You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hc.apache.org by ol...@apache.org on 2009/09/24 21:19:07 UTC
svn commit: r818596 - in
/httpcomponents/httpclient/trunk/httpclient/src/examples/org/apache/http/examples/client:
ClientAuthentication.java ClientInteractiveAuthentication.java
ClientKerberosAuthentication.java
Author: olegk
Date: Thu Sep 24 19:19:05 2009
New Revision: 818596
URL: http://svn.apache.org/viewvc?rev=818596&view=rev
Log:
Cleaned up Kerberos example a little
Modified:
httpcomponents/httpclient/trunk/httpclient/src/examples/org/apache/http/examples/client/ClientAuthentication.java
httpcomponents/httpclient/trunk/httpclient/src/examples/org/apache/http/examples/client/ClientInteractiveAuthentication.java
httpcomponents/httpclient/trunk/httpclient/src/examples/org/apache/http/examples/client/ClientKerberosAuthentication.java
Modified: httpcomponents/httpclient/trunk/httpclient/src/examples/org/apache/http/examples/client/ClientAuthentication.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/httpclient/src/examples/org/apache/http/examples/client/ClientAuthentication.java?rev=818596&r1=818595&r2=818596&view=diff
==============================================================================
--- httpcomponents/httpclient/trunk/httpclient/src/examples/org/apache/http/examples/client/ClientAuthentication.java (original)
+++ httpcomponents/httpclient/trunk/httpclient/src/examples/org/apache/http/examples/client/ClientAuthentication.java Thu Sep 24 19:19:05 2009
@@ -21,9 +21,6 @@
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
- *
- * [Additional notices, if required by prior licensing conditions]
- *
*/
package org.apache.http.examples.client;
Modified: httpcomponents/httpclient/trunk/httpclient/src/examples/org/apache/http/examples/client/ClientInteractiveAuthentication.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/httpclient/src/examples/org/apache/http/examples/client/ClientInteractiveAuthentication.java?rev=818596&r1=818595&r2=818596&view=diff
==============================================================================
--- httpcomponents/httpclient/trunk/httpclient/src/examples/org/apache/http/examples/client/ClientInteractiveAuthentication.java (original)
+++ httpcomponents/httpclient/trunk/httpclient/src/examples/org/apache/http/examples/client/ClientInteractiveAuthentication.java Thu Sep 24 19:19:05 2009
@@ -21,9 +21,6 @@
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
- *
- * [Additional notices, if required by prior licensing conditions]
- *
*/
package org.apache.http.examples.client;
Modified: httpcomponents/httpclient/trunk/httpclient/src/examples/org/apache/http/examples/client/ClientKerberosAuthentication.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/httpclient/src/examples/org/apache/http/examples/client/ClientKerberosAuthentication.java?rev=818596&r1=818595&r2=818596&view=diff
==============================================================================
--- httpcomponents/httpclient/trunk/httpclient/src/examples/org/apache/http/examples/client/ClientKerberosAuthentication.java (original)
+++ httpcomponents/httpclient/trunk/httpclient/src/examples/org/apache/http/examples/client/ClientKerberosAuthentication.java Thu Sep 24 19:19:05 2009
@@ -1,11 +1,12 @@
/*
* ====================================================================
*
- * Copyright 2002-2009 The Apache Software Foundation
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
@@ -20,35 +21,22 @@
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
- *
*/
package org.apache.http.examples.client;
-import java.io.IOException;
-import java.security.KeyManagementException;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
import java.security.Principal;
-import java.security.UnrecoverableKeyException;
-import java.security.cert.CertificateException;
-import java.util.Arrays;
-import java.util.Collections;
-import org.apache.commons.logging.Log;
-import org.apache.commons.logging.LogFactory;
import org.apache.http.HttpEntity;
import org.apache.http.HttpResponse;
-import org.apache.http.auth.AuthSchemeRegistry;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.Credentials;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpUriRequest;
-import org.apache.http.client.protocol.ClientContext;
+import org.apache.http.client.params.AuthPolicy;
import org.apache.http.impl.auth.NegotiateSchemeFactory;
import org.apache.http.impl.client.DefaultHttpClient;
-import org.apache.http.protocol.BasicHttpContext;
-import org.apache.http.protocol.HttpContext;
+import org.apache.http.util.EntityUtils;
/**
* Kerberos auth example.
@@ -110,135 +98,91 @@
* com.sun.security.auth.module.Krb5LoginModule required client=TRUE useTicketCache=true debug=true;
*};
* </pre>
+ *
+ * @since 4.1
*/
public class ClientKerberosAuthentication {
- private static final Log LOG = LogFactory.getLog(ClientKerberosAuthentication.class);
- private static String kerbHttpHost = "";
-
- public static void main(String[] args) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, KeyManagementException, UnrecoverableKeyException {
+
+ public static void main(String[] args) throws Exception {
+
System.setProperty("java.security.auth.login.config", "login.conf");
System.setProperty("java.security.krb5.conf", "krb5.conf");
System.setProperty("sun.security.krb5.debug", "true");
System.setProperty("javax.security.auth.useSubjectCredsOnly","false");
- if( args.length > 0 )
- kerbHttpHost = args[0];
-
- /* Below is helpful on windows.
-
- Solution 2: You need to update the Windows registry to disable this new feature. The registry key allowtgtsessionkey should be added--and set correctly--to allow session keys to be sent in the Kerberos Ticket-Granting Ticket.
-
- On the Windows Server 2003 and Windows 2000 SP4, here is the required registry setting:
-
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters
- Value Name: allowtgtsessionkey
- Value Type: REG_DWORD
- Value: 0x01
-
- Here is the location of the registry setting on Windows XP SP2:
-
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\
- Value Name: allowtgtsessionkey
- Value Type: REG_DWORD
- Value: 0x01
+ /*
+ * Below is helpful on windows.
