Attachment #31831 for bug #56701

View | Details | Raw Unified | Return to bug 56701
Collapse All | Expand All

Lines 339-344 log_level.jorphan=INFO Link Here

(-)bin/jmeter.properties (+4 lines)
339	# Name of application module used in jaas.conf	339	# Name of application module used in jaas.conf
340	#kerberos_jaas_application=JMeter	340	#kerberos_jaas_application=JMeter
341		341
		342	# Should ports be stripped from urls before constructing SPNs
		343	# for spnego authentication
		344	#spnego.strip_port=true
		345
342	# Sample logging levels for Commons HttpClient	346	# Sample logging levels for Commons HttpClient
343	#	347	#
344	# Commons HttpClient Logging information can be found at:	348	# Commons HttpClient Logging information can be found at:

Lines 96-101 public class AuthManager extends ConfigTestElement implements TestStateListener, Link Here

(-)src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java (-2 / +22 lines)
96		96
97	private static final boolean DEFAULT_CLEAR_VALUE = false;	97	private static final boolean DEFAULT_CLEAR_VALUE = false;
98		98
		99	/** Decides whether port should be omitted from SPN for kerberos spnego authentication */
		100	private static final boolean STRIP_PORT = JMeterUtils.getPropDefault("spnego.strip_port", true);
		101
99	public enum Mechanism {	102	public enum Mechanism {
100	BASIC_DIGEST, KERBEROS;	103	BASIC_DIGEST, KERBEROS;
101	}	104	}
Lines 392-399 public class AuthManager extends ConfigTestElement implements TestStateListener, Link Here
392	log.debug(username + " > D="+domain+" R="+realm + " M="+auth.getMechanism());	395	log.debug(username + " > D="+domain+" R="+realm + " M="+auth.getMechanism());
393	}	396	}
394	if (Mechanism.KERBEROS.equals(auth.getMechanism())) {	397	if (Mechanism.KERBEROS.equals(auth.getMechanism())) {
395	boolean stripPort = (url.getPort() == HTTPConstants.DEFAULT_HTTP_PORT \|\| url.getPort() == HTTPConstants.DEFAULT_HTTPS_PORT);	398	((AbstractHttpClient) client).getAuthSchemes().register(AuthPolicy.SPNEGO, new SPNegoSchemeFactory(isStripPort(url)));
396	((AbstractHttpClient) client).getAuthSchemes().register(AuthPolicy.SPNEGO, new SPNegoSchemeFactory(stripPort));
397	credentialsProvider.setCredentials(new AuthScope(null, -1, null), USE_JAAS_CREDENTIALS);	399	credentialsProvider.setCredentials(new AuthScope(null, -1, null), USE_JAAS_CREDENTIALS);
398	} else {	400	} else {
399	credentialsProvider.setCredentials(	401	credentialsProvider.setCredentials(
Lines 403-408 public class AuthManager extends ConfigTestElement implements TestStateListener, Link Here
403	}	405	}
404	}	406	}
405		407
		408	/**
		409	* IE and Firefox will always strip port from the url before constructing
		410	* the SPN. Chrome has an option (<code>--enable-auth-negotiate-port</code>)
		411	* to include the port if it differs from <code>80</code> or
		412	* <code>443</code>. That behavior can be changed by setting the jmeter
		413	* property <code>spnego.stripPort</code>.
		414	*
		415	* @param url
		416	* to be checked
		417	* @return <code>true</code> when port should omitted in SPN
		418	*/
		419	private boolean isStripPort(URL url) {
		420	if (STRIP_PORT)
		421	return true;
		422	return url.getPort() == HTTPConstants.DEFAULT_HTTP_PORT
		423	\|\| url.getPort() == HTTPConstants.DEFAULT_HTTPS_PORT;
		424	}
		425
406	/** {@inheritDoc} */	426	/** {@inheritDoc} */
407	@Override	427	@Override
408	public void testStarted() {	428	public void testStarted() {




your Kerberos configuration.
</p>
<br></br>
<p>
When generating a SPN for Kerberos SPNEGO authentication IE and Firefox will omit the port number
from the url. Chrome has an option (<code>--enable-auth-negotiate-port</code>) to include the port
number if it differs from the standard ones (<code>80</code> and <code>443</code>). That behavior
can be emulated by setting the following jmeter property as below.
<pre>
jmeter.properties:
spnego.strip_port=false
</pre> 
</p>
<br></br>
<b>Controls:</b>
<ul>
  <li>Add Button - Add an entry to the authorization table.</li>

Return to bug 56701

Lines 3537-3542 Look at the two sample configuration files (krb5.conf and jaas.conf) located in Link Here

(-)xdocs/usermanual/component_reference.xml (+11 lines)
3537	your Kerberos configuration.	3537	your Kerberos configuration.
3538	</p>	3538	</p>
3539	<br></br>	3539	<br></br>
		3540	<p>
		3541	When generating a SPN for Kerberos SPNEGO authentication IE and Firefox will omit the port number
		3542	from the url. Chrome has an option (<code>--enable-auth-negotiate-port</code>) to include the port
		3543	number if it differs from the standard ones (<code>80</code> and <code>443</code>). That behavior
		3544	can be emulated by setting the following jmeter property as below.
		3545	<pre>
		3546	jmeter.properties:
		3547	spnego.strip_port=false
		3548	</pre>
		3549	</p>
		3550	<br></br>
3540	<b>Controls:</b>	3551	<b>Controls:</b>
3541	<ul>	3552	<ul>
3542	<li>Add Button - Add an entry to the authorization table.</li>	3553	<li>Add Button - Add an entry to the authorization table.</li>