jmeter-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sebb <seb...@gmail.com>
Subject Re: svn commit: r1611785 - in /jmeter/trunk: bin/jmeter.properties src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java xdocs/changes.xml xdocs/usermanual/component_reference.xml
Date Thu, 24 Jul 2014 10:41:43 GMT
On 23 July 2014 12:09, Felix Schumacher
<felix.schumacher@internetallee.de> wrote:
> Am 23.07.2014 12:27, schrieb sebb:
>
>> On 22 July 2014 17:19, Felix Schumacher
>> <felix.schumacher@internetallee.de> wrote:
>>>
>>>
>>>
>>> On 22. Juli 2014 16:50:20 MESZ, sebb <sebbaz@gmail.com> wrote:
>>>>
>>>> On 18 July 2014 21:06,  <pmouawad@apache.org> wrote:
>>>>>
>>>>> Author: pmouawad
>>>>> Date: Fri Jul 18 20:05:59 2014
>>>>> New Revision: 1611785
>>>>>
>>>>> URL: http://svn.apache.org/r1611785
>>>>> Log:
>>>>> Bug 56701 - HTTP Authorization Manager/ Kerberos Authentication: add
>>>>
>>>> port to SPN when server port is neither 80 nor 443
>>>>>
>>>>> Add a jmeter property to control behaviour.
>>>>> By default strip port.
>>>>
>>>>
>>>> -1.
>>>>
>>>> As far as I can tell, the patch changes the default behaviour.
>>>> The default should be changed, e.g. by setting STRIP_PORT to false by
>>>> default.
>>>
>>>
>>> The default was (and should be) to strip ports. I have tested spnego with
>>> default option and it worked.
>>
>>
>> No, the default was to strip 80 and 443, not all ports.
>>
>> Whether the default should be changed is a separate issue.
>>
>>> Why do you think the default behavior was changed by this commit?
>>
>>
>> Originally, the code used
>>
>> boolean stripPort = (url.getPort() == HTTPConstants.DEFAULT_HTTP_
>> PORT || url.getPort() == HTTPConstants.DEFAULT_HTTPS_PORT);
>>
>> Now it effectively uses
>>
>> boolean stripPort = STRIP_PORT || (url.getPort() ==
>> HTTPConstants.DEFAULT_HTTP_
>> PORT || url.getPort() == HTTPConstants.DEFAULT_HTTPS_PORT);
>>
>> Since STRIP_PORT == true by default, this means the stripPort is
>> always true by default - it is not affected by the actual port that is
>> used.
>>
>> So the default is now to strip ports. However, that is a change from
>> the original code.
>
>
> You are looking at the wrong change then. The default was changed in
> r1611028 from strip all to strip non default ports.

OK, I see now.

Sorry, I was looking at the change message in isolation.

> More details can be found at
> https://issues.apache.org/bugzilla/show_bug.cgi?id=56701
>
> The change r1611028 made a non default option that was supported by chrome
> only, to be the default. That was changed back in r1611785 which you are now
> looking at.
>
> So given this, do you still think that we should change the stripping
> behavior to one that
>  * is only supported in chrome, which is even not the default
>  * was never released in jmeter and thus introduces changes between released
> versions

No ...

> Or is there anything wrong with the change as such, other then
> reestablishing the state before r1611785?

No.

