source code.

Please also consider subscribing the the list so I would not have mod
your messages in manually.



To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org

View raw message