jmeter-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Felix Schumacher <felix.schumac...@internetallee.de>
Subject Re: svn commit: r1611785 - in /jmeter/trunk: bin/jmeter.properties src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java xdocs/changes.xml xdocs/usermanual/component_reference.xml
Date Tue, 22 Jul 2014 16:19:50 GMT


On 22. Juli 2014 16:50:20 MESZ, sebb <sebbaz@gmail.com> wrote:
>On 18 July 2014 21:06,  <pmouawad@apache.org> wrote:
>> Author: pmouawad
>> Date: Fri Jul 18 20:05:59 2014
>> New Revision: 1611785
>>
>> URL: http://svn.apache.org/r1611785
>> Log:
>> Bug 56701 - HTTP Authorization Manager/ Kerberos Authentication: add
>port to SPN when server port is neither 80 nor 443
>> Add a jmeter property to control behaviour.
>> By default strip port.
>
>-1.
>
>As far as I can tell, the patch changes the default behaviour.
>The default should be changed, e.g. by setting STRIP_PORT to false by
>default.

The default was (and should be) to strip ports. I have tested spnego with default option and
it worked.

Why do you think the default behavior was changed by this commit?

Regards
Felix
>
>> Bugzilla Id: 56701
>>
>> Modified:
>>     jmeter/trunk/bin/jmeter.properties
>>    
>jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java
>>     jmeter/trunk/xdocs/changes.xml
>>     jmeter/trunk/xdocs/usermanual/component_reference.xml
>>
>> Modified: jmeter/trunk/bin/jmeter.properties
>> URL:
>http://svn.apache.org/viewvc/jmeter/trunk/bin/jmeter.properties?rev=1611785&r1=1611784&r2=1611785&view=diff
>>
>==============================================================================
>> --- jmeter/trunk/bin/jmeter.properties (original)
>> +++ jmeter/trunk/bin/jmeter.properties Fri Jul 18 20:05:59 2014
>> @@ -337,7 +337,11 @@ log_level.jorphan=INFO
>>
>>  # AuthManager Kerberos configuration
>>  # Name of application module used in jaas.conf
>> -#kerberos_jaas_application=JMeter
>> +#kerberos_jaas_application=JMeter
>> +
>> +# Should ports be stripped from urls before constructing SPNs
>> +# for spnego authentication
>> +#kerberos.spnego.strip_port=true
>>
>>  #         Sample logging levels for Commons HttpClient
>>  #
>> @@ -962,8 +966,8 @@ beanshell.server.file=../extras/startup.
>>  #jsyntaxtextarea.maxundos=50
>>
>>  # Maximum size of HTML page that can be displayed; default=200 *
>1024
>> -# Set to 0 to disable the size check
>> -#view.results.tree.max_size=0
>> +# Set to 0 to disable the size check and display the whole response
>> +#view.results.tree.max_size=204800
>>
>>  # Order of Renderers in View Results Tree
>>  # Note full class names should be used for non jmeter core renderers
>>
>> Modified:
>jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java
>> URL:
>http://svn.apache.org/viewvc/jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java?rev=1611785&r1=1611784&r2=1611785&view=diff
>>
>==============================================================================
>> ---
>jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java
>(original)
>> +++
>jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java
>Fri Jul 18 20:05:59 2014
>> @@ -96,6 +96,9 @@ public class AuthManager extends ConfigT
>>
>>      private static final boolean DEFAULT_CLEAR_VALUE = false;
>>
>> +    /** Decides whether port should be omitted from SPN for kerberos
>spnego authentication */
>> +    private static final boolean STRIP_PORT =
>JMeterUtils.getPropDefault("kerberos.spnego.strip_port", true);
>> +
>>      public enum Mechanism {
>>          BASIC_DIGEST, KERBEROS;
>>      }
>> @@ -392,8 +395,7 @@ public class AuthManager extends ConfigT
>>                  log.debug(username + " > D="+domain+" R="+realm + "
>M="+auth.getMechanism());
>>              }
>>              if (Mechanism.KERBEROS.equals(auth.getMechanism())) {
>> -                boolean stripPort = (url.getPort() ==
>HTTPConstants.DEFAULT_HTTP_PORT || url.getPort() ==
>HTTPConstants.DEFAULT_HTTPS_PORT);
>> -                ((AbstractHttpClient)
>client).getAuthSchemes().register(AuthPolicy.SPNEGO, new
>SPNegoSchemeFactory(stripPort));
