jmeter-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Philippe Mouawad <philippe.moua...@gmail.com>
Subject Re: svn commit: r1611785 - in /jmeter/trunk: bin/jmeter.properties src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java xdocs/changes.xml xdocs/usermanual/component_reference.xml
Date Tue, 22 Jul 2014 18:00:12 GMT
I agree , behaviour is inline with what existed.
Thanks Felix for your contributions and further tests

Regards
On Tuesday, July 22, 2014, Felix Schumacher <
felix.schumacher@internetallee.de> wrote:

>
>
> On 22. Juli 2014 16:50:20 MESZ, sebb <sebbaz@gmail.com <javascript:;>>
> wrote:
> >On 18 July 2014 21:06,  <pmouawad@apache.org <javascript:;>> wrote:
> >> Author: pmouawad
> >> Date: Fri Jul 18 20:05:59 2014
> >> New Revision: 1611785
> >>
> >> URL: http://svn.apache.org/r1611785
> >> Log:
> >> Bug 56701 - HTTP Authorization Manager/ Kerberos Authentication: add
> >port to SPN when server port is neither 80 nor 443
> >> Add a jmeter property to control behaviour.
> >> By default strip port.
> >
> >-1.
> >
> >As far as I can tell, the patch changes the default behaviour.
> >The default should be changed, e.g. by setting STRIP_PORT to false by
> >default.
>
> The default was (and should be) to strip ports. I have tested spnego with
> default option and it worked.
>
> Why do you think the default behavior was changed by this commit?
>
> Regards
> Felix
> >
> >> Bugzilla Id: 56701
> >>
> >> Modified:
> >>     jmeter/trunk/bin/jmeter.properties
> >>
>
> >jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java
> >>     jmeter/trunk/xdocs/changes.xml
> >>     jmeter/trunk/xdocs/usermanual/component_reference.xml
> >>
> >> Modified: jmeter/trunk/bin/jmeter.properties
> >> URL:
> >
> http://svn.apache.org/viewvc/jmeter/trunk/bin/jmeter.properties?rev=1611785&r1=1611784&r2=1611785&view=diff
> >>
>
> >==============================================================================
> >> --- jmeter/trunk/bin/jmeter.properties (original)
> >> +++ jmeter/trunk/bin/jmeter.properties Fri Jul 18 20:05:59 2014
> >> @@ -337,7 +337,11 @@ log_level.jorphan=INFO
> >>
> >>  # AuthManager Kerberos configuration
> >>  # Name of application module used in jaas.conf
> >> -#kerberos_jaas_application=JMeter
> >> +#kerberos_jaas_application=JMeter
> >> +
> >> +# Should ports be stripped from urls before constructing SPNs
> >> +# for spnego authentication
> >> +#kerberos.spnego.strip_port=true
> >>
> >>  #         Sample logging levels for Commons HttpClient
> >>  #
> >> @@ -962,8 +966,8 @@ beanshell.server.file=../extras/startup.
> >>  #jsyntaxtextarea.maxundos=50
> >>
> >>  # Maximum size of HTML page that can be displayed; default=200 *
> >1024
> >> -# Set to 0 to disable the size check
> >> -#view.results.tree.max_size=0
> >> +# Set to 0 to disable the size check and display the whole response
> >> +#view.results.tree.max_size=204800
> >>
> >>  # Order of Renderers in View Results Tree
> >>  # Note full class names should be used for non jmeter core renderers
> >>
> >> Modified:
>
> >jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java
> >> URL:
> >
> http://svn.apache.org/viewvc/jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java?rev=1611785&r1=1611784&r2=1611785&view=diff
> >>
>
> >==============================================================================
> >> ---
>
> >jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java
> >(original)
> >> +++
>
> >jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java
> >Fri Jul 18 20:05:59 2014
> >> @@ -96,6 +96,9 @@ public class AuthManager extends ConfigT
> >>
> >>      private static final boolean DEFAULT_CLEAR_VALUE = false;
> >>
> >> +    /** Decides whether port should be omitted from SPN for kerberos
> >spnego authentication */
> >> +    private static final boolean STRIP_PORT =
> >JMeterUtils.getPropDefault("kerberos.spnego.strip_port", true);
> >> +
> >>      public enum Mechanism {
> >>          BASIC_DIGEST, KERBEROS;
> >>      }
> >> @@ -392,8 +395,7 @@ public class AuthManager extends ConfigT
> >>                  log.debug(username + " > D="+domain+" R="+realm + "
> >M="+auth.getMechanism());
> >>              }
> >>              if (Mechanism.KERBEROS.equals(auth.getMechanism())) {
> >> -                boolean stripPort = (url.getPort() ==
> >HTTPConstants.DEFAULT_HTTP_PORT || url.getPort() ==
> >HTTPConstants.DEFAULT_HTTPS_PORT);
> >> -                ((AbstractHttpClient)
