Return-Path: 
 <dev-return-3272-apmail-jmeter-dev-archive=jmeter.apache.org@jmeter.apache.org>
X-Original-To: apmail-jmeter-dev-archive@minotaur.apache.org
Delivered-To: apmail-jmeter-dev-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 2413F11F13
	for <apmail-jmeter-dev-archive@minotaur.apache.org>;
 Tue, 22 Jul 2014 18:00:41 +0000 (UTC)
Received: (qmail 45537 invoked by uid 500); 22 Jul 2014 18:00:41 -0000
Delivered-To: apmail-jmeter-dev-archive@jmeter.apache.org
Received: (qmail 45519 invoked by uid 500); 22 Jul 2014 18:00:41 -0000
Mailing-List: contact dev-help@jmeter.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@jmeter.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@jmeter.apache.org>
List-Post: <mailto:dev@jmeter.apache.org>
List-Id: <dev.jmeter.apache.org>
Reply-To: dev@jmeter.apache.org
Delivered-To: mailing list dev@jmeter.apache.org
Received: (qmail 45507 invoked by uid 99); 22 Jul 2014 18:00:40 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 22 Jul 2014 18:00:40 +0000
X-ASF-Spam-Status: No, hits=2.5 required=5.0
	tests=FREEMAIL_REPLY,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of philippe.mouawad@gmail.com
 designates 209.85.213.177 as permitted sender)
Received: from [209.85.213.177] (HELO mail-ig0-f177.google.com)
 (209.85.213.177)
    by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 22 Jul 2014 18:00:38 +0000
Received: by mail-ig0-f177.google.com with SMTP id hn18so516437igb.16
        for <dev@jmeter.apache.org>; Tue, 22 Jul 2014 11:00:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type;
        bh=GRPfBq8oVBNvXilNV1tNLoQYTYo4TPzDlCQE0znGCd4=;
        b=YRLjbXgSvEqkRvJSL0JKEclUwYozl0x2A9Fu56ZOBGSCUDzd7pYum4mxi+taL3fWt9
         BVg4ErL2Kg6Lg0idwdAHE6BHTtbzxX3tfe4cTSX2C404kpnD4V8WTGj2grVNApJi2BJ6
         hu2xqKmHkUGMpNSajH4gqfBS5i3vMF05aIAYD5cwO3yNPp6tdRE9fQaEy4aex/ck35rI
         jdDwEYXSTd9wfYy0JZdg+NGjrzENdQz/R2vMEWGfWF7jYuhnmosT7VP2zUYzfr+hHR3g
         HDyjkSQWqOMsGuc6znjgTFj3oRb+zTdGCcHskYBdcUItkYfI45DMzmES33+cL3eLkM21
         MLTg==
MIME-Version: 1.0
X-Received: by 10.42.110.208 with SMTP id r16mr206669icp.17.1406052012678;
 Tue, 22 Jul 2014 11:00:12 -0700 (PDT)
Received: by 10.42.91.75 with HTTP; Tue, 22 Jul 2014 11:00:12 -0700 (PDT)
In-Reply-To: <135ad662-5d2d-46c2-95a0-8c9beeb7eaba@email.android.com>
References: <20140718200600.9AB8B2388831@eris.apache.org>
	<CAOGo0VYCEjHX45sVkcb2gya1AFZ5RvWRkgW38ruFO6628oZUiQ@mail.gmail.com>
	<135ad662-5d2d-46c2-95a0-8c9beeb7eaba@email.android.com>
Date: Tue, 22 Jul 2014 20:00:12 +0200
Message-ID: 
 <CAH9fUpZ7xrDVmdQCkTnCmK8F-vg=zx3N8ZQMFMs=cn503_PFdg@mail.gmail.com>
Subject: Re: svn commit: r1611785 - in /jmeter/trunk: bin/jmeter.properties
 src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java
 xdocs/changes.xml xdocs/usermanual/component_reference.xml
From: Philippe Mouawad <philippe.mouawad@gmail.com>
To: "dev@jmeter.apache.org" <dev@jmeter.apache.org>
Content-Type: multipart/alternative; boundary=20cf303ea288c0650c04fecbfe90
X-Virus-Checked: Checked by ClamAV on apache.org

--20cf303ea288c0650c04fecbfe90
Content-Type: text/plain; charset=ISO-8859-1

I agree , behaviour is inline with what existed.
Thanks Felix for your contributions and further tests

Regards
On Tuesday, July 22, 2014, Felix Schumacher <
felix.schumacher@internetallee.de> wrote:

