Re: svn commit: r1611785 - in /jmeter/trunk: bin/jmeter.properties src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java xdocs/changes.xml xdocs/usermanual/component_reference.xml

Wed, 23 Jul 2014 04:11:30 -0700 

Am 23.07.2014 12:27, schrieb sebb:

On 22 July 2014 17:19, Felix Schumacher
<[email protected]> wrote:



On 22. Juli 2014 16:50:20 MESZ, sebb <[email protected]> wrote:

On 18 July 2014 21:06,  <[email protected]> wrote:

Author: pmouawad
Date: Fri Jul 18 20:05:59 2014
New Revision: 1611785

URL: http://svn.apache.org/r1611785
Log:
Bug 56701 - HTTP Authorization Manager/ Kerberos Authentication: add

port to SPN when server port is neither 80 nor 443

Add a jmeter property to control behaviour.
By default strip port.


-1.

As far as I can tell, the patch changes the default behaviour.
The default should be changed, e.g. by setting STRIP_PORT to false by
default.



The default was (and should be) to strip ports. I have tested spnego 
with default option and it worked.


No, the default was to strip 80 and 443, not all ports.

Whether the default should be changed is a separate issue.


Why do you think the default behavior was changed by this commit?


Originally, the code used

boolean stripPort = (url.getPort() == HTTPConstants.DEFAULT_HTTP_
PORT || url.getPort() == HTTPConstants.DEFAULT_HTTPS_PORT);

Now it effectively uses


boolean stripPort = STRIP_PORT || (url.getPort() == 
HTTPConstants.DEFAULT_HTTP_

PORT || url.getPort() == HTTPConstants.DEFAULT_HTTPS_PORT);

Since STRIP_PORT == true by default, this means the stripPort is
always true by default - it is not affected by the actual port that is
used.

So the default is now to strip ports. However, that is a change from
the original code.



You are looking at the wrong change then. The default was changed in 
r1611028 from strip all to strip non default ports.
More details can be found at 
https://issues.apache.org/bugzilla/show_bug.cgi?id=56701



The change r1611028 made a non default option that was supported by 
chrome only, to be the default. That was changed back in r1611785 which 
you are now looking at.



So given this, do you still think that we should change the stripping 
behavior to one that

 * is only supported in chrome, which is even not the default

 * was never released in jmeter and thus introduces changes between 
released versions



Or is there anything wrong with the change as such, other then 
reestablishing the state before r1611785?


Regards
 Felix




Regards
Felix



Bugzilla Id: 56701

Modified:
    jmeter/trunk/bin/jmeter.properties


jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java

    jmeter/trunk/xdocs/changes.xml
    jmeter/trunk/xdocs/usermanual/component_reference.xml

Modified: jmeter/trunk/bin/jmeter.properties
URL:

http://svn.apache.org/viewvc/jmeter/trunk/bin/jmeter.properties?rev=1611785&r1=1611784&r2=1611785&view=diff



==============================================================================

--- jmeter/trunk/bin/jmeter.properties (original)
+++ jmeter/trunk/bin/jmeter.properties Fri Jul 18 20:05:59 2014
@@ -337,7 +337,11 @@ log_level.jorphan=INFO

 # AuthManager Kerberos configuration
 # Name of application module used in jaas.conf
-#kerberos_jaas_application=JMeter
+#kerberos_jaas_application=JMeter
+
+# Should ports be stripped from urls before constructing SPNs
+# for spnego authentication
+#kerberos.spnego.strip_port=true

 #         Sample logging levels for Commons HttpClient
 #
@@ -962,8 +966,8 @@ beanshell.server.file=../extras/startup.
 #jsyntaxtextarea.maxundos=50

 # Maximum size of HTML page that can be displayed; default=200 *

1024

-# Set to 0 to disable the size check
-#view.results.tree.max_size=0
+# Set to 0 to disable the size check and display the whole response
+#view.results.tree.max_size=204800

 # Order of Renderers in View Results Tree

 # Note full class names should be used for non jmeter core 
renderers


Modified:

jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java

URL:

http://svn.apache.org/viewvc/jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java?rev=1611785&r1=1611784&r2=1611785&view=diff



==============================================================================

---

jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java
(original)

+++

jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java
Fri Jul 18 20:05:59 2014

@@ -96,6 +96,9 @@ public class AuthManager extends ConfigT

     private static final boolean DEFAULT_CLEAR_VALUE = false;


+    /** Decides whether port should be omitted from SPN for 
kerberos

spnego authentication */

+    private static final boolean STRIP_PORT =

JMeterUtils.getPropDefault("kerberos.spnego.strip_port", true);

+
     public enum Mechanism {
         BASIC_DIGEST, KERBEROS;
     }
@@ -392,8 +395,7 @@ public class AuthManager extends ConfigT
                 log.debug(username + " > D="+domain+" R="+realm + "

