You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@jmeter.apache.org by fs...@apache.org on 2016/03/16 21:47:03 UTC
svn commit: r1735295 - in
/jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control:
AuthManager.java FixedSPNegoScheme.java FixedSPNegoSchemeFactory.java
Author: fschumacher
Date: Wed Mar 16 20:47:03 2016
New Revision: 1735295
URL: http://svn.apache.org/viewvc?rev=1735295&view=rev
Log:
Workaround for https://issues.apache.org/jira/browse/HTTPCLIENT-1712 which makes
SPNEGO with kerberos and https impossible in httpclient 4.5.2. The next version
of httpclient will be correct again and these newly introduced classes can be removed
again.
Added:
jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/FixedSPNegoScheme.java
jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/FixedSPNegoSchemeFactory.java
Modified:
jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java
Modified: jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java
URL: http://svn.apache.org/viewvc/jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java?rev=1735295&r1=1735294&r2=1735295&view=diff
==============================================================================
--- jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java (original)
+++ jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java Wed Mar 16 20:47:03 2016
@@ -469,7 +469,9 @@ public class AuthManager extends ConfigT
log.debug(username + " > D="+domain+" R="+realm + " M="+auth.getMechanism());
}
if (Mechanism.KERBEROS.equals(auth.getMechanism())) {
- ((AbstractHttpClient) client).getAuthSchemes().register(AuthSchemes.SPNEGO, new SPNegoSchemeFactory(isStripPort(url)));
+ ((AbstractHttpClient) client).getAuthSchemes().register(
+ AuthSchemes.SPNEGO,
+ new FixedSPNegoSchemeFactory(isStripPort(url)));
credentialsProvider.setCredentials(new AuthScope(null, -1, null), USE_JAAS_CREDENTIALS);
} else {
credentialsProvider.setCredentials(
Added: jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/FixedSPNegoScheme.java
URL: http://svn.apache.org/viewvc/jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/FixedSPNegoScheme.java?rev=1735295&view=auto
==============================================================================
--- jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/FixedSPNegoScheme.java (added)
+++ jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/FixedSPNegoScheme.java Wed Mar 16 20:47:03 2016
@@ -0,0 +1,70 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.jmeter.protocol.http.control;
+
+import org.apache.http.auth.Credentials;
+import org.apache.http.auth.KerberosCredentials;
+import org.apache.http.impl.auth.SPNegoScheme;
+import org.ietf.jgss.GSSContext;
+import org.ietf.jgss.GSSCredential;
+import org.ietf.jgss.GSSException;
+import org.ietf.jgss.GSSManager;
+import org.ietf.jgss.GSSName;
+import org.ietf.jgss.Oid;
+
+/**
+ * Class to workaround <a
+ * href="https://issues.apache.org/jira/browse/HTTPCLIENT-1712">issue
+ * HTTPCLIENT-1712 regarding SPNego for kerberos and HTTPS</a>, which was
+ * introduced in httpclient 4.5.2 and will be fixed with 4.5.3.
+ */
+public class FixedSPNegoScheme extends SPNegoScheme {
+
+ public FixedSPNegoScheme(boolean stripPort, boolean useCanonicalHostname) {
+ super(stripPort, useCanonicalHostname);
+ }
+
+ @Override
+ protected byte[] generateGSSToken(final byte[] input, final Oid oid,
+ final String authServer, final Credentials credentials)
+ throws GSSException {
+ byte[] inputBuff = input;
+ if (inputBuff == null) {
+ inputBuff = new byte[0];
+ }
+ final GSSManager manager = getManager();
+ final GSSName serverName = manager.createName("HTTP@" + authServer,
+ GSSName.NT_HOSTBASED_SERVICE);
+
+ final GSSCredential gssCredential;
+ if (credentials instanceof KerberosCredentials) {
+ gssCredential = ((KerberosCredentials) credentials)
+ .getGSSCredential();
+ } else {
+ gssCredential = null;
+ }
+
+ final GSSContext gssContext = manager.createContext(
+ serverName.canonicalize(oid), oid, gssCredential,
+ GSSContext.DEFAULT_LIFETIME);
+ gssContext.requestMutualAuth(true);
+ gssContext.requestCredDeleg(true);
+ return gssContext.initSecContext(inputBuff, 0, inputBuff.length);
+ }
+
+}
Added: jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/FixedSPNegoSchemeFactory.java
URL: http://svn.apache.org/viewvc/jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/FixedSPNegoSchemeFactory.java?rev=1735295&view=auto
==============================================================================
--- jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/FixedSPNegoSchemeFactory.java (added)
+++ jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/FixedSPNegoSchemeFactory.java Wed Mar 16 20:47:03 2016
@@ -0,0 +1,46 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ */
+package org.apache.jmeter.protocol.http.control;
+
+import org.apache.http.auth.AuthScheme;
+import org.apache.http.impl.auth.SPNegoSchemeFactory;
+import org.apache.http.params.HttpParams;
+import org.apache.http.protocol.HttpContext;
+
+/**
+ * Class to workaround <a
+ * href="https://issues.apache.org/jira/browse/HTTPCLIENT-1712">issue
+ * HTTPCLIENT-1712 regarding SPNego for kerberos and HTTPS</a>, which was
+ * introduced in httpclient 4.5.2 and will be fixed with 4.5.3.
+ */
+public class FixedSPNegoSchemeFactory extends SPNegoSchemeFactory {
+
+ public FixedSPNegoSchemeFactory(boolean stripPort) {
+ super(stripPort);
+ }
+
+ @Override
+ public AuthScheme create(HttpContext context) {
+ return new FixedSPNegoScheme(isStripPort(), isUseCanonicalHostname());
+ }
+
+ @Override
+ public AuthScheme newInstance(HttpParams params) {
+ return new FixedSPNegoScheme(isStripPort(), isUseCanonicalHostname());
+ }
+}