jmeter-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From sebb <seb...@gmail.com>
Subject Re: svn commit: r1611785 - in /jmeter/trunk: bin/jmeter.properties src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java xdocs/changes.xml xdocs/usermanual/component_reference.xml
Date Wed, 23 Jul 2014 10:27:29 GMT
On 22 July 2014 17:19, Felix Schumacher
<felix.schumacher@internetallee.de> wrote:
>
>
> On 22. Juli 2014 16:50:20 MESZ, sebb <sebbaz@gmail.com> wrote:
>>On 18 July 2014 21:06,  <pmouawad@apache.org> wrote:
>>> Author: pmouawad
>>> Date: Fri Jul 18 20:05:59 2014
>>> New Revision: 1611785
>>>
>>> URL: http://svn.apache.org/r1611785
>>> Log:
>>> Bug 56701 - HTTP Authorization Manager/ Kerberos Authentication: add
>>port to SPN when server port is neither 80 nor 443
>>> Add a jmeter property to control behaviour.
>>> By default strip port.
>>
>>-1.
>>
>>As far as I can tell, the patch changes the default behaviour.
>>The default should be changed, e.g. by setting STRIP_PORT to false by
>>default.
>
> The default was (and should be) to strip ports. I have tested spnego with default option
and it worked.

No, the default was to strip 80 and 443, not all ports.

Whether the default should be changed is a separate issue.

> Why do you think the default behavior was changed by this commit?

Originally, the code used

boolean stripPort = (url.getPort() == HTTPConstants.DEFAULT_HTTP_
PORT || url.getPort() == HTTPConstants.DEFAULT_HTTPS_PORT);

Now it effectively uses

boolean stripPort = STRIP_PORT || (url.getPort() == HTTPConstants.DEFAULT_HTTP_
PORT || url.getPort() == HTTPConstants.DEFAULT_HTTPS_PORT);

Since STRIP_PORT == true by default, this means the stripPort is
always true by default - it is not affected by the actual port that is
used.

So the default is now to strip ports. However, that is a change from
the original code.


