Return-Path:
X-Original-To: apmail-jmeter-dev-archive@minotaur.apache.org
Delivered-To: apmail-jmeter-dev-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
by minotaur.apache.org (Postfix) with SMTP id 2413F11F13
for ;
Tue, 22 Jul 2014 18:00:41 +0000 (UTC)
Received: (qmail 45537 invoked by uid 500); 22 Jul 2014 18:00:41 -0000
Delivered-To: apmail-jmeter-dev-archive@jmeter.apache.org
Received: (qmail 45519 invoked by uid 500); 22 Jul 2014 18:00:41 -0000
Mailing-List: contact dev-help@jmeter.apache.org; run by ezmlm
Precedence: bulk
List-Help:
List-Unsubscribe:
List-Post:
List-Id:
Reply-To: dev@jmeter.apache.org
Delivered-To: mailing list dev@jmeter.apache.org
Received: (qmail 45507 invoked by uid 99); 22 Jul 2014 18:00:40 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 22 Jul 2014 18:00:40 +0000
X-ASF-Spam-Status: No, hits=2.5 required=5.0
tests=FREEMAIL_REPLY,HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of philippe.mouawad@gmail.com
designates 209.85.213.177 as permitted sender)
Received: from [209.85.213.177] (HELO mail-ig0-f177.google.com)
(209.85.213.177)
by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 22 Jul 2014 18:00:38 +0000
Received: by mail-ig0-f177.google.com with SMTP id hn18so516437igb.16
for ; Tue, 22 Jul 2014 11:00:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20120113;
h=mime-version:in-reply-to:references:date:message-id:subject:from:to
:content-type;
bh=GRPfBq8oVBNvXilNV1tNLoQYTYo4TPzDlCQE0znGCd4=;
b=YRLjbXgSvEqkRvJSL0JKEclUwYozl0x2A9Fu56ZOBGSCUDzd7pYum4mxi+taL3fWt9
BVg4ErL2Kg6Lg0idwdAHE6BHTtbzxX3tfe4cTSX2C404kpnD4V8WTGj2grVNApJi2BJ6
hu2xqKmHkUGMpNSajH4gqfBS5i3vMF05aIAYD5cwO3yNPp6tdRE9fQaEy4aex/ck35rI
jdDwEYXSTd9wfYy0JZdg+NGjrzENdQz/R2vMEWGfWF7jYuhnmosT7VP2zUYzfr+hHR3g
HDyjkSQWqOMsGuc6znjgTFj3oRb+zTdGCcHskYBdcUItkYfI45DMzmES33+cL3eLkM21
MLTg==
MIME-Version: 1.0
X-Received: by 10.42.110.208 with SMTP id r16mr206669icp.17.1406052012678;
Tue, 22 Jul 2014 11:00:12 -0700 (PDT)
Received: by 10.42.91.75 with HTTP; Tue, 22 Jul 2014 11:00:12 -0700 (PDT)
In-Reply-To: <135ad662-5d2d-46c2-95a0-8c9beeb7eaba@email.android.com>
References: <20140718200600.9AB8B2388831@eris.apache.org>
<135ad662-5d2d-46c2-95a0-8c9beeb7eaba@email.android.com>
Date: Tue, 22 Jul 2014 20:00:12 +0200
Message-ID:
Subject: Re: svn commit: r1611785 - in /jmeter/trunk: bin/jmeter.properties
src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java
xdocs/changes.xml xdocs/usermanual/component_reference.xml
From: Philippe Mouawad
To: "dev@jmeter.apache.org"
Content-Type: multipart/alternative; boundary=20cf303ea288c0650c04fecbfe90
X-Virus-Checked: Checked by ClamAV on apache.org
--20cf303ea288c0650c04fecbfe90
Content-Type: text/plain; charset=ISO-8859-1
I agree , behaviour is inline with what existed.
Thanks Felix for your contributions and further tests
Regards
On Tuesday, July 22, 2014, Felix Schumacher <
felix.schumacher@internetallee.de> wrote:
>
>
> On 22. Juli 2014 16:50:20 MESZ, sebb >
> wrote:
> >On 18 July 2014 21:06, > wrote:
> >> Author: pmouawad
> >> Date: Fri Jul 18 20:05:59 2014
> >> New Revision: 1611785
> >>
> >> URL: http://svn.apache.org/r1611785
> >> Log:
> >> Bug 56701 - HTTP Authorization Manager/ Kerberos Authentication: add
> >port to SPN when server port is neither 80 nor 443
> >> Add a jmeter property to control behaviour.