>> +                ((AbstractHttpClient)
>client).getAuthSchemes().register(AuthPolicy.SPNEGO, new
>SPNegoSchemeFactory(isStripPort(url)));
>>                  credentialsProvider.setCredentials(new
>AuthScope(null, -1, null), USE_JAAS_CREDENTIALS);
>>              } else {
>>                  credentialsProvider.setCredentials(
>> @@ -403,6 +405,24 @@ public class AuthManager extends ConfigT
>>          }
>>      }
>>
>> +    /**
>> +     * IE and Firefox will always strip port from the url before
>constructing
>> +     * the SPN. Chrome has an option
>(<code>--enable-auth-negotiate-port</code>)
>> +     * to include the port if it differs from <code>80</code> or
>> +     * <code>443</code>. That behavior can be changed by setting the
>jmeter
>> +     * property <code>kerberos.spnego.strip_port</code>.
>> +     *
>> +     * @param url to be checked
>> +     * @return <code>true</code> when port should omitted in SPN
>> +     */
>> +    private boolean isStripPort(URL url) {
>> +        if (STRIP_PORT) {
>> +            return true;
>> +        }
>> +        return (url.getPort() == HTTPConstants.DEFAULT_HTTP_PORT ||
>> +                url.getPort() == HTTPConstants.DEFAULT_HTTPS_PORT);
>> +    }
>> +
>>      /** {@inheritDoc} */
>>      @Override
>>      public void testStarted() {
>>
>> Modified: jmeter/trunk/xdocs/changes.xml
>> URL:
>http://svn.apache.org/viewvc/jmeter/trunk/xdocs/changes.xml?rev=1611785&r1=1611784&r2=1611785&view=diff
>>
>==============================================================================
>> --- jmeter/trunk/xdocs/changes.xml (original)
>> +++ jmeter/trunk/xdocs/changes.xml Fri Jul 18 20:05:59 2014
>> @@ -213,7 +213,7 @@ A workaround is to use a Java 7 update 4
>>  <h3>Timers, Assertions, Config, Pre- &amp; Post-Processors</h3>
>>  <ul>
>>  <li><bugzilla>56691</bugzilla> - Synchronizing Timer : Add timeout
>on waiting</li>
>> -<li><bugzilla>56701</bugzilla> - HTTP Authorization Manager/
>Kerberos Authentication: add port to SPN when server port is neither 80
>nor 443</li>
>> +<li><bugzilla>56701</bugzilla> - HTTP Authorization Manager/
>Kerberos Authentication: add port to SPN when server port is neither 80
>nor 443. Based on patches from Dan Haughey (dan.haughey at
>swinton.co.uk) and Felix Schumacher (felix.schumacher at
>internetallee.de)</li>
>>  </ul>
>>
>>  <h3>Functions</h3>
>> @@ -253,6 +253,8 @@ A workaround is to use a Java 7 update 4
>>  <li>Nicola Ambrosetti (ambrosetti.nicola at gmail.com)</li>
>>  <li><a href="http://ubikloadpack.com">Ubik Load Pack
>support</a></li>
>>  <li>Mikhail Epikhin (epihin-m at yandex.ru)</li>
>> +<li>Dan Haughey (dan.haughey at swinton.co.uk)</li>
>> +<li>Felix Schumacher (felix.schumacher at internetallee.de)</li>
>>  </ul>
>>
>>  <br/>
>>
>> Modified: jmeter/trunk/xdocs/usermanual/component_reference.xml
>> URL:
>http://svn.apache.org/viewvc/jmeter/trunk/xdocs/usermanual/component_reference.xml?rev=1611785&r1=1611784&r2=1611785&view=diff
>>
>==============================================================================
>> --- jmeter/trunk/xdocs/usermanual/component_reference.xml (original)
>> +++ jmeter/trunk/xdocs/usermanual/component_reference.xml Fri Jul 18
>20:05:59 2014
>> @@ -3545,6 +3545,18 @@ You can also configure those two propert
>>  Look at the two sample configuration files (krb5.conf and jaas.conf)
>located in the jmeter bin folder for references to more documentation,
>and tweak them to match
>>  your Kerberos configuration.
>>  </p>
>> +<p>
>> +When generating a SPN for Kerberos SPNEGO authentication IE and
>Firefox will omit the port number
>> +from the url. Chrome has an option
>(<code>--enable-auth-negotiate-port</code>) to include the port
>> +number if it differs from the standard ones (<code>80</code> and
><code>443</code>). That behavior
>> +can be emulated by setting the following jmeter property as below.
>> +<pre>
>> +In jmeter.properties or user.properties, set:
>> +<ul>
>> +<li>kerberos.spnego.strip_port=false</li>
>> +</ul>
>> +</pre>
>> +</p>
>>  <br></br>
>>  <b>Controls:</b>
>>  <ul>
>>
>>


Mime
View raw message