> Regards
>  Felix
>
>>
>>
>>> Regards
>>> Felix
>>>>
>>>>
>>>>> Bugzilla Id: 56701
>>>>>
>>>>> Modified:
>>>>>     jmeter/trunk/bin/jmeter.properties
>>>>>
>>>>
>>>> jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java
>>>>>
>>>>>     jmeter/trunk/xdocs/changes.xml
>>>>>     jmeter/trunk/xdocs/usermanual/component_reference.xml
>>>>>
>>>>> Modified: jmeter/trunk/bin/jmeter.properties
>>>>> URL:
>>>>
>>>>
>>>> http://svn.apache.org/viewvc/jmeter/trunk/bin/jmeter.properties?rev=1611785&r1=1611784&r2=1611785&view=diff
>>>>>
>>>>>
>>>>
>>>> ==============================================================================
>>>>>
>>>>> --- jmeter/trunk/bin/jmeter.properties (original)
>>>>> +++ jmeter/trunk/bin/jmeter.properties Fri Jul 18 20:05:59 2014
>>>>> @@ -337,7 +337,11 @@ log_level.jorphan=INFO
>>>>>
>>>>>  # AuthManager Kerberos configuration
>>>>>  # Name of application module used in jaas.conf
>>>>> -#kerberos_jaas_application=JMeter
>>>>> +#kerberos_jaas_application=JMeter
>>>>> +
>>>>> +# Should ports be stripped from urls before constructing SPNs
>>>>> +# for spnego authentication
>>>>> +#kerberos.spnego.strip_port=true
>>>>>
>>>>>  #         Sample logging levels for Commons HttpClient
>>>>>  #
>>>>> @@ -962,8 +966,8 @@ beanshell.server.file=../extras/startup.
>>>>>  #jsyntaxtextarea.maxundos=50
>>>>>
>>>>>  # Maximum size of HTML page that can be displayed; default=200 *
>>>>
>>>> 1024
>>>>>
>>>>> -# Set to 0 to disable the size check
>>>>> -#view.results.tree.max_size=0
>>>>> +# Set to 0 to disable the size check and display the whole response
>>>>> +#view.results.tree.max_size=204800
>>>>>
>>>>>  # Order of Renderers in View Results Tree
>>>>>  # Note full class names should be used for non jmeter core renderers
>>>>>
>>>>> Modified:
>>>>
>>>>
>>>> jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java
>>>>>
>>>>> URL:
>>>>
>>>>
>>>> http://svn.apache.org/viewvc/jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java?rev=1611785&r1=1611784&r2=1611785&view=diff
>>>>>
>>>>>
>>>>
>>>> ==============================================================================
>>>>>
>>>>> ---
>>>>
>>>>
>>>> jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java
>>>> (original)
>>>>>
>>>>> +++
>>>>
>>>>
>>>> jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java
>>>> Fri Jul 18 20:05:59 2014
>>>>>
>>>>> @@ -96,6 +96,9 @@ public class AuthManager extends ConfigT
>>>>>
>>>>>      private static final boolean DEFAULT_CLEAR_VALUE = false;
>>>>>
>>>>> +    /** Decides whether port should be omitted from SPN for kerberos
>>>>
>>>> spnego authentication */
>>>>>
>>>>> +    private static final boolean STRIP_PORT =
>>>>
>>>> JMeterUtils.getPropDefault("kerberos.spnego.strip_port", true);
>>>>>
>>>>> +
>>>>>      public enum Mechanism {
>>>>>          BASIC_DIGEST, KERBEROS;
>>>>>      }
>>>>> @@ -392,8 +395,7 @@ public class AuthManager extends ConfigT
>>>>>                  log.debug(username + " > D="+domain+" R="+realm +
"
>>>>
>>>> M="+auth.getMechanism());
>>>>>
>>>>>              }
>>>>>              if (Mechanism.KERBEROS.equals(auth.getMechanism())) {
>>>>> -                boolean stripPort = (url.getPort() ==
>>>>
>>>> HTTPConstants.DEFAULT_HTTP_PORT || url.getPort() ==
>>>> HTTPConstants.DEFAULT_HTTPS_PORT);
>>>>>
>>>>> -                ((AbstractHttpClient)
>>>>
>>>> client).getAuthSchemes().register(AuthPolicy.SPNEGO, new
>>>> SPNegoSchemeFactory(stripPort));
>>>>>
>>>>> +                ((AbstractHttpClient)
>>>>
>>>> client).getAuthSchemes().register(AuthPolicy.SPNEGO, new
>>>> SPNegoSchemeFactory(isStripPort(url)));
>>>>>
>>>>>                  credentialsProvider.setCredentials(new
>>>>
>>>> AuthScope(null, -1, null), USE_JAAS_CREDENTIALS);
>>>>>
>>>>>              } else {
>>>>>                  credentialsProvider.setCredentials(
>>>>> @@ -403,6 +405,24 @@ public class AuthManager extends ConfigT
>>>>>          }
>>>>>      }
>>>>>
>>>>> +    /**
>>>>> +     * IE and Firefox will always strip port from the url before
>>>>
>>>> constructing
>>>>>