> Regards
> Felix
>>
>>> Bugzilla Id: 56701
>>>
>>> Modified:
>>>     jmeter/trunk/bin/jmeter.properties
>>>
>>jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java
>>>     jmeter/trunk/xdocs/changes.xml
>>>     jmeter/trunk/xdocs/usermanual/component_reference.xml
>>>
>>> Modified: jmeter/trunk/bin/jmeter.properties
>>> URL:
>>http://svn.apache.org/viewvc/jmeter/trunk/bin/jmeter.properties?rev=1611785&r1=1611784&r2=1611785&view=diff
>>>
>>==============================================================================
>>> --- jmeter/trunk/bin/jmeter.properties (original)
>>> +++ jmeter/trunk/bin/jmeter.properties Fri Jul 18 20:05:59 2014
>>> @@ -337,7 +337,11 @@ log_level.jorphan=INFO
>>>
>>>  # AuthManager Kerberos configuration
>>>  # Name of application module used in jaas.conf
>>> -#kerberos_jaas_application=JMeter
>>> +#kerberos_jaas_application=JMeter
>>> +
>>> +# Should ports be stripped from urls before constructing SPNs
>>> +# for spnego authentication
>>> +#kerberos.spnego.strip_port=true
>>>
>>>  #         Sample logging levels for Commons HttpClient
>>>  #
>>> @@ -962,8 +966,8 @@ beanshell.server.file=../extras/startup.
>>>  #jsyntaxtextarea.maxundos=50
>>>
>>>  # Maximum size of HTML page that can be displayed; default=200 *
>>1024
>>> -# Set to 0 to disable the size check
>>> -#view.results.tree.max_size=0
>>> +# Set to 0 to disable the size check and display the whole response
>>> +#view.results.tree.max_size=204800
>>>
>>>  # Order of Renderers in View Results Tree
>>>  # Note full class names should be used for non jmeter core renderers
>>>
>>> Modified:
>>jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java
>>> URL:
>>http://svn.apache.org/viewvc/jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java?rev=1611785&r1=1611784&r2=1611785&view=diff
>>>
>>==============================================================================
>>> ---
>>jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java
>>(original)
>>> +++
>>jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java
>>Fri Jul 18 20:05:59 2014
>>> @@ -96,6 +96,9 @@ public class AuthManager extends ConfigT
>>>
>>>      private static final boolean DEFAULT_CLEAR_VALUE = false;
>>>
>>> +    /** Decides whether port should be omitted from SPN for kerberos
>>spnego authentication */
>>> +    private static final boolean STRIP_PORT =
>>JMeterUtils.getPropDefault("kerberos.spnego.strip_port", true);
>>> +
>>>      public enum Mechanism {
>>>          BASIC_DIGEST, KERBEROS;
>>>      }
>>> @@ -392,8 +395,7 @@ public class AuthManager extends ConfigT
>>>                  log.debug(username + " > D="+domain+" R="+realm + "
>>M="+auth.getMechanism());
>>>              }
>>>              if (Mechanism.KERBEROS.equals(auth.getMechanism())) {
>>> -                boolean stripPort = (url.getPort() ==
>>HTTPConstants.DEFAULT_HTTP_PORT || url.getPort() ==
>>HTTPConstants.DEFAULT_HTTPS_PORT);
>>> -                ((AbstractHttpClient)
>>client).getAuthSchemes().register(AuthPolicy.SPNEGO, new
>>SPNegoSchemeFactory(stripPort));
>>> +                ((AbstractHttpClient)
>>client).getAuthSchemes().register(AuthPolicy.SPNEGO, new
>>SPNegoSchemeFactory(isStripPort(url)));
>>>                  credentialsProvider.setCredentials(new
>>AuthScope(null, -1, null), USE_JAAS_CREDENTIALS);
>>>              } else {
>>>                  credentialsProvider.setCredentials(
>>> @@ -403,6 +405,24 @@ public class AuthManager extends ConfigT
>>>          }
>>>      }
>>>
>>> +    /**
>>> +     * IE and Firefox will always strip port from the url before
>>constructing
>>> +     * the SPN. Chrome has an option
>>(<code>--enable-auth-negotiate-port</code>)
>>> +     * to include the port if it differs from <code>80</code> or
>>> +     * <code>443</code>. That behavior can be changed by setting
the
>>jmeter
>>> +     * property <code>kerberos.spnego.strip_port</code>.
>>> +     *
>>> +     * @param url to be checked
>>> +     * @return <code>true</code> when port should omitted in SPN
>>> +     */
>>> +    private boolean isStripPort(URL url) {
>>> +        if (STRIP_PORT) {
>>> +            return true;
>>> +        }
>>> +        return (url.getPort() == HTTPConstants.DEFAULT_HTTP_PORT ||
>>> +                url.getPort() == HTTPConstants.DEFAULT_HTTPS_PORT);
>>> +    }
>>> +
>>>      /** {@inheritDoc} */
>>>      @Override
>>>      public void testStarted() {
>>>
>>> Modified: jmeter/trunk/xdocs/changes.xml
>>> URL:
>>http://svn.apache.org/viewvc/jmeter/trunk/xdocs/changes.xml?rev=1611785&r1=1611784&r2=1611785&view=diff
>>>
>>==============================================================================
>>> --- jmeter/trunk/xdocs/changes.xml (original)
>>> +++ jmeter/trunk/xdocs/changes.xml Fri Jul 18 20:05:59 2014
>>> @@ -213,7 +213,7 @@ A workaround is to use a Java 7 update 4
>>>  <h3>Timers, Assertions, Config, Pre- &amp; Post-Processors</h3>
>>>  <ul>
>>>  <li><bugzilla>56691</bugzilla> - Synchronizing Timer : Add
timeout
>>on waiting</li>
>>> -<li><bugzilla>56701</bugzilla> - HTTP Authorization Manager/
>>Kerberos Authentication: add port to SPN when server port is neither 80
>>nor 443</li>
>>> +<li><bugzilla>56701</bugzilla> - HTTP Authorization Manager/
>>Kerberos Authentication: add port to SPN when server port is neither 80
>>nor 443. Based on patches from Dan Haughey (dan.haughey at
>>swinton.co.uk) and Felix Schumacher (felix.schumacher at
>>internetallee.de)</li>
>>>  </ul>
>>>
>>>  <h3>Functions</h3>
>>> @@ -253,6 +253,8 @@ A workaround is to use a Java 7 update 4
>>>  <li>Nicola Ambrosetti (ambrosetti.nicola at gmail.com)</li>
>>>  <li><a href="http://ubikloadpack.com">Ubik Load Pack
>>support</a></li>
>>>  <li>Mikhail Epikhin (epihin-m at yandex.ru)</li>
>>> +<li>Dan Haughey (dan.haughey at swinton.co.uk)</li>
>>> +<li>Felix Schumacher (felix.schumacher at internetallee.de)</li>
>>>  </ul>
>>>
>>>  <br/>
>>>
>>> Modified: jmeter/trunk/xdocs/usermanual/component_reference.xml
>>> URL:
>>http://svn.apache.org/viewvc/jmeter/trunk/xdocs/usermanual/component_reference.xml?rev=1611785&r1=1611784&r2=1611785&view=diff
>>>
>>==============================================================================
>>> --- jmeter/trunk/xdocs/usermanual/component_reference.xml (original)
>>> +++ jmeter/trunk/xdocs/usermanual/component_reference.xml Fri Jul 18
>>20:05:59 2014
>>> @@ -3545,6 +3545,18 @@ You can also configure those two propert
>>>  Look at the two sample configuration files (krb5.conf and jaas.conf)
>>located in the jmeter bin folder for references to more documentation,
>>and tweak them to match
>>>  your Kerberos configuration.
>>>  </p>
>>> +<p>
>>> +When generating a SPN for Kerberos SPNEGO authentication IE and
>>Firefox will omit the port number
>>> +from the url. Chrome has an option
>>(<code>--enable-auth-negotiate-port</code>) to include the port
>>> +number if it differs from the standard ones (<code>80</code> and
>><code>443</code>). That behavior
>>> +can be emulated by setting the following jmeter property as below.
>>> +<pre>
>>> +In jmeter.properties or user.properties, set:
>>> +<ul>
>>> +<li>kerberos.spnego.strip_port=false</li>
>>> +</ul>
>>> +</pre>
>>> +</p>
>>>  <br></br>
>>>  <b>Controls:</b>
>>>  <ul>
>>>
>>>
>

Mime
View raw message