+ * Solution 2: You need to update the Windows registry to disable this new feature.
+ * The registry key allowtgtsessionkey should be added--and set correctly--to allow
+ * session keys to be sent in the Kerberos Ticket-Granting Ticket.
+ *
+ * On the Windows Server 2003 and Windows 2000 SP4, here is the required registry setting:
+ *
+ * HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters
+ * Value Name: allowtgtsessionkey
+ * Value Type: REG_DWORD
+ * Value: 0x01
+ *
+ * Here is the location of the registry setting on Windows XP SP2:
+ *
+ * HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\
+ * Value Name: allowtgtsessionkey
+ * Value Type: REG_DWORD
+ * Value: 0x01
*/
DefaultHttpClient httpclient = new DefaultHttpClient();
- /* NegotiateSchemeFactory creates the NegotiateScheme instance to be use for each request
- * if using Java 5/6 and IIS7 you can just use the defaults. JbossNegotiate use setStripPort(true),
- * or add service names with ports to kerberos DB. JbossNegotiate needs Java 6 or a SpengoGenerator.
+ /*
+ * NegotiateSchemeFactory creates the NegotiateScheme instance to be use for each request
+ * if using Java 5/6 and IIS7 you can just use the defaults.
+ * JbossNegotiate use setStripPort(true), or add service names with ports to kerberos DB.
+ * JbossNegotiate needs Java 6 or a SpengoGenerator.
*/
- NegotiateSchemeFactory negotiateFact = new NegotiateSchemeFactory();
-// negotiateFact.setStripPort(false);
-// negotiateFact.setSpnegoCreate(true);
-// negotiateFact.setSpengoGenerator(new BouncySpnegoTokenGenerator());
+ NegotiateSchemeFactory nsf = new NegotiateSchemeFactory();
+// nsf.setStripPort(false);
+// nsf.setSpnegoCreate(true);
+// nsf.setSpengoGenerator(new BouncySpnegoTokenGenerator());
- AuthSchemeRegistry authSchemeRegistry = httpclient.getAuthSchemes();
- authSchemeRegistry.unregister("basic");
- authSchemeRegistry.unregister("digest");
- authSchemeRegistry.unregister("NTLM");
- authSchemeRegistry.register("Negotiate", negotiateFact);
-// authSchemeRegistry.register("NTLM", new NTLMSchemeFactory());
-// authSchemeRegistry.register("Basic", new BasicSchemeFactory());
- httpclient.setAuthSchemes(authSchemeRegistry);
+ httpclient.getAuthSchemes().register(AuthPolicy.SPNEGO, nsf);
Credentials use_jaas_creds = new Credentials() {
- // @Override
+
public String getPassword() {
return null;
}
- // @Override
+
public Principal getUserPrincipal() {
return null;
}
+
};
httpclient.getCredentialsProvider().setCredentials(
new AuthScope(null, -1, null),
use_jaas_creds);
- HttpUriRequest request = new HttpGet(kerbHttpHost);
- HttpResponse response = null;
- HttpEntity entity = null;
-
- // ResponseHandler<String> responseHandler = new BasicResponseHandler();
- String responseBody = null;
- /* note the we use the 2 parameter execute call. */
- /* also keepalives should be implemented, either set on server or code in client */
- try{
- // responseBody = httpclient.execute(request, responseHandler, createHttpContext(httpclient));
- response = httpclient.execute(request, createHttpContext(httpclient));
- entity = response.getEntity();
- } catch ( Exception ex){
- LOG.debug(ex.getMessage(), ex);
- }
+ HttpUriRequest request = new HttpGet("http://kerberoshost/");
+ HttpResponse response = httpclient.execute(request);
+ HttpEntity entity = response.getEntity();
System.out.println("----------------------------------------");
- System.out.println(responseBody);
+ System.out.println(response.getStatusLine());
System.out.println("----------------------------------------");
if (entity != null) {
- System.out.println("Response content length: " + entity.getContentLength());
- entity.writeTo(System.out);
+ System.out.println(EntityUtils.toString(entity));
}
+ System.out.println("----------------------------------------");
+
+ // This ensures the connection gets released back to the manager
if (entity != null) {
entity.consumeContent();
}
- }
- /**
- * createHttpContext - This is a copy of DefaultHttpClient method
- * createHttpContext with "negotiate" added to AUTH_SCHEME_PREF to allow for
- * Kerberos authentication. Could also extend DefaultHttpClient overriding the
- * default createHttpContext.
- *
- * @param httpclient - our Httpclient
- * @return HttpContext
- */
- static HttpContext createHttpContext(DefaultHttpClient httpclient){
- HttpContext context = new BasicHttpContext();
- context.setAttribute(
- ClientContext.AUTHSCHEME_REGISTRY,
- httpclient.getAuthSchemes());
- context.setAttribute(
- ClientContext.AUTH_SCHEME_PREF,
- Collections.unmodifiableList( Arrays.asList(new String[] {
- "negotiate",
- "ntlm",
- "digest",
- "basic"
- }))
- );
- context.setAttribute(
- ClientContext.COOKIESPEC_REGISTRY,
- httpclient.getCookieSpecs());
- context.setAttribute(
- ClientContext.COOKIE_STORE,
- httpclient.getCookieStore());
- context.setAttribute(
- ClientContext.CREDS_PROVIDER,
- httpclient.getCredentialsProvider());
- return context;
+ // When HttpClient instance is no longer needed,
+ // shut down the connection manager to ensure
+ // immediate deallocation of all system resources
+ httpclient.getConnectionManager().shutdown();
}
-
+
}