[ https://issues.apache.org/jira/browse/HTTPCLIENT-1912?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16577347#comment-16577347 ]
Nicholas DiPiazza edited comment on HTTPCLIENT-1912 at 8/11/18 10:08 PM: ------------------------------------------------------------------------- Yeah I've noticed something that is this hard to understand once it "works" (meaning lets you authenticate and make authenticated http requests to get the content you need), people shrug off issues with the security because they don't care. Can you possibly help me out a little by highlighting some changes to make to my {{SpnegoAuth}} class to fix the issues? Or is it so far off that I wasted my time here? Or could you possibly highlight where in particular libserf does this correctly? I'm using only Java Security code here. I'm not doing anything with HTTP client anymore. was (Author: ndipiazza_gmail): Yeah I've noticed something that is this hard to understand once it "works" (meaning lets you authenticate and make authenticated http requests to get the content you need), people shrug off issues with the security because they don't care. Can you possibly help me out a little by highlighting some changes to make to my {{SpnegoAuth}} class to fix the issues? Or is it so far off that I wasted my time here? Or could you possibly highlight where in particular libserf does this correctly? > AuthSchemes.SPNEGO should be able to specify login conf and krb5 conf as > parameters instead of system properties > ---------------------------------------------------------------------------------------------------------------- > > Key: HTTPCLIENT-1912 > URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1912 > Project: HttpComponents HttpClient > Issue Type: Improvement > Components: HttpClient (classic) > Affects Versions: 4.5.2 > Reporter: Nicholas DiPiazza > Priority: Major > Labels: volunteers-wanted > Fix For: Stuck > > > in order to use spenego > see > [example|https://github.com/jumarko/kerberos-auth-example/blob/master/src/main/java/net/curiousprogrammer/auth/kerberos/example/KerberosAuthExample.java] > you need to specify system properties to specify a custom krb5.conf or > login.conf location. > It would be very useful if these could be given as parameters somehow instead > of system properties, because in our cloud apps use case, sharing these as > system properties at the jvm level is causing conflicts. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@hc.apache.org For additional commands, e-mail: dev-h...@hc.apache.org