You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hc.apache.org by ol...@apache.org on 2021/02/20 16:41:26 UTC
[httpcomponents-client] branch master updated: Fix the issues
causing Kerberos/SPNego to fail
This is an automated email from the ASF dual-hosted git repository.
olegk pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/httpcomponents-client.git
The following commit(s) were added to refs/heads/master by this push:
new a018418 Fix the issues causing Kerberos/SPNego to fail
a018418 is described below
commit a0184188c1a7651e4fdd8d4bd899506be0927e30
Author: Carey Lin <ca...@gmail.com>
AuthorDate: Sat Feb 20 10:57:20 2021 -0500
Fix the issues causing Kerberos/SPNego to fail
1. At the beginning of the negotiate, no token is defined in "WWW-Authenticate: Negotiate".
2. Kerberos expects HTTP.
---
.../apache/hc/client5/http/impl/auth/GGSSchemeBase.java | 14 ++++++--------
1 file changed, 6 insertions(+), 8 deletions(-)
diff --git a/httpclient5/src/main/java/org/apache/hc/client5/http/impl/auth/GGSSchemeBase.java b/httpclient5/src/main/java/org/apache/hc/client5/http/impl/auth/GGSSchemeBase.java
index a8e9dd2..86e40a6 100644
--- a/httpclient5/src/main/java/org/apache/hc/client5/http/impl/auth/GGSSchemeBase.java
+++ b/httpclient5/src/main/java/org/apache/hc/client5/http/impl/auth/GGSSchemeBase.java
@@ -28,7 +28,6 @@ package org.apache.hc.client5.http.impl.auth;
import java.net.UnknownHostException;
import java.security.Principal;
-import java.util.Locale;
import org.apache.commons.codec.binary.Base64;
import org.apache.hc.client5.http.DnsResolver;
@@ -73,7 +72,8 @@ public abstract class GGSSchemeBase implements AuthScheme {
}
private static final Logger LOG = LoggerFactory.getLogger(GGSSchemeBase.class);
-
+ private static final String NO_TOKEN = "";
+ private static final String KERBEROS_SCHEME = "HTTP";
private final KerberosConfig config;
private final DnsResolver dnsResolver;
@@ -108,10 +108,9 @@ public abstract class GGSSchemeBase implements AuthScheme {
final AuthChallenge authChallenge,
final HttpContext context) throws MalformedChallengeException {
Args.notNull(authChallenge, "AuthChallenge");
- if (authChallenge.getValue() == null) {
- throw new MalformedChallengeException("Missing auth challenge");
- }
- this.challenge = authChallenge.getValue();
+
+ this.challenge = authChallenge.getValue() != null ? authChallenge.getValue() : NO_TOKEN;
+
if (state == State.UNINITIATED) {
token = Base64.decodeBase64(challenge.getBytes());
state = State.CHALLENGE_RECEIVED;
@@ -222,14 +221,13 @@ public abstract class GGSSchemeBase implements AuthScheme {
} else {
authServer = hostname + ":" + host.getPort();
}
- final String serviceName = host.getSchemeName().toUpperCase(Locale.ROOT);
if (LOG.isDebugEnabled()) {
final HttpClientContext clientContext = HttpClientContext.adapt(context);
final String exchangeId = clientContext.getExchangeId();
LOG.debug("{} init {}", exchangeId, authServer);
}
- token = generateToken(token, serviceName, authServer);
+ token = generateToken(token, KERBEROS_SCHEME, authServer);
state = State.TOKEN_GENERATED;
} catch (final GSSException gsse) {
state = State.FAILED;