Hi Richard, Thanks! I really appreciate the concern for wasted hours.
I'm fairly confident my efforts aren't wasted, though. Kerberos authentication via SPNEGO is indeed implemented for Firefox on the desktop, and I'm using it for great justice there. However, Android's access control model presents unique challenges when exposing the Kerberos credentials cache to interested parties such as Firefox. Storing the credentials cache in a known location on the filesystem that is accessible to all apps requires external storage, which has no access control to speak of (files in external storage are world-readable), and isn't guaranteed to be available. Storing the credentials in the builtin Accounts system makes the credential store permanent--in effect, the TGT never expires. A Content Provider seems to be the best fit for this sort of situation: access can be controlled, and the content URI is quite good at being a unique, stable identifier. I've got that a working implementation ( https://github.com/cqcallaw/kerberos-app), all that's left is leveraging the content provider in other apps. From what kats is saying, there's JNI in my future if I want to do that in Firefox. Should be interesting. Cheers, -Caleb On Thu, Jul 25, 2013 at 9:49 PM, Richard Newman <[email protected]> wrote: > It's very likely I'm wrong, but some preliminary searching indicates that > SPNEGO is already implemented (perhaps only on some platforms?): > > > http://mxr.mozilla.org/mozilla-central/source/extensions/auth/nsHttpNegotiateAuth.cpp > > http://www.microhowto.info/howto/configure_firefox_to_authenticate_using_spnego_and_kerberos.html > > Figured I'd send this message on the off chance that I save you hours of > work... > > -R > > ----- Original Message ----- > From: "Caleb" <[email protected]> > To: [email protected] > Sent: Thursday, July 25, 2013 8:37:20 PM > Subject: Call site for HTTP GET operation > > Hi all, > > What library or API calls does Fennec use to perform the basic HTTP GET > operation when a page is loaded? > > I'm attempting to implement Kerberos authentication via SPNEGO in a web > browser on Android. In researching how I might accomplish such a thing in > Fennec, I've hit a bit of a wall: I'm unable to conclusively determine > where the GET operation is performed, so I can't determine what needs to be > modified. > > grepping through the source code for references to HTTPURLConnection or > HttpClient hasn't turned up anything relevant. I see there's a copy of > httpclientandrdoidlib included in the source tree, but it appears to be > utilized by secondary services such as Mozilla Sync. > > Stepping through the code in a debugger, I can trace the logic to the > "loadURIWithFlags" in toolkit/content/widgets/browser.xml, but there a > reference is made to an object (?) named "webNavigation", and there the > trail ends: I've been unable to locate a type that actually implements the > "loadURIWithFlags" functionality--if there's a relevant hit in the grep > results, it's lost in the noise of false positives. > > I do sometimes see this LogCat message come up when I attempt to access a > secured page: > > W/DefaultRequestDirector(636): Authentication error: Unable to respond to > any of these challenges: {negotiate=WWW-Authenticate: Negotiate} > > This message makes me suspect that some implementation of Apache > HttpClient is in use, but I can't find the calls (either to the reference > implementation, or httpclientandroidlib). Break points in the > httpclientandroidlib code are never hit. > > Any advice or leads would be greatly appreciated. > > Cheers, > -Caleb > > _______________________________________________ > mobile-firefox-dev mailing list > [email protected] > https://mail.mozilla.org/listinfo/mobile-firefox-dev >
_______________________________________________ mobile-firefox-dev mailing list [email protected] https://mail.mozilla.org/listinfo/mobile-firefox-dev
