I agree , behaviour is inline with what existed. Thanks Felix for your contributions and further tests
Regards On Tuesday, July 22, 2014, Felix Schumacher < [email protected]> wrote: > > > On 22. Juli 2014 16:50:20 MESZ, sebb <[email protected] <javascript:;>> > wrote: > >On 18 July 2014 21:06, <[email protected] <javascript:;>> wrote: > >> Author: pmouawad > >> Date: Fri Jul 18 20:05:59 2014 > >> New Revision: 1611785 > >> > >> URL: http://svn.apache.org/r1611785 > >> Log: > >> Bug 56701 - HTTP Authorization Manager/ Kerberos Authentication: add > >port to SPN when server port is neither 80 nor 443 > >> Add a jmeter property to control behaviour. > >> By default strip port. > > > >-1. > > > >As far as I can tell, the patch changes the default behaviour. > >The default should be changed, e.g. by setting STRIP_PORT to false by > >default. > > The default was (and should be) to strip ports. I have tested spnego with > default option and it worked. > > Why do you think the default behavior was changed by this commit? > > Regards > Felix > > > >> Bugzilla Id: 56701 > >> > >> Modified: > >> jmeter/trunk/bin/jmeter.properties > >> > > >jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java > >> jmeter/trunk/xdocs/changes.xml > >> jmeter/trunk/xdocs/usermanual/component_reference.xml > >> > >> Modified: jmeter/trunk/bin/jmeter.properties > >> URL: > > > http://svn.apache.org/viewvc/jmeter/trunk/bin/jmeter.properties?rev=1611785&r1=1611784&r2=1611785&view=diff > >> > > >============================================================================== > >> --- jmeter/trunk/bin/jmeter.properties (original) > >> +++ jmeter/trunk/bin/jmeter.properties Fri Jul 18 20:05:59 2014 > >> @@ -337,7 +337,11 @@ log_level.jorphan=INFO > >> > >> # AuthManager Kerberos configuration > >> # Name of application module used in jaas.conf > >> -#kerberos_jaas_application=JMeter > >> +#kerberos_jaas_application=JMeter > >> + > >> +# Should ports be stripped from urls before constructing SPNs > >> +# for spnego authentication > >> +#kerberos.spnego.strip_port=true > >> > >> # Sample logging levels for Commons HttpClient > >> # > >> @@ -962,8 +966,8 @@ beanshell.server.file=../extras/startup. > >> #jsyntaxtextarea.maxundos=50 > >> > >> # Maximum size of HTML page that can be displayed; default=200 * > >1024 > >> -# Set to 0 to disable the size check > >> -#view.results.tree.max_size=0 > >> +# Set to 0 to disable the size check and display the whole response > >> +#view.results.tree.max_size=204800 > >> > >> # Order of Renderers in View Results Tree > >> # Note full class names should be used for non jmeter core renderers > >> > >> Modified: > > >jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java > >> URL: > > > http://svn.apache.org/viewvc/jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java?rev=1611785&r1=1611784&r2=1611785&view=diff > >> > > >============================================================================== > >> --- > > >jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java > >(original) > >> +++ > > >jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java > >Fri Jul 18 20:05:59 2014 > >> @@ -96,6 +96,9 @@ public class AuthManager extends ConfigT > >> > >> private static final boolean DEFAULT_CLEAR_VALUE = false; > >> > >> + /** Decides whether port should be omitted from SPN for kerberos > >spnego authentication */ > >> + private static final boolean STRIP_PORT = > >JMeterUtils.getPropDefault("kerberos.spnego.strip_port", true); > >> + > >> public enum Mechanism { > >> BASIC_DIGEST, KERBEROS; > >> } > >> @@ -392,8 +395,7 @@ public class AuthManager extends ConfigT > >> log.debug(username + " > D="+domain+" R="+realm + " > >M="+auth.getMechanism()); > >> } > >> if (Mechanism.KERBEROS.equals(auth.getMechanism())) { > >> - boolean stripPort = (url.getPort() == > >HTTPConstants.DEFAULT_HTTP_PORT || url.getPort() == > >HTTPConstants.DEFAULT_HTTPS_PORT); > >> - ((AbstractHttpClient) > >client).getAuthSchemes().register(AuthPolicy.SPNEGO, new > >SPNegoSchemeFactory(stripPort)); > >> + ((AbstractHttpClient) > >client).getAuthSchemes().register(AuthPolicy.SPNEGO, new > >SPNegoSchemeFactory(isStripPort(url))); > >> credentialsProvider.setCredentials(new > >AuthScope(null, -1, null), USE_JAAS_CREDENTIALS); > >> } else { > >> credentialsProvider.setCredentials( > >> @@ -403,6 +405,24 @@ public class AuthManager extends ConfigT > >> } > >> } > >> > >> + /** > >> + * IE and Firefox will always strip port from the url before > >constructing > >> + * the SPN. Chrome has an option > >(<code>--enable-auth-negotiate-port</code>) > >> + * to include the port if it differs from <code>80</code> or > >> + * <code>443</code>. That behavior can be changed by setting the > >jmeter > >> + * property <code>kerberos.spnego.strip_port</code>. > >> + * > >> + * @param url to be checked > >> + * @return <code>true</code> when port should omitted in SPN > >> + */ > >> + private boolean isStripPort(URL url) { > >> + if (STRIP_PORT) { > >> + return true; > >> + } > >> + return (url.getPort() == HTTPConstants.DEFAULT_HTTP_PORT || > >> + url.getPort() == HTTPConstants.DEFAULT_HTTPS_PORT); > >> + } > >> + > >> /** {@inheritDoc} */ > >> @Override > >> public void testStarted() { > >> > >> Modified: jmeter/trunk/xdocs/changes.xml > >> URL: > > > http://svn.apache.org/viewvc/jmeter/trunk/xdocs/changes.xml?rev=1611785&r1=1611784&r2=1611785&view=diff > >> > > >============================================================================== > >> --- jmeter/trunk/xdocs/changes.xml (original) > >> +++ jmeter/trunk/xdocs/changes.xml Fri Jul 18 20:05:59 2014 > >> @@ -213,7 +213,7 @@ A workaround is to use a Java 7 update 4 > >> <h3>Timers, Assertions, Config, Pre- & Post-Processors</h3> > >> <ul> > >> <li><bugzilla>56691</bugzilla> - Synchronizing Timer : Add timeout > >on waiting</li> > >> -<li><bugzilla>56701</bugzilla> - HTTP Authorization Manager/ > >Kerberos Authentication: add port to SPN when server port is neither 80 > >nor 443</li> > >> +<li><bugzilla>56701</bugzilla> - HTTP Authorization Manager/ > >Kerberos Authentication: add port to SPN when server port is neither 80 > >nor 443. Based on patches from Dan Haughey (dan.haughey at > >swinton.co.uk) and Felix Schumacher (felix.schumacher at > >internetallee.de)</li> > >> </ul> > >> > >> <h3>Functions</h3> > >> @@ -253,6 +253,8 @@ A workaround is to use a Java 7 update 4 > >> <li>Nicola Ambrosetti (ambrosetti.nicola at gmail.com)</li> > >> <li><a href="http://ubikloadpack.com";>Ubik Load Pack > >support</a></li> > >> <li>Mikhail Epikhin (epihin-m at yandex.ru)</li> > >> +<li>Dan Haughey (dan.haughey at swinton.co.uk)</li> > >> +<li>Felix Schumacher (felix.schumacher at internetallee.de)</li> > >> </ul> > >> > >> <br/> > >> > >> Modified: jmeter/trunk/xdocs/usermanual/component_reference.xml > >> URL: > > > http://svn.apache.org/viewvc/jmeter/trunk/xdocs/usermanual/component_reference.xml?rev=1611785&r1=1611784&r2=1611785&view=diff > >> > > >============================================================================== > >> --- jmeter/trunk/xdocs/usermanual/component_reference.xml (original) > >> +++ jmeter/trunk/xdocs/usermanual/component_reference.xml Fri Jul 18 > >20:05:59 2014 > >> @@ -3545,6 +3545,18 @@ You can also configure those two propert > >> Look at the two sample configuration files (krb5.conf and jaas.conf) > >located in the jmeter bin folder for references to more documentation, > >and tweak them to match > >> your Kerberos configuration. > >> </p> > >> +<p> > >> +When generating a SPN for Kerberos SPNEGO authentication IE and > >Firefox will omit the port number > >> +from the url. Chrome has an option > >(<code>--enable-auth-negotiate-port</code>) to include the port > >> +number if it differs from the standard ones (<code>80</code> and > ><code>443</code>). That behavior > >> +can be emulated by setting the following jmeter property as below. > >> +<pre> > >> +In jmeter.properties or user.properties, set: > >> +<ul> > >> +<li>kerberos.spnego.strip_port=false</li> > >> +</ul> > >> +</pre> > >> +</p> > >> <br></br> > >> <b>Controls:</b> > >> <ul> > >> > >> > > -- Cordialement. Philippe Mouawad.
