Re: client-side support for Negotiate authentication scheme

[Thierry Boileau]

Hello Roman, that was a pleasure to work with you too! Thanks a lot for your contribution and your nice message. Good luck for the future! Best regards, Thierry Boileau -- Restlet ~ Core developer ~ http://www.restlet.org Noelios Technologies ~ Co-founder ~ http://www.noelios.com Hi all I have added NegotiateFilter as an attachment to http://restlet.tigris.org/issues/show_bug.cgi?id=444 Please note that will be starting a new job in two weeks and I will not be able to work with Restlet in the foreseeable future in my day job. Working with Restlet and its responsive community has been a great experience for me. I wish you and the Restlet project the best luck! Roman PS: a copy of the README file... NegotiateFilter is a Restlet filter that implements Negotiate and Basic authentication on both the client and the server side. The server accepts both SPNEGO and Kerberos v5 GSSAPI tokens. If HTTP Negotiate authentication is not successful the filter tries to fall back to HTTP Basic authentication. The checkSecret() method is used to implement HTTP Basic authentication. The MyNegotiateFilter example subclass uses JAAS to check the username/password combination.  NegotiateFilter comes with a runnable test client and test server (using the JAX-RS extension). The code has only been tested for a few weeks in a Windows Active Directory environment but theoretically should work with any Kerberos v5 infrastructure. HTTP Negotiate authentication has been successfully tested with Firefox and Internet Explorer webbrowsers as clients. The fallback to HTTP Basic authentication has been tested with Firefox, Internet Explorer, Safari, Opera and Google Chrome. The code has been tested with Restlet 1.1.1. The jaas.conf file and the some constants in ExampleClient.java and some system properties contain site-specific information and need to be adjusted. Also a working keytab file and krb5.conf file (or similar) are needed. See the *.launch file for information how to set the system properties. The NegotiateFilter class is based on Bruno Harbulot's SpnegoFilter (see the NegotiateFilter.java source file for license details). Bruno Harbulot wrote: Hi Roman and Jerome, Sorry for the delay. I've just added the tarball to the issue tracker:   http://restlet.tigris.org/issues/show_bug.cgi?id=444 Best wishes, Bruno. Jerome Louvel wrote: Hi Bruno, I would suggest that you attach a zip with your source code to the existing issue in the tracker (or a new one). Once, we create the 1.1 branch, we could use the trunk to land this but it is a bit premature for now. Best regards, Jérôme Louvel --  Restlet ~ Founder and Lead developer ~ http://www.restlet.org Noelios Technologies ~ Co-founder ~ http://www.noelios.com -----Message d'origine----- De : news [mailto:[EMAIL PROTECTED]] De la part de Bruno Harbulot Envoyé : mercredi 1 octobre 2008 12:50 À : discuss@restlet.tigris.org Objet : Re: client-side support for Negotiate authentication scheme Hi all, I'd be happy to put it in the Restlet repository. Jerome, do you have any preferred place in the repository for this? By the way, I had mentioned I had started some work on the structure of the Guards, etc. (mostly for my project's needs but that could be used for 1.2). Perhaps it could be time to put it somewhere in the Restlet code-base too.  I was going to wait for the 1.1 release, but if Roman is doing some work on this type of problem too, we might as well try to coordinate our work. Best wishes, Bruno. Roman Geus wrote: Hi Jerome Thanks for pointing out the necessary steps. I'll wait until Bruno's code has been contributed to the repository and then do my part. Best regards, Roman Jerome Louvel wrote: Hi Roman, Bruno and all,   Roman, thanks for reporting this parsing bug with WWW-Authenticate HTTP header. I have just fixed it in SVN trunk.   Regarding the support for SPNEGO, I've updated the related RFE with a link to Bruno's original filter and another one back to this thread. I've also changed the target milestone of this RFE to 1.2 as it seems there is a good chance we could effectively add support for it.   "Support SPNEGO authentication" http://restlet.tigris.org/issues/show_bug.cgi?id=444