>
>
> On 22. Juli 2014 16:50:20 MESZ, sebb <sebbaz@gmail.com <javascript:;>>
> wrote:
> >On 18 July 2014 21:06,  <pmouawad@apache.org <javascript:;>> wrote:
> >> Author: pmouawad
> >> Date: Fri Jul 18 20:05:59 2014
> >> New Revision: 1611785
> >>
> >> URL: http://svn.apache.org/r1611785
> >> Log:
> >> Bug 56701 - HTTP Authorization Manager/ Kerberos Authentication: add
> >port to SPN when server port is neither 80 nor 443
> >> Add a jmeter property to control behaviour.
> >> By default strip port.
> >
> >-1.
> >
> >As far as I can tell, the patch changes the default behaviour.
> >The default should be changed, e.g. by setting STRIP_PORT to false by
> >default.
>
> The default was (and should be) to strip ports. I have tested spnego with
> default option and it worked.
>
> Why do you think the default behavior was changed by this commit?
>
> Regards
> Felix
> >
> >> Bugzilla Id: 56701
> >>
> >> Modified:
> >>     jmeter/trunk/bin/jmeter.properties
> >>
>
> >jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java
> >>     jmeter/trunk/xdocs/changes.xml
> >>     jmeter/trunk/xdocs/usermanual/component_reference.xml
> >>
> >> Modified: jmeter/trunk/bin/jmeter.properties
> >> URL:
> >
> http://svn.apache.org/viewvc/jmeter/trunk/bin/jmeter.properties?rev=1611785&r1=1611784&r2=1611785&view=diff
> >>
>
> >==============================================================================
> >> --- jmeter/trunk/bin/jmeter.properties (original)
> >> +++ jmeter/trunk/bin/jmeter.properties Fri Jul 18 20:05:59 2014
> >> @@ -337,7 +337,11 @@ log_level.jorphan=INFO
> >>
> >>  # AuthManager Kerberos configuration
> >>  # Name of application module used in jaas.conf
> >> -#kerberos_jaas_application=JMeter
> >> +#kerberos_jaas_application=JMeter
> >> +
> >> +# Should ports be stripped from urls before constructing SPNs
> >> +# for spnego authentication
> >> +#kerberos.spnego.strip_port=true
> >>
> >>  #         Sample logging levels for Commons HttpClient
> >>  #
> >> @@ -962,8 +966,8 @@ beanshell.server.file=../extras/startup.
> >>  #jsyntaxtextarea.maxundos=50
> >>
> >>  # Maximum size of HTML page that can be displayed; default=200 *
> >1024
> >> -# Set to 0 to disable the size check
> >> -#view.results.tree.max_size=0
> >> +# Set to 0 to disable the size check and display the whole response
> >> +#view.results.tree.max_size=204800
> >>
> >>  # Order of Renderers in View Results Tree
> >>  # Note full class names should be used for non jmeter core renderers
> >>
> >> Modified:
>
> >jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java
> >> URL:
> >
> http://svn.apache.org/viewvc/jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java?rev=1611785&r1=1611784&r2=1611785&view=diff
> >>
>
> >==============================================================================
> >> ---
>
> >jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java
> >(original)
> >> +++
>
> >jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java
> >Fri Jul 18 20:05:59 2014
> >> @@ -96,6 +96,9 @@ public class AuthManager extends ConfigT
> >>
> >>      private static final boolean DEFAULT_CLEAR_VALUE = false;
> >>
> >> +    /** Decides whether port should be omitted from SPN for kerberos
> >spnego authentication */
> >> +    private static final boolean STRIP_PORT =
> >JMeterUtils.getPropDefault("kerberos.spnego.strip_port", true);
> >> +
> >>      public enum Mechanism {
> >>          BASIC_DIGEST, KERBEROS;
> >>      }
> >> @@ -392,8 +395,7 @@ public class AuthManager extends ConfigT
> >>                  log.debug(username + " > D="+domain+" R="+realm + "
> >M="+auth.getMechanism());
> >>              }
> >>              if (Mechanism.KERBEROS.equals(auth.getMechanism())) {
> >> -                boolean stripPort = (url.getPort() ==
> >HTTPConstants.DEFAULT_HTTP_PORT || url.getPort() ==
> >HTTPConstants.DEFAULT_HTTPS_PORT);
> >> -                ((AbstractHttpClient)
> >client).getAuthSchemes().register(AuthPolicy.SPNEGO, new
> >SPNegoSchemeFactory(stripPort));
> >> +                ((AbstractHttpClient)
> >client).getAuthSchemes().register(AuthPolicy.SPNEGO, new
> >SPNegoSchemeFactory(isStripPort(url)));
> >>                  credentialsProvider.setCredentials(new