M="+auth.getMechanism());

             }
             if (Mechanism.KERBEROS.equals(auth.getMechanism())) {
-                boolean stripPort = (url.getPort() ==

HTTPConstants.DEFAULT_HTTP_PORT || url.getPort() ==
HTTPConstants.DEFAULT_HTTPS_PORT);

-                ((AbstractHttpClient)

client).getAuthSchemes().register(AuthPolicy.SPNEGO, new
SPNegoSchemeFactory(stripPort));

+                ((AbstractHttpClient)

client).getAuthSchemes().register(AuthPolicy.SPNEGO, new
SPNegoSchemeFactory(isStripPort(url)));

                 credentialsProvider.setCredentials(new

AuthScope(null, -1, null), USE_JAAS_CREDENTIALS);

             } else {
                 credentialsProvider.setCredentials(
@@ -403,6 +405,24 @@ public class AuthManager extends ConfigT
         }
     }

+    /**
+     * IE and Firefox will always strip port from the url before

constructing

+     * the SPN. Chrome has an option

(<code>--enable-auth-negotiate-port</code>)

+     * to include the port if it differs from <code>80</code> or

+     * <code>443</code>. That behavior can be changed by setting 
the

jmeter

+     * property <code>kerberos.spnego.strip_port</code>.
+     *
+     * @param url to be checked
+     * @return <code>true</code> when port should omitted in SPN
+     */
+    private boolean isStripPort(URL url) {
+        if (STRIP_PORT) {
+            return true;
+        }
+        return (url.getPort() == HTTPConstants.DEFAULT_HTTP_PORT ||
+                url.getPort() == HTTPConstants.DEFAULT_HTTPS_PORT);
+    }
+
     /** {@inheritDoc} */
     @Override
     public void testStarted() {

Modified: jmeter/trunk/xdocs/changes.xml
URL:

http://svn.apache.org/viewvc/jmeter/trunk/xdocs/changes.xml?rev=1611785&r1=1611784&r2=1611785&view=diff



==============================================================================

--- jmeter/trunk/xdocs/changes.xml (original)
+++ jmeter/trunk/xdocs/changes.xml Fri Jul 18 20:05:59 2014
@@ -213,7 +213,7 @@ A workaround is to use a Java 7 update 4
 <h3>Timers, Assertions, Config, Pre- &amp; Post-Processors</h3>
 <ul>
 <li><bugzilla>56691</bugzilla> - Synchronizing Timer : Add timeout

on waiting</li>

-<li><bugzilla>56701</bugzilla> - HTTP Authorization Manager/

Kerberos Authentication: add port to SPN when server port is neither 
80

nor 443</li>

+<li><bugzilla>56701</bugzilla> - HTTP Authorization Manager/

Kerberos Authentication: add port to SPN when server port is neither 
80

nor 443. Based on patches from Dan Haughey (dan.haughey at
swinton.co.uk) and Felix Schumacher (felix.schumacher at
internetallee.de)</li>

 </ul>

 <h3>Functions</h3>
@@ -253,6 +253,8 @@ A workaround is to use a Java 7 update 4
 <li>Nicola Ambrosetti (ambrosetti.nicola at gmail.com)</li>
 <li><a href="http://ubikloadpack.com";>Ubik Load Pack

support</a></li>

 <li>Mikhail Epikhin (epihin-m at yandex.ru)</li>
+<li>Dan Haughey (dan.haughey at swinton.co.uk)</li>
+<li>Felix Schumacher (felix.schumacher at internetallee.de)</li>
 </ul>

 <br/>

Modified: jmeter/trunk/xdocs/usermanual/component_reference.xml
URL:

http://svn.apache.org/viewvc/jmeter/trunk/xdocs/usermanual/component_reference.xml?rev=1611785&r1=1611784&r2=1611785&view=diff



==============================================================================

--- jmeter/trunk/xdocs/usermanual/component_reference.xml (original)
+++ jmeter/trunk/xdocs/usermanual/component_reference.xml Fri Jul 18

20:05:59 2014

@@ -3545,6 +3545,18 @@ You can also configure those two propert

 Look at the two sample configuration files (krb5.conf and 
jaas.conf)

located in the jmeter bin folder for references to more 
documentation,

and tweak them to match

 your Kerberos configuration.
 </p>
+<p>
+When generating a SPN for Kerberos SPNEGO authentication IE and

Firefox will omit the port number

+from the url. Chrome has an option

(<code>--enable-auth-negotiate-port</code>) to include the port

+number if it differs from the standard ones (<code>80</code> and

<code>443</code>). That behavior

+can be emulated by setting the following jmeter property as below.
+<pre>
+In jmeter.properties or user.properties, set:
+<ul>
+<li>kerberos.spnego.strip_port=false</li>
+</ul>
+</pre>
+</p>
 <br></br>
 <b>Controls:</b>
 <ul>


























					Reply via email to