>>>>> +     * the SPN. Chrome has an option
>>>>
>>>> (<code>--enable-auth-negotiate-port</code>)
>>>>>
>>>>> +     * to include the port if it differs from <code>80</code>
or
>>>>> +     * <code>443</code>. That behavior can be changed by
setting the
>>>>
>>>> jmeter
>>>>>
>>>>> +     * property <code>kerberos.spnego.strip_port</code>.
>>>>> +     *
>>>>> +     * @param url to be checked
>>>>> +     * @return <code>true</code> when port should omitted
in SPN
>>>>> +     */
>>>>> +    private boolean isStripPort(URL url) {
>>>>> +        if (STRIP_PORT) {
>>>>> +            return true;
>>>>> +        }
>>>>> +        return (url.getPort() == HTTPConstants.DEFAULT_HTTP_PORT ||
>>>>> +                url.getPort() == HTTPConstants.DEFAULT_HTTPS_PORT);
>>>>> +    }
>>>>> +
>>>>>      /** {@inheritDoc} */
>>>>>      @Override
>>>>>      public void testStarted() {
>>>>>
>>>>> Modified: jmeter/trunk/xdocs/changes.xml
>>>>> URL:
>>>>
>>>>
>>>> http://svn.apache.org/viewvc/jmeter/trunk/xdocs/changes.xml?rev=1611785&r1=1611784&r2=1611785&view=diff
>>>>>
>>>>>
>>>>
>>>> ==============================================================================
>>>>>
>>>>> --- jmeter/trunk/xdocs/changes.xml (original)
>>>>> +++ jmeter/trunk/xdocs/changes.xml Fri Jul 18 20:05:59 2014
>>>>> @@ -213,7 +213,7 @@ A workaround is to use a Java 7 update 4
>>>>>  <h3>Timers, Assertions, Config, Pre- &amp; Post-Processors</h3>
>>>>>  <ul>
>>>>>  <li><bugzilla>56691</bugzilla> - Synchronizing Timer
: Add timeout
>>>>
>>>> on waiting</li>
>>>>>
>>>>> -<li><bugzilla>56701</bugzilla> - HTTP Authorization
Manager/
>>>>
>>>> Kerberos Authentication: add port to SPN when server port is neither 80
>>>> nor 443</li>
>>>>>
>>>>> +<li><bugzilla>56701</bugzilla> - HTTP Authorization
Manager/
>>>>
>>>> Kerberos Authentication: add port to SPN when server port is neither 80
>>>> nor 443. Based on patches from Dan Haughey (dan.haughey at
>>>> swinton.co.uk) and Felix Schumacher (felix.schumacher at
>>>> internetallee.de)</li>
>>>>>
>>>>>  </ul>
>>>>>
>>>>>  <h3>Functions</h3>
>>>>> @@ -253,6 +253,8 @@ A workaround is to use a Java 7 update 4
>>>>>  <li>Nicola Ambrosetti (ambrosetti.nicola at gmail.com)</li>
>>>>>  <li><a href="http://ubikloadpack.com">Ubik Load Pack
>>>>
>>>> support</a></li>
>>>>>
>>>>>  <li>Mikhail Epikhin (epihin-m at yandex.ru)</li>
>>>>> +<li>Dan Haughey (dan.haughey at swinton.co.uk)</li>
>>>>> +<li>Felix Schumacher (felix.schumacher at internetallee.de)</li>
>>>>>  </ul>
>>>>>
>>>>>  <br/>
>>>>>
>>>>> Modified: jmeter/trunk/xdocs/usermanual/component_reference.xml
>>>>> URL:
>>>>
>>>>
>>>> http://svn.apache.org/viewvc/jmeter/trunk/xdocs/usermanual/component_reference.xml?rev=1611785&r1=1611784&r2=1611785&view=diff
>>>>>
>>>>>
>>>>
>>>> ==============================================================================
>>>>>
>>>>> --- jmeter/trunk/xdocs/usermanual/component_reference.xml (original)
>>>>> +++ jmeter/trunk/xdocs/usermanual/component_reference.xml Fri Jul 18
>>>>
>>>> 20:05:59 2014
>>>>>
>>>>> @@ -3545,6 +3545,18 @@ You can also configure those two propert
>>>>>  Look at the two sample configuration files (krb5.conf and jaas.conf)
>>>>
>>>> located in the jmeter bin folder for references to more documentation,
>>>> and tweak them to match
>>>>>
>>>>>  your Kerberos configuration.
>>>>>  </p>
>>>>> +<p>
>>>>> +When generating a SPN for Kerberos SPNEGO authentication IE and
>>>>
>>>> Firefox will omit the port number
>>>>>
>>>>> +from the url. Chrome has an option
>>>>
>>>> (<code>--enable-auth-negotiate-port</code>) to include the port
>>>>>
>>>>> +number if it differs from the standard ones (<code>80</code>
and
>>>>
>>>> <code>443</code>). That behavior
>>>>>
>>>>> +can be emulated by setting the following jmeter property as below.
>>>>> +<pre>
>>>>> +In jmeter.properties or user.properties, set:
>>>>> +<ul>
>>>>> +<li>kerberos.spnego.strip_port=false</li>
>>>>> +</ul>
>>>>> +</pre>
>>>>> +</p>
>>>>>  <br></br>
>>>>>  <b>Controls:</b>
>>>>>  <ul>
>>>>>
>>>>>
>>>
>

Mime
View raw message