Hello Bruno
I'm sorry about not paying more attention to the licensing issues. I
meant no harm and I am certainly not trying to take credit for your work.
Just to explain: the code I posted is not a quick rip-off of your
filter. I put considerable amount of time into rewriting, refactoring
and adding new functionality.
It was my understanding that NegotiateFilter would not fall into
category of "redistribution" or "modification" of your SpnegoFilter and
thus not violate the copyright. However I'm not experienced in these
legal matters.
I would like to thank you again for sharing your code. Without it, it
would have taken me a much longer time to get Negotiate authentication
working.
Regards,
Roman
Bruno Harbulot wrote:
Hi Roman,
When you take someone else's code and modify it, you might want to
look at the beginning of the file (or the licence file), especially
when you post a file to a public mailing list and thus have no chance
of being able to amend it once archived:
Copyright (c) 2008, The University of Manchester, United Kingdom.
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions
are met:
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above
copyright notice, this list of conditions and the following
disclaimer in the documentation and/or other materials provided
with the distribution.
* Neither the name of the The University of Manchester nor the
names of its contributors may be used to endorse or promote
products derived from this software without specific prior
written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
This being said, I'm glad you found it useful. In principle, I'm in
favour of including it into the Restlet code. However, the reason I
published it separately in the first place was because it was a small
prototype and I felt this feature should be part of a wider rethink of
the Guard-related classes. This is an objective that Jerome set for
Restlet 1.2, so let's wait for 1.1 final first, although of course we
can already start to talk about it and experiment with new features.
Cheers,
Bruno.
Roman Geus wrote:
Hi Stephan
The NegotiateFilter, together with an example client and server is
attached to this post.
You are free to add this code to the Restlet codebase if you find it
useful. Since I borrowed some ideas and code from Bruno Harbulot's
SpnegoFilter, he should be consulted as well. Also IMHO more testing
is needed.
The README file:
NegotiateFilter is a Restlet filter that implements Negotiate and Basic
authentication on both the client and the server side. The server
accepts both
SPNEGO and Kerberos v5 GSSAPI tokens.
It comes with a runnable test client and test server.
The code has only been tested in a Windows Active Directory
environment but
should work with any Kerberos v5 infrastructure.
The code has been tested with Restlet 1.1rc1 with a patched version
of the
com.noelios.restlet.authentication.AuthenticationUtils.parseAuthenticateHeader()
method (see mailing list).
The jaas.conf file and the some constants in ExampleClient.java and
some system
properties contain site-specific information and need to be adjusted.
Also a working keytab file and krb5.conf file (or similar) are needed.
See the *.launch file for information how to set the system properties.
NegotiateFilter is based on Bruno Harbulot's SpnegoFilter.
Roman Geus
Cheers,
Roman