> >> By default strip port.
> >
> >-1.
> >
> >As far as I can tell, the patch changes the default behaviour.
> >The default should be changed, e.g. by setting STRIP_PORT to false by
> >default.
>
> The default was (and should be) to strip ports. I have tested spnego with
> default option and it worked.
>
> Why do you think the default behavior was changed by this commit?
>
> Regards
> Felix
> >
> >> Bugzilla Id: 56701
> >>
> >> Modified:
> >> jmeter/trunk/bin/jmeter.properties
> >>
>
> >jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java
> >> jmeter/trunk/xdocs/changes.xml
> >> jmeter/trunk/xdocs/usermanual/component_reference.xml
> >>
> >> Modified: jmeter/trunk/bin/jmeter.properties
> >> URL:
> >
> http://svn.apache.org/viewvc/jmeter/trunk/bin/jmeter.properties?rev=1611785&r1=1611784&r2=1611785&view=diff
> >>
>
> >==============================================================================
> >> --- jmeter/trunk/bin/jmeter.properties (original)
> >> +++ jmeter/trunk/bin/jmeter.properties Fri Jul 18 20:05:59 2014
> >> @@ -337,7 +337,11 @@ log_level.jorphan=INFO
> >>
> >> # AuthManager Kerberos configuration
> >> # Name of application module used in jaas.conf
> >> -#kerberos_jaas_application=JMeter
> >> +#kerberos_jaas_application=JMeter
> >> +
> >> +# Should ports be stripped from urls before constructing SPNs
> >> +# for spnego authentication
> >> +#kerberos.spnego.strip_port=true
> >>
> >> # Sample logging levels for Commons HttpClient
> >> #
> >> @@ -962,8 +966,8 @@ beanshell.server.file=../extras/startup.
> >> #jsyntaxtextarea.maxundos=50
> >>
> >> # Maximum size of HTML page that can be displayed; default=200 *
> >1024
> >> -# Set to 0 to disable the size check
> >> -#view.results.tree.max_size=0
> >> +# Set to 0 to disable the size check and display the whole response
> >> +#view.results.tree.max_size=204800
> >>
> >> # Order of Renderers in View Results Tree
> >> # Note full class names should be used for non jmeter core renderers
> >>
> >> Modified:
>
> >jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java
> >> URL:
> >
> http://svn.apache.org/viewvc/jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java?rev=1611785&r1=1611784&r2=1611785&view=diff
> >>
>
> >==============================================================================
> >> ---
>
> >jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java
> >(original)
> >> +++
>
> >jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java
> >Fri Jul 18 20:05:59 2014
> >> @@ -96,6 +96,9 @@ public class AuthManager extends ConfigT
> >>
> >> private static final boolean DEFAULT_CLEAR_VALUE = false;
> >>
> >> + /** Decides whether port should be omitted from SPN for kerberos
> >spnego authentication */
> >> + private static final boolean STRIP_PORT =
> >JMeterUtils.getPropDefault("kerberos.spnego.strip_port", true);
> >> +
> >> public enum Mechanism {
> >> BASIC_DIGEST, KERBEROS;
> >> }
> >> @@ -392,8 +395,7 @@ public class AuthManager extends ConfigT
> >> log.debug(username + " > D="+domain+" R="+realm + "
> >M="+auth.getMechanism());
> >> }
> >> if (Mechanism.KERBEROS.equals(auth.getMechanism())) {
> >> - boolean stripPort = (url.getPort() ==
> >HTTPConstants.DEFAULT_HTTP_PORT || url.getPort() ==
> >HTTPConstants.DEFAULT_HTTPS_PORT);
> >> - ((AbstractHttpClient)
> >client).getAuthSchemes().register(AuthPolicy.SPNEGO, new
> >SPNegoSchemeFactory(stripPort));
> >> + ((AbstractHttpClient)
> >client).getAuthSchemes().register(AuthPolicy.SPNEGO, new
> >SPNegoSchemeFactory(isStripPort(url)));
> >> credentialsProvider.setCredentials(new
> >AuthScope(null, -1, null), USE_JAAS_CREDENTIALS);
> >> } else {
> >> credentialsProvider.setCredentials(
> >> @@ -403,6 +405,24 @@ public class AuthManager extends ConfigT
> >> }
> >> }
> >>
> >> + /**
> >> + * IE and Firefox will always strip port from the url before
> >constructing
> >> + * the SPN. Chrome has an option
> >(--enable-auth-negotiate-port
)
> >> + * to include the port if it differs from 80
or
> >> + * 443
. That behavior can be changed by setting the
> >jmeter
> >> + * property kerberos.spnego.strip_port
.
