Hi Roman, Bruno and all, Roman, thanks for reporting this parsing bug with WWW-Authenticate HTTP header. I have just fixed it in SVN trunk. Regarding the support for SPNEGO, I've updated the related RFE with a link to Bruno's original filter and another one back to this thread. I've also changed the target milestone of this RFE to 1.2 as it seems there is a good chance we could effectively add support for it. "Support SPNEGO authentication" http://restlet.tigris.org/issues/show_bug.cgi?id=444 It is indeed very important to be careful as soon as we copy and paste somebody else code, even for private play, as it might at some point leak out of our computers. Fortunately in this case Bruno is a gentleman :-) Roman, if we want to reuse your work to support SPNEGO in Restlet 1.2, here is the proper legal process that you will need to follow: - hope that Bruno (actually University of Manchester) effectively decides to contribute the original code to the Restlet project - wait for the code to be effectively contributed (ex: attached to the RFE or checked in SVN trunk) - based on this code, reapply your changes (or make sure Bruno's code hasn't changed since you worked on it!) - sign a Restlet JCA (see http://www.restlet.org/community/contribute) - contribute your changes as a patch or a set of new files It might seems like painful/useless legal work but it is in fact essential to keep Restlet copyright clean and to respect the rights of all copyright holders. Best regards, Jérôme Louvel -- Restlet ~ Founder and Lead developer ~ <http://www.restlet.org/> http://www.restlet.org Noelios Technologies ~ Co-founder ~ <http://www.noelios.com/> http://www.noelios.com
_____ De : Thierry Boileau [mailto:[EMAIL PROTECTED] Envoyé : jeudi 11 septembre 2008 11:59 À : [email protected] Objet : Re: client-side support for Negotiate authentication scheme Mail sent on the 08/28 and apparently lost. --- Hi Stephan, Roman, I think we will wait for the end of the vacations of Jérôme (11th of september). Anyway, thanks Roman for your effort! best regards, Thierry Boileau Stephan Koops a écrit : Hi Roman, nice for the code. Because I only changes the code of the JAX-RS extension, this is a job for Jerome or Thierry. I hope they will include it. best regards Stephan Roman Geus schrieb: Hi Stephan The NegotiateFilter, together with an example client and server is attached to this post. You are free to add this code to the Restlet codebase if you find it useful. Since I borrowed some ideas and code from Bruno Harbulot's SpnegoFilter, he should be consulted as well. Also IMHO more testing is needed. The README file: NegotiateFilter is a Restlet filter that implements Negotiate and Basic authentication on both the client and the server side. The server accepts both SPNEGO and Kerberos v5 GSSAPI tokens. It comes with a runnable test client and test server. The code has only been tested in a Windows Active Directory environment but should work with any Kerberos v5 infrastructure. The code has been tested with Restlet 1.1rc1 with a patched version of the com.noelios.restlet.authentication.AuthenticationUtils.parseAuthenticateHead er() method (see mailing list). The jaas.conf file and the some constants in ExampleClient.java and some system properties contain site-specific information and need to be adjusted. Also a working keytab file and krb5.conf file (or similar) are needed. See the *.launch file for information how to set the system properties. NegotiateFilter is based on Bruno Harbulot's SpnegoFilter. Roman Geus Cheers, Roman Stephan Koops wrote: Hi Roman, cool. Could you share the full filter class(es?) to be added to the Restlet API? best regards Stephan Roman Geus schrieb: Hi all I have been working on a Filter that implements client and server side HTTP Negotiate and Basic authentication. The code is based on Bruno Harbulot's nice SpnegoFilter. Everything works fine so far. However to get the client-side authentication working I had to change the parseAuthenticateHeader() method in the com.noelios.restlet.authentication.AuthenticationUtils class a bit. The original implementation (version 1.1rc1) fails to locate the correct AuthenticationHelper, if the realm parameter is missing in the authenticate header, as e.g. for the Negotiate scheme. Would it be possible to fix for this problem? The diff for my quick fix is attached. Best regards, Roman