> >AuthScope(null, -1, null), USE_JAAS_CREDENTIALS);
> >>              } else {
> >>                  credentialsProvider.setCredentials(
> >> @@ -403,6 +405,24 @@ public class AuthManager extends ConfigT
> >>          }
> >>      }
> >>
> >> +    /**
> >> +     * IE and Firefox will always strip port from the url before
> >constructing
> >> +     * the SPN. Chrome has an option
> >(<code>--enable-auth-negotiate-port</code>)
> >> +     * to include the port if it differs from <code>80</code> or
> >> +     * <code>443</code>. That behavior can be changed by setting the
> >jmeter
> >> +     * property <code>kerberos.spnego.strip_port</code>.
> >> +     *
> >> +     * @param url to be checked
> >> +     * @return <code>true</code> when port should omitted in SPN
> >> +     */
> >> +    private boolean isStripPort(URL url) {
> >> +        if (STRIP_PORT) {
> >> +            return true;
> >> +        }
> >> +        return (url.getPort() == HTTPConstants.DEFAULT_HTTP_PORT ||
> >> +                url.getPort() == HTTPConstants.DEFAULT_HTTPS_PORT);
> >> +    }
> >> +
> >>      /** {@inheritDoc} */
> >>      @Override
> >>      public void testStarted() {
> >>
> >> Modified: jmeter/trunk/xdocs/changes.xml
> >> URL:
> >
> http://svn.apache.org/viewvc/jmeter/trunk/xdocs/changes.xml?rev=1611785&r1=1611784&r2=1611785&view=diff
> >>
>
> >==============================================================================
> >> --- jmeter/trunk/xdocs/changes.xml (original)
> >> +++ jmeter/trunk/xdocs/changes.xml Fri Jul 18 20:05:59 2014
> >> @@ -213,7 +213,7 @@ A workaround is to use a Java 7 update 4
> >>  <h3>Timers, Assertions, Config, Pre- &amp; Post-Processors</h3>
> >>  <ul>
> >>  <li><bugzilla>56691</bugzilla> - Synchronizing Timer : Add timeout
> >on waiting</li>
> >> -<li><bugzilla>56701</bugzilla> - HTTP Authorization Manager/
> >Kerberos Authentication: add port to SPN when server port is neither 80
> >nor 443</li>
> >> +<li><bugzilla>56701</bugzilla> - HTTP Authorization Manager/
> >Kerberos Authentication: add port to SPN when server port is neither 80
> >nor 443. Based on patches from Dan Haughey (dan.haughey at
> >swinton.co.uk) and Felix Schumacher (felix.schumacher at
> >internetallee.de)</li>
> >>  </ul>
> >>
> >>  <h3>Functions</h3>
> >> @@ -253,6 +253,8 @@ A workaround is to use a Java 7 update 4
> >>  <li>Nicola Ambrosetti (ambrosetti.nicola at gmail.com)</li>
> >>  <li><a href="http://ubikloadpack.com">Ubik Load Pack
> >support</a></li>
> >>  <li>Mikhail Epikhin (epihin-m at yandex.ru)</li>
> >> +<li>Dan Haughey (dan.haughey at swinton.co.uk)</li>
> >> +<li>Felix Schumacher (felix.schumacher at internetallee.de)</li>
> >>  </ul>
> >>
> >>  <br/>
> >>
> >> Modified: jmeter/trunk/xdocs/usermanual/component_reference.xml
> >> URL:
> >
> http://svn.apache.org/viewvc/jmeter/trunk/xdocs/usermanual/component_reference.xml?rev=1611785&r1=1611784&r2=1611785&view=diff
> >>
>
> >==============================================================================
> >> --- jmeter/trunk/xdocs/usermanual/component_reference.xml (original)
> >> +++ jmeter/trunk/xdocs/usermanual/component_reference.xml Fri Jul 18
> >20:05:59 2014
> >> @@ -3545,6 +3545,18 @@ You can also configure those two propert
> >>  Look at the two sample configuration files (krb5.conf and jaas.conf)
> >located in the jmeter bin folder for references to more documentation,
> >and tweak them to match
> >>  your Kerberos configuration.
> >>  </p>
> >> +<p>
> >> +When generating a SPN for Kerberos SPNEGO authentication IE and
> >Firefox will omit the port number
> >> +from the url. Chrome has an option
> >(<code>--enable-auth-negotiate-port</code>) to include the port
> >> +number if it differs from the standard ones (<code>80</code> and
> ><code>443</code>). That behavior
> >> +can be emulated by setting the following jmeter property as below.
> >> +<pre>
> >> +In jmeter.properties or user.properties, set:
> >> +<ul>
> >> +<li>kerberos.spnego.strip_port=false</li>
> >> +</ul>
> >> +</pre>
> >> +</p>
> >>  <br></br>
> >>  <b>Controls:</b>
> >>  <ul>
> >>
> >>
>
>

-- 
Cordialement.
Philippe Mouawad.

--20cf303ea288c0650c04fecbfe90--