Hi Jerome
Thanks for pointing out the necessary steps.
I'll wait until Bruno's code has been contributed to the repository and
then do my part.
Best regards,
Roman
Jerome Louvel wrote:
Hi Roman, Bruno and all,
Roman, thanks for reporting this parsing bug with WWW-Authenticate
HTTP header. I have just fixed it in SVN trunk.
Regarding the support for SPNEGO, I've updated the related RFE with a
link to Bruno's original filter and another one back to this thread.
I've also changed the target milestone of this RFE to 1.2 as it seems
there is a good chance we could effectively add support for it.
"Support SPNEGO authentication"
http://restlet.tigris.org/issues/show_bug.cgi?id=444
It is indeed very important to be careful as soon as we copy and paste
somebody else code, even for private play, as it might at some point
leak out of our computers. Fortunately in this case Bruno is a
gentleman :-)
Roman, if we want to reuse your work to support SPNEGO in Restlet 1.2,
here is the proper legal process that you will need to follow:
- hope that Bruno (actually University of Manchester) effectively
decides to contribute the original code to the Restlet project
- wait for the code to be effectively contributed (ex: attached to
the RFE or checked in SVN trunk)
- based on this code, reapply your changes (or make sure Bruno's code
hasn't changed since you worked on it!)
- sign a Restlet JCA (see http://www.restlet.org/community/contribute)
- contribute your changes as a patch or a set of new files
It might seems like painful/useless legal work but it is in fact
essential to keep Restlet copyright clean and to respect the rights of
all copyright holders.
Best regards,
Jérôme Louvel
--
Restlet ~ Founder and Lead developer ~ http://www.restlet.org
<http://www.restlet.org/>
Noelios Technologies ~ Co-founder ~ http://www.noelios.com
<http://www.noelios.com/>
------------------------------------------------------------------------
*De :* Thierry Boileau [mailto:[EMAIL PROTECTED]
*Envoyé :* jeudi 11 septembre 2008 11:59
*À :* [email protected]
*Objet :* Re: client-side support for Negotiate authentication scheme
Mail sent on the 08/28 and apparently lost.
---
Hi Stephan, Roman,
I think we will wait for the end of the vacations of Jérôme (11th of
september).
Anyway, thanks Roman for your effort!
best regards,
Thierry Boileau
Stephan Koops a écrit :
Hi Roman,
nice for the code. Because I only changes the code of the JAX-RS
extension, this is a job for Jerome or Thierry. I hope they will
include it.
best regards
Stephan
Roman Geus schrieb:
Hi Stephan
The NegotiateFilter, together with an example client and server is
attached to this post.
You are free to add this code to the Restlet codebase if you find it
useful. Since I borrowed some ideas and code from Bruno Harbulot's
SpnegoFilter, he should be consulted as well. Also IMHO more testing
is needed.
The README file:
NegotiateFilter is a Restlet filter that implements Negotiate and
Basic
authentication on both the client and the server side. The server
accepts both
SPNEGO and Kerberos v5 GSSAPI tokens.
It comes with a runnable test client and test server.
The code has only been tested in a Windows Active Directory
environment but
should work with any Kerberos v5 infrastructure.
The code has been tested with Restlet 1.1rc1 with a patched version
of the
com.noelios.restlet.authentication.AuthenticationUtils.parseAuthenticateHeader()
method (see mailing list).
The jaas.conf file and the some constants in ExampleClient.java and
some system
properties contain site-specific information and need to be adjusted.
Also a working keytab file and krb5.conf file (or similar) are needed.
See the *.launch file for information how to set the system
properties.
NegotiateFilter is based on Bruno Harbulot's SpnegoFilter.
Roman Geus
Cheers,
Roman
Stephan Koops wrote:
Hi Roman,
cool. Could you share the full filter class(es?) to be added to the
Restlet API?
best regards
Stephan
Roman Geus schrieb:
Hi all
I have been working on a Filter that implements client and server
side HTTP Negotiate and Basic authentication. The code is based on
Bruno Harbulot's nice SpnegoFilter.
Everything works fine so far. However to get the client-side
authentication working I had to change the
parseAuthenticateHeader() method in the
com.noelios.restlet.authentication.AuthenticationUtils class a bit.
The original implementation (version 1.1rc1) fails to locate the
correct AuthenticationHelper, if the realm parameter is missing in
the authenticate header, as e.g. for the Negotiate scheme.
Would it be possible to fix for this problem?
The diff for my quick fix is attached.
Best regards,
Roman
