GitHub user xeronix opened a pull request:
https://github.com/apache/httpclient/pull/17
Adding support for using delegated GSSCredential for Kerberos authentication
Internally httpclient relies on GSS API which uses JAAS login
configuration specified by user to get the GSSCredential. This patch
will allow a user to avoid the config file and directly set a delegated
or normal GSSCredential. A normal GSSCredential can be obtained
programatically from
spn-keytab or user-password using custom Login module.
Snippet to set GSSCredential for SPNEGO-KERBEROS Authentication :
//gssCredential is the GSSCredential Object
KerberosCredentials kerebrosCredential = new
KerberosCredentials(gssCredential);
CredentialsProvider credsProvider = new BasicCredentialsProvider();
credsProvider.setCredentials(new AuthScope(null, -1, null),
kerebrosCredential);
Registry<AuthSchemeProvider> authSchemeRegistry = RegistryBuilder
.<AuthSchemeProvider> create().register(AuthSchemes.SPNEGO,
new SPNegoSchemeFactory()).build();
Use this authSchemeRegistry for HttpClient.
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/xeronix/httpclient trunk
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/httpclient/pull/17.patch
To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:
This closes #17
----
commit 8f88ec4c58a3d0a72e25af43809698aaf1ccf193
Author: Vipul Mehta <[email protected]>
Date: 2014-09-04T13:48:34Z
Adding support for using delegated GSSCredential for Kerberos authentication
Internally httpclient relies on GSS API which uses JAAS login
configuration specified by user to get the GSSCredential. This patch
will allow a user to avoid the config file and directly set a delegated
or normal GSSCredential. A normal GSSCredential can be obtained
programatically from
spn-keytab or user-password using custom Login module.
Snippet to set GSSCredential for SPNEGO-KERBEROS Authentication :
//gssCredential is the GSSCredential Object
KerberosCredentials kerebrosCredential = new
KerberosCredentials(gssCredential);
CredentialsProvider credsProvider = new BasicCredentialsProvider();
credsProvider.setCredentials(new AuthScope(null, -1, null),
kerebrosCredential);
Registry<AuthSchemeProvider> authSchemeRegistry = RegistryBuilder
.<AuthSchemeProvider> create().register(AuthSchemes.SPNEGO,
new SPNegoSchemeFactory()).build();
Use this authSchemeRegistry for HttpClient.
----
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at [email protected] or file a JIRA ticket
with INFRA.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
