hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Vipul Mehta <vipulmehta.1...@gmail.com>
Subject Re: Using GSSCredential directly for Kerberos authentication
Date Thu, 04 Sep 2014 19:09:03 GMT
I have made changes in non-deprecated classes only. NegotiateScheme in
deprecated version required change because it overrides generateToken()
method of GGSScheme and signature of generateToken() has been changed in my
patch.

All maven tests are passing in my workspace.

The exception i mentioned was occurring while i was running my sample code
and it was because i was using old version of httpcore. Now it is also
working fine.

On Thu, Sep 4, 2014 at 7:41 PM, Oleg Kalnichevski <olegk@apache.org> wrote:

> On Thu, 2014-09-04 at 19:23 +0530, Vipul Mehta wrote:
> > Here is my patch merged in a forked trunk branch :
> >
> https://github.com/xeronix/httpclient/commit/8f88ec4c58a3d0a72e25af43809698aaf1ccf193
> >
> > I have tested the patch over 4.3.5 source code and it works fine.
> >
>
> NegotiateScheme class has been deprecated since 4.2. Could you please
> re-apply your changes to non-deprecated classes instead?
>
> Please also note we will not be able to include this patch into 4.3.x
> branch. It can only go into trunk and therefore it should compile
> against trunk and all tests should still pass.
>
> Oleg
>
>
> > With jar build from Trunk branch i am getting some exception which is not
> > related to the patch:
> > Exception in thread "main" java.lang.NoSuchMethodError:
> > org.apache.http.impl.conn.CPool.setValidateAfterInactivity(I)V
> >     at
> >
> org.apache.http.impl.conn.PoolingHttpClientConnectionManager.<init>(PoolingHttpClientConnectionManager.java:176)
> >     at
> >
> org.apache.http.impl.conn.PoolingHttpClientConnectionManager.<init>(PoolingHttpClientConnectionManager.java:158)
> >     at
> >
> org.apache.http.impl.client.HttpClientBuilder.build(HttpClientBuilder.java:838)
> >
> > Snippet to set GSSCredential for SPNEGO-KERBEROS Authentication :
> > //gssCredential is the GSSCredential Object
> > KerberosCredentials kerebrosCredential = new
> > KerberosCredentials(gssCredential);
> >
> > CredentialsProvider credsProvider = new BasicCredentialsProvider();
> > credsProvider.setCredentials(new AuthScope(null, -1, null),
> > kerebrosCredential);
> >
> > Registry<AuthSchemeProvider> authSchemeRegistry = RegistryBuilder
> > .<AuthSchemeProvider> create().register(AuthSchemes.SPNEGO,
> > new SPNegoSchemeFactory()).build();
> >
> > //Use this authSchemeRegistry for HttpClient.
> >
> >
> >
> > On Wed, Sep 3, 2014 at 9:06 PM, Oleg Kalnichevski <olegk@apache.org>
> wrote:
> >
> > > On Wed, 2014-09-03 at 14:40 +0530, Vipul Mehta wrote:
> > > > Hi,
> > > >
> > > > In my scenario i am getting delegated GSSCredential of a user from
> some
> > > > other client and i want to use it to create context and authenticate
> with
> > > > windows ADFS.
> > > >
> > > > The createContext call in
> > > > *org.apache.http.impl.auth.GGSSchemeBase.generateGSSToken()* relies
> on
> > > JAAS
> > > > configuration for getting credentials and hence null is passed to it
> in
> > > > credential field.
> > > >
> > > > protected byte[] generateGSSToken(
> > > > >             final byte[] input, final Oid oid, final String
> authServer)
> > > > > throws GSSException {
> > > > >         byte[] token = input;
> > > > >         if (token == null) {
> > > > >             token = new byte[0];
> > > > >         }
> > > > >         final GSSManager manager = getManager();
> > > > >         final GSSName serverName = manager.createName("HTTP@" +
> > > > > authServer, GSSName.NT_HOSTBASED_SERVICE);
> > > > >
> > > > > *   final GSSContext gssContext = manager.createContext(
> > > > > serverName.canonicalize(oid), oid, null,
> GSSContext.DEFAULT_LIFETIME);*
> > > > >         gssContext.requestMutualAuth(true);
> > > > >         gssContext.requestCredDeleg(true);
> > > > >         return gssContext.initSecContext(token, 0, token.length);
> > > > >     }
> > > > >
> > > >
> > > > I want to pass the GSSCredential in this createContext call. Is
> there any
> > > > way i can achieve it without changing httpclient code ?
> > > >
> > > >
> > >
> > > No, there is not. However, I'll happily commit a patch fixing the
> > > problem if you feel like contributing one.
> > >
> > > Oleg
> > >
> > >
> > >
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> > > For additional commands, e-mail: httpclient-users-help@hc.apache.org
> > >
> > >
> >
> >
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
>


-- 
Regards,
Vipul

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message