> >client).getAuthSchemes().register(AuthPolicy.SPNEGO, new
> >SPNegoSchemeFactory(stripPort));
> >> +                ((AbstractHttpClient)
> >client).getAuthSchemes().register(AuthPolicy.SPNEGO, new
> >SPNegoSchemeFactory(isStripPort(url)));
> >>                  credentialsProvider.setCredentials(new
> >AuthScope(null, -1, null), USE_JAAS_CREDENTIALS);
> >>              } else {
> >>                  credentialsProvider.setCredentials(
> >> @@ -403,6 +405,24 @@ public class AuthManager extends ConfigT
> >>          }
> >>      }
> >>
> >> +    /**
> >> +     * IE and Firefox will always strip port from the url before
> >constructing
> >> +     * the SPN. Chrome has an option
> >(<code>--enable-auth-negotiate-port</code>)
> >> +     * to include the port if it differs from <code>80</code> or
> >> +     * <code>443</code>. That behavior can be changed by setting
the
> >jmeter
> >> +     * property <code>kerberos.spnego.strip_port</code>.
> >> +     *
> >> +     * @param url to be checked
> >> +     * @return <code>true</code> when port should omitted in SPN
> >> +     */
> >> +    private boolean isStripPort(URL url) {
> >> +        if (STRIP_PORT) {
> >> +            return true;
> >> +        }
> >> +        return (url.getPort() == HTTPConstants.DEFAULT_HTTP_PORT ||
> >> +                url.getPort() == HTTPConstants.DEFAULT_HTTPS_PORT);
> >> +    }
> >> +
> >>      /** {@inheritDoc} */
> >>      @Override
> >>      public void testStarted() {
> >>
> >> Modified: jmeter/trunk/xdocs/changes.xml
> >> URL:
> >
> http://svn.apache.org/viewvc/jmeter/trunk/xdocs/changes.xml?rev=1611785&r1=1611784&r2=1611785&view=diff
> >>
>
> >==============================================================================
> >> --- jmeter/trunk/xdocs/changes.xml (original)
> >> +++ jmeter/trunk/xdocs/changes.xml Fri Jul 18 20:05:59 2014
> >> @@ -213,7 +213,7 @@ A workaround is to use a Java 7 update 4
> >>  <h3>Timers, Assertions, Config, Pre- &amp; Post-Processors</h3>
> >>  <ul>
> >>  <li><bugzilla>56691</bugzilla> - Synchronizing Timer : Add
timeout
> >on waiting</li>
> >> -<li><bugzilla>56701</bugzilla> - HTTP Authorization Manager/
> >Kerberos Authentication: add port to SPN when server port is neither 80
> >nor 443</li>
> >> +<li><bugzilla>56701</bugzilla> - HTTP Authorization Manager/
> >Kerberos Authentication: add port to SPN when server port is neither 80
> >nor 443. Based on patches from Dan Haughey (dan.haughey at
> >swinton.co.uk) and Felix Schumacher (felix.schumacher at
> >internetallee.de)</li>
> >>  </ul>
> >>
> >>  <h3>Functions</h3>
> >> @@ -253,6 +253,8 @@ A workaround is to use a Java 7 update 4
> >>  <li>Nicola Ambrosetti (ambrosetti.nicola at gmail.com)</li>
> >>  <li><a href="http://ubikloadpack.com">Ubik Load Pack
> >support</a></li>
> >>  <li>Mikhail Epikhin (epihin-m at yandex.ru)</li>
> >> +<li>Dan Haughey (dan.haughey at swinton.co.uk)</li>
> >> +<li>Felix Schumacher (felix.schumacher at internetallee.de)</li>
> >>  </ul>
> >>
> >>  <br/>
> >>
> >> Modified: jmeter/trunk/xdocs/usermanual/component_reference.xml
> >> URL:
> >
> http://svn.apache.org/viewvc/jmeter/trunk/xdocs/usermanual/component_reference.xml?rev=1611785&r1=1611784&r2=1611785&view=diff
> >>
>
> >==============================================================================
> >> --- jmeter/trunk/xdocs/usermanual/component_reference.xml (original)
> >> +++ jmeter/trunk/xdocs/usermanual/component_reference.xml Fri Jul 18
> >20:05:59 2014
> >> @@ -3545,6 +3545,18 @@ You can also configure those two propert
> >>  Look at the two sample configuration files (krb5.conf and jaas.conf)
> >located in the jmeter bin folder for references to more documentation,
> >and tweak them to match
> >>  your Kerberos configuration.
> >>  </p>
> >> +<p>
> >> +When generating a SPN for Kerberos SPNEGO authentication IE and
> >Firefox will omit the port number
> >> +from the url. Chrome has an option
> >(<code>--enable-auth-negotiate-port</code>) to include the port
> >> +number if it differs from the standard ones (<code>80</code> and
> ><code>443</code>). That behavior
> >> +can be emulated by setting the following jmeter property as below.
> >> +<pre>
> >> +In jmeter.properties or user.properties, set:
> >> +<ul>
> >> +<li>kerberos.spnego.strip_port=false</li>
> >> +</ul>
> >> +</pre>
> >> +</p>
> >>  <br></br>
> >>  <b>Controls:</b>
> >>  <ul>
> >>
> >>
>
>

-- 
Cordialement.
Philippe Mouawad.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message