ASF Bugzilla – Attachment 31831 Details for
Bug 56701
HTTP Authorization Manager/ Kerberos Authentication: add port to SPN when server port is neither 80 nor 443
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Add an option to enable the chrome optional behavior
spnego-strip-ports-option.diff (text/plain), 3.89 KB, created by
Felix Schumacher
on 2014-07-18 19:28:55 UTC
(
hide
)
Description:
Add an option to enable the chrome optional behavior
Filename:
MIME Type:
Creator:
Felix Schumacher
Created:
2014-07-18 19:28:55 UTC
Size:
3.89 KB
patch
obsolete
>diff --git bin/jmeter.properties bin/jmeter.properties >index 4b58e11..862882e 100644 >--- bin/jmeter.properties >+++ bin/jmeter.properties >@@ -339,6 +339,10 @@ log_level.jorphan=INFO > # Name of application module used in jaas.conf > #kerberos_jaas_application=JMeter > >+# Should ports be stripped from urls before constructing SPNs >+# for spnego authentication >+#spnego.strip_port=true >+ > # Sample logging levels for Commons HttpClient > # > # Commons HttpClient Logging information can be found at: >diff --git src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java >index 625ce23..3775b08 100644 >--- src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java >+++ src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java >@@ -96,6 +96,9 @@ public class AuthManager extends ConfigTestElement implements TestStateListener, > > private static final boolean DEFAULT_CLEAR_VALUE = false; > >+ /** Decides whether port should be omitted from SPN for kerberos spnego authentication */ >+ private static final boolean STRIP_PORT = JMeterUtils.getPropDefault("spnego.strip_port", true); >+ > public enum Mechanism { > BASIC_DIGEST, KERBEROS; > } >@@ -392,8 +395,7 @@ public class AuthManager extends ConfigTestElement implements TestStateListener, > log.debug(username + " > D="+domain+" R="+realm + " M="+auth.getMechanism()); > } > if (Mechanism.KERBEROS.equals(auth.getMechanism())) { >- boolean stripPort = (url.getPort() == HTTPConstants.DEFAULT_HTTP_PORT || url.getPort() == HTTPConstants.DEFAULT_HTTPS_PORT); >- ((AbstractHttpClient) client).getAuthSchemes().register(AuthPolicy.SPNEGO, new SPNegoSchemeFactory(stripPort)); >+ ((AbstractHttpClient) client).getAuthSchemes().register(AuthPolicy.SPNEGO, new SPNegoSchemeFactory(isStripPort(url))); > credentialsProvider.setCredentials(new AuthScope(null, -1, null), USE_JAAS_CREDENTIALS); > } else { > credentialsProvider.setCredentials( >@@ -403,6 +405,24 @@ public class AuthManager extends ConfigTestElement implements TestStateListener, > } > } > >+ /** >+ * IE and Firefox will always strip port from the url before constructing >+ * the SPN. Chrome has an option (<code>--enable-auth-negotiate-port</code>) >+ * to include the port if it differs from <code>80</code> or >+ * <code>443</code>. That behavior can be changed by setting the jmeter >+ * property <code>spnego.stripPort</code>. >+ * >+ * @param url >+ * to be checked >+ * @return <code>true</code> when port should omitted in SPN >+ */ >+ private boolean isStripPort(URL url) { >+ if (STRIP_PORT) >+ return true; >+ return url.getPort() == HTTPConstants.DEFAULT_HTTP_PORT >+ || url.getPort() == HTTPConstants.DEFAULT_HTTPS_PORT; >+ } >+ > /** {@inheritDoc} */ > @Override > public void testStarted() { >diff --git xdocs/usermanual/component_reference.xml xdocs/usermanual/component_reference.xml >index fca72e5..72a7327 100644 >--- xdocs/usermanual/component_reference.xml >+++ xdocs/usermanual/component_reference.xml >@@ -3537,6 +3537,17 @@ Look at the two sample configuration files (krb5.conf and jaas.conf) located in > your Kerberos configuration. > </p> > <br></br> >+<p> >+When generating a SPN for Kerberos SPNEGO authentication IE and Firefox will omit the port number >+from the url. Chrome has an option (<code>--enable-auth-negotiate-port</code>) to include the port >+number if it differs from the standard ones (<code>80</code> and <code>443</code>). That behavior >+can be emulated by setting the following jmeter property as below. >+<pre> >+jmeter.properties: >+spnego.strip_port=false >+</pre> >+</p> >+<br></br> > <b>Controls:</b> > <ul> > <li>Add Button - Add an entry to the authorization table.</li>
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=31831">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 56701
:
31801
| 31831