hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Oleg Kalnichevski <ol...@apache.org>
Subject Re: Using GSSCredential directly for Kerberos authentication
Date Thu, 04 Sep 2014 14:11:36 GMT
On Thu, 2014-09-04 at 19:23 +0530, Vipul Mehta wrote:
> Here is my patch merged in a forked trunk branch :
> https://github.com/xeronix/httpclient/commit/8f88ec4c58a3d0a72e25af43809698aaf1ccf193
> 
> I have tested the patch over 4.3.5 source code and it works fine.
> 

NegotiateScheme class has been deprecated since 4.2. Could you please
re-apply your changes to non-deprecated classes instead? 

Please also note we will not be able to include this patch into 4.3.x
branch. It can only go into trunk and therefore it should compile
against trunk and all tests should still pass.

Oleg  


> With jar build from Trunk branch i am getting some exception which is not
> related to the patch:
> Exception in thread "main" java.lang.NoSuchMethodError:
> org.apache.http.impl.conn.CPool.setValidateAfterInactivity(I)V
>     at
> org.apache.http.impl.conn.PoolingHttpClientConnectionManager.<init>(PoolingHttpClientConnectionManager.java:176)
>     at
> org.apache.http.impl.conn.PoolingHttpClientConnectionManager.<init>(PoolingHttpClientConnectionManager.java:158)
>     at
> org.apache.http.impl.client.HttpClientBuilder.build(HttpClientBuilder.java:838)
> 
> Snippet to set GSSCredential for SPNEGO-KERBEROS Authentication :
> //gssCredential is the GSSCredential Object
> KerberosCredentials kerebrosCredential = new
> KerberosCredentials(gssCredential);
> 
> CredentialsProvider credsProvider = new BasicCredentialsProvider();
> credsProvider.setCredentials(new AuthScope(null, -1, null),
> kerebrosCredential);
> 
> Registry<AuthSchemeProvider> authSchemeRegistry = RegistryBuilder
> .<AuthSchemeProvider> create().register(AuthSchemes.SPNEGO,
> new SPNegoSchemeFactory()).build();
> 
> //Use this authSchemeRegistry for HttpClient.
> 
> 
> 
> On Wed, Sep 3, 2014 at 9:06 PM, Oleg Kalnichevski <olegk@apache.org> wrote:
> 
> > On Wed, 2014-09-03 at 14:40 +0530, Vipul Mehta wrote:
> > > Hi,
> > >
> > > In my scenario i am getting delegated GSSCredential of a user from some
> > > other client and i want to use it to create context and authenticate with
> > > windows ADFS.
> > >
> > > The createContext call in
> > > *org.apache.http.impl.auth.GGSSchemeBase.generateGSSToken()* relies on
> > JAAS
> > > configuration for getting credentials and hence null is passed to it in
> > > credential field.
> > >
> > > protected byte[] generateGSSToken(
> > > >             final byte[] input, final Oid oid, final String authServer)
> > > > throws GSSException {
> > > >         byte[] token = input;
> > > >         if (token == null) {
> > > >             token = new byte[0];
> > > >         }
> > > >         final GSSManager manager = getManager();
> > > >         final GSSName serverName = manager.createName("HTTP@" +
> > > > authServer, GSSName.NT_HOSTBASED_SERVICE);
> > > >
> > > > *   final GSSContext gssContext = manager.createContext(
> > > > serverName.canonicalize(oid), oid, null, GSSContext.DEFAULT_LIFETIME);*
> > > >         gssContext.requestMutualAuth(true);
> > > >         gssContext.requestCredDeleg(true);
> > > >         return gssContext.initSecContext(token, 0, token.length);
> > > >     }
> > > >
> > >
> > > I want to pass the GSSCredential in this createContext call. Is there any
> > > way i can achieve it without changing httpclient code ?
> > >
> > >
> >
> > No, there is not. However, I'll happily commit a patch fixing the
> > problem if you feel like contributing one.
> >
> > Oleg
> >
> >
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> > For additional commands, e-mail: httpclient-users-help@hc.apache.org
> >
> >
> 
> 



---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org


Mime
View raw message