> >> + *
> >> + * @param url to be checked
> >> + * @return true
when port should omitted in SPN
> >> + */
> >> + private boolean isStripPort(URL url) {
> >> + if (STRIP_PORT) {
> >> + return true;
> >> + }
> >> + return (url.getPort() == HTTPConstants.DEFAULT_HTTP_PORT ||
> >> + url.getPort() == HTTPConstants.DEFAULT_HTTPS_PORT);
> >> + }
> >> +
> >> /** {@inheritDoc} */
> >> @Override
> >> public void testStarted() {
> >>
> >> Modified: jmeter/trunk/xdocs/changes.xml
> >> URL:
> >
> http://svn.apache.org/viewvc/jmeter/trunk/xdocs/changes.xml?rev=1611785&r1=1611784&r2=1611785&view=diff
> >>
>
> >==============================================================================
> >> --- jmeter/trunk/xdocs/changes.xml (original)
> >> +++ jmeter/trunk/xdocs/changes.xml Fri Jul 18 20:05:59 2014
> >> @@ -213,7 +213,7 @@ A workaround is to use a Java 7 update 4
> >> Timers, Assertions, Config, Pre- & Post-Processors
> >>
> >> - 56691 - Synchronizing Timer : Add timeout
> >on waiting
> >> -- 56701 - HTTP Authorization Manager/
> >Kerberos Authentication: add port to SPN when server port is neither 80
> >nor 443
> >> +- 56701 - HTTP Authorization Manager/
> >Kerberos Authentication: add port to SPN when server port is neither 80
> >nor 443. Based on patches from Dan Haughey (dan.haughey at
> >swinton.co.uk) and Felix Schumacher (felix.schumacher at
> >internetallee.de)
> >>
> >>
> >> Functions
> >> @@ -253,6 +253,8 @@ A workaround is to use a Java 7 update 4
> >> Nicola Ambrosetti (ambrosetti.nicola at gmail.com)
> >> Ubik Load Pack
> >support
> >> Mikhail Epikhin (epihin-m at yandex.ru)
> >> +Dan Haughey (dan.haughey at swinton.co.uk)
> >> +Felix Schumacher (felix.schumacher at internetallee.de)
> >>
> >>
> >>
> >>
> >> Modified: jmeter/trunk/xdocs/usermanual/component_reference.xml
> >> URL:
> >
> http://svn.apache.org/viewvc/jmeter/trunk/xdocs/usermanual/component_reference.xml?rev=1611785&r1=1611784&r2=1611785&view=diff
> >>
>
> >==============================================================================
> >> --- jmeter/trunk/xdocs/usermanual/component_reference.xml (original)
> >> +++ jmeter/trunk/xdocs/usermanual/component_reference.xml Fri Jul 18
> >20:05:59 2014
> >> @@ -3545,6 +3545,18 @@ You can also configure those two propert
> >> Look at the two sample configuration files (krb5.conf and jaas.conf)
> >located in the jmeter bin folder for references to more documentation,
> >and tweak them to match
> >> your Kerberos configuration.
> >>
> >> +
> >> +When generating a SPN for Kerberos SPNEGO authentication IE and
> >Firefox will omit the port number
> >> +from the url. Chrome has an option
> >(--enable-auth-negotiate-port
) to include the port
> >> +number if it differs from the standard ones (80
and
> >443
). That behavior
> >> +can be emulated by setting the following jmeter property as below.
> >> +
> >> +In jmeter.properties or user.properties, set:
> >> +
> >> +- kerberos.spnego.strip_port=false
> >> +
> >> +
> >> +
> >>
> >> Controls:
> >>
> >>
> >>
>
>
--
Cordialement.
Philippe Mouawad.
--20cf303ea288c0650c04fecbfe90--