Hi all
I have added NegotiateFilter as an attachment to
http://restlet.tigris.org/issues/show_bug.cgi?id=444
Please note that will be starting a new job in two weeks and I will not
be able to work with Restlet in the foreseeable future in my day job.
Working with Restlet and its responsive community has been a great
experience for me. I wish you and the Restlet project the best luck!
Roman
PS: a copy of the README file...
NegotiateFilter is a Restlet filter that implements Negotiate and Basic
authentication on both the client and the server side. The server
accepts both
SPNEGO and Kerberos v5 GSSAPI tokens.
If HTTP Negotiate authentication is not successful the filter tries to
fall back
to HTTP Basic authentication.
The checkSecret() method is used to implement HTTP Basic
authentication. The
MyNegotiateFilter example subclass uses JAAS to check the
username/password
combination.
NegotiateFilter comes with a runnable test client and test server
(using the
JAX-RS extension).
The code has only been tested for a few weeks in a Windows Active
Directory
environment but theoretically should work with any Kerberos v5
infrastructure.
HTTP Negotiate authentication has been successfully tested with
Firefox and
Internet Explorer webbrowsers as clients. The fallback to HTTP Basic
authentication has been tested with Firefox, Internet Explorer,
Safari, Opera
and Google Chrome.
The code has been tested with Restlet 1.1.1.
The jaas.conf file and the some constants in ExampleClient.java and
some system
properties contain site-specific information and need to be adjusted.
Also a working keytab file and krb5.conf file (or similar) are needed.
See the *.launch file for information how to set the system properties.
The NegotiateFilter class is based on Bruno Harbulot's SpnegoFilter
(see the
NegotiateFilter.java source file for license details).
Bruno Harbulot wrote:
Hi Roman and Jerome,
Sorry for the delay. I've just added the tarball to the issue tracker:
http://restlet.tigris.org/issues/show_bug.cgi?id=444
Best wishes,
Bruno.
Jerome Louvel wrote:
Hi Bruno,
I would suggest that you attach a zip with your source code to the
existing
issue in the tracker (or a new one).
Once, we create the 1.1 branch, we could use the trunk to land this
but it
is a bit premature for now.
Best regards,
Jérôme Louvel
--
Restlet ~ Founder and Lead developer ~ http://www.restlet.org
Noelios Technologies ~ Co-founder ~ http://www.noelios.com
-----Message d'origine-----
De : news [mailto:[EMAIL PROTECTED] De la part de Bruno Harbulot
Envoyé : mercredi 1 octobre 2008 12:50
À : [email protected]
Objet : Re: client-side support for Negotiate authentication scheme
Hi all,
I'd be happy to put it in the Restlet repository. Jerome, do you have
any preferred place in the repository for this?
By the way, I had mentioned I had started some work on the structure
of the Guards, etc. (mostly for my project's needs but that could be
used for 1.2). Perhaps it could be time to put it somewhere in the
Restlet code-base too. I was going to wait for the 1.1 release, but
if Roman is doing some work on this type of problem too, we might as
well try to coordinate our work.
Best wishes,
Bruno.
Roman Geus wrote:
Hi Jerome
Thanks for pointing out the necessary steps.
I'll wait until Bruno's code has been contributed to the repository
and then do my part.
Best regards,
Roman
Jerome Louvel wrote:
Hi Roman, Bruno and all,
Roman, thanks for reporting this parsing bug with WWW-Authenticate
HTTP header. I have just fixed it in SVN trunk.
Regarding the support for SPNEGO, I've updated the related RFE with
a link to Bruno's original filter and another one back to this
thread. I've also changed the target milestone of this RFE to 1.2
as it seems there is a good chance we could effectively add support
for it.
"Support SPNEGO authentication"
http://restlet.tigris.org/issues/show_bug.cgi?id=444
