jmeter-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Felix Schumacher <felix.schumac...@internetallee.de>
Subject Re: svn commit: r1611785 - in /jmeter/trunk: bin/jmeter.properties src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java xdocs/changes.xml xdocs/usermanual/component_reference.xml
Date Wed, 23 Jul 2014 11:09:55 GMT
Am 23.07.2014 12:27, schrieb sebb:
> On 22 July 2014 17:19, Felix Schumacher
> <felix.schumacher@internetallee.de> wrote:
>> 
>> 
>> On 22. Juli 2014 16:50:20 MESZ, sebb <sebbaz@gmail.com> wrote:
>>> On 18 July 2014 21:06,  <pmouawad@apache.org> wrote:
>>>> Author: pmouawad
>>>> Date: Fri Jul 18 20:05:59 2014
>>>> New Revision: 1611785
>>>> 
>>>> URL: http://svn.apache.org/r1611785
>>>> Log:
>>>> Bug 56701 - HTTP Authorization Manager/ Kerberos Authentication: add
>>> port to SPN when server port is neither 80 nor 443
>>>> Add a jmeter property to control behaviour.
>>>> By default strip port.
>>> 
>>> -1.
>>> 
>>> As far as I can tell, the patch changes the default behaviour.
>>> The default should be changed, e.g. by setting STRIP_PORT to false by
>>> default.
>> 
>> The default was (and should be) to strip ports. I have tested spnego 
>> with default option and it worked.
> 
> No, the default was to strip 80 and 443, not all ports.
> 
> Whether the default should be changed is a separate issue.
> 
>> Why do you think the default behavior was changed by this commit?
> 
> Originally, the code used
> 
> boolean stripPort = (url.getPort() == HTTPConstants.DEFAULT_HTTP_
> PORT || url.getPort() == HTTPConstants.DEFAULT_HTTPS_PORT);
> 
> Now it effectively uses
> 
> boolean stripPort = STRIP_PORT || (url.getPort() == 
> HTTPConstants.DEFAULT_HTTP_
> PORT || url.getPort() == HTTPConstants.DEFAULT_HTTPS_PORT);
> 
> Since STRIP_PORT == true by default, this means the stripPort is
> always true by default - it is not affected by the actual port that is
> used.
> 
> So the default is now to strip ports. However, that is a change from
> the original code.

You are looking at the wrong change then. The default was changed in 
r1611028 from strip all to strip non default ports.
More details can be found at 
https://issues.apache.org/bugzilla/show_bug.cgi?id=56701

The change r1611028 made a non default option that was supported by 
chrome only, to be the default. That was changed back in r1611785 which 
you are now looking at.

So given this, do you still think that we should change the stripping 
behavior to one that
  * is only supported in chrome, which is even not the default
  * was never released in jmeter and thus introduces changes between 
released versions

Or is there anything wrong with the change as such, other then 
reestablishing the state before r1611785?

Regards
  Felix
> 
> 
>> Regards
>> Felix
>>> 
>>>> Bugzilla Id: 56701
>>>> 
>>>> Modified:
>>>>     jmeter/trunk/bin/jmeter.properties
>>>> 
>>> jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java
>>>>     jmeter/trunk/xdocs/changes.xml
>>>>     jmeter/trunk/xdocs/usermanual/component_reference.xml
>>>> 
>>>> Modified: jmeter/trunk/bin/jmeter.properties
>>>> URL:
>>> http://svn.apache.org/viewvc/jmeter/trunk/bin/jmeter.properties?rev=1611785&r1=1611784&r2=1611785&view=diff
>>>> 
>>> ==============================================================================
>>>> --- jmeter/trunk/bin/jmeter.properties (original)
>>>> +++ jmeter/trunk/bin/jmeter.properties Fri Jul 18 20:05:59 2014
>>>> @@ -337,7 +337,11 @@ log_level.jorphan=INFO
>>>> 
>>>>  # AuthManager Kerberos configuration
>>>>  # Name of application module used in jaas.conf
>>>> -#kerberos_jaas_application=JMeter
>>>> +#kerberos_jaas_application=JMeter
>>>> +
>>>> +# Should ports be stripped from urls before constructing SPNs
>>>> +# for spnego authentication
>>>> +#kerberos.spnego.strip_port=true
>>>> 
>>>>  #         Sample logging levels for Commons HttpClient
>>>>  #
>>>> @@ -962,8 +966,8 @@ beanshell.server.file=../extras/startup.
>>>>  #jsyntaxtextarea.maxundos=50
>>>> 
>>>>  # Maximum size of HTML page that can be displayed; default=200 *
>>> 1024
>>>> -# Set to 0 to disable the size check
>>>> -#view.results.tree.max_size=0
>>>> +# Set to 0 to disable the size check and display the whole response
>>>> +#view.results.tree.max_size=204800
>>>> 
>>>>  # Order of Renderers in View Results Tree
>>>>  # Note full class names should be used for non jmeter core 
>>>> renderers
>>>> 
>>>> Modified:
>>> jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java
>>>> URL:
>>> http://svn.apache.org/viewvc/jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java?rev=1611785&r1=1611784&r2=1611785&view=diff
>>>> 
>>> ==============================================================================
>>>> ---
>>> jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java
>>> (original)
>>>> +++
>>> jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java
>>> Fri Jul 18 20:05:59 2014
>>>> @@ -96,6 +96,9 @@ public class AuthManager extends ConfigT
>>>> 
>>>>      private static final boolean DEFAULT_CLEAR_VALUE = false;
>>>> 
>>>> +    /** Decides whether port should be omitted from SPN for 
>>>> kerberos
>>> spnego authentication */
>>>> +    private static final boolean STRIP_PORT =
>>> JMeterUtils.getPropDefault("kerberos.spnego.strip_port", true);
>>>> +
>>>>      public enum Mechanism {
>>>>          BASIC_DIGEST, KERBEROS;
>>>>      }
>>>> @@ -392,8 +395,7 @@ public class AuthManager extends ConfigT
>>>>                  log.debug(username + " > D="+domain+" R="+realm + "
>>> M="+auth.getMechanism());
>>>>              }
>>>>              if (Mechanism.KERBEROS.equals(auth.getMechanism())) {
>>>> -                boolean stripPort = (url.getPort() ==
>>> HTTPConstants.DEFAULT_HTTP_PORT || url.getPort() ==
>>> HTTPConstants.DEFAULT_HTTPS_PORT);
>>>> -                ((AbstractHttpClient)
>>> client).getAuthSchemes().register(AuthPolicy.SPNEGO, new
>>> SPNegoSchemeFactory(stripPort));
>>>> +                ((AbstractHttpClient)
>>> client).getAuthSchemes().register(AuthPolicy.SPNEGO, new
>>> SPNegoSchemeFactory(isStripPort(url)));
>>>>                  credentialsProvider.setCredentials(new
>>> AuthScope(null, -1, null), USE_JAAS_CREDENTIALS);
>>>>              } else {
>>>>                  credentialsProvider.setCredentials(
>>>> @@ -403,6 +405,24 @@ public class AuthManager extends ConfigT
>>>>          }
>>>>      }
>>>> 
>>>> +    /**
>>>> +     * IE and Firefox will always strip port from the url before
>>> constructing
>>>> +     * the SPN. Chrome has an option
>>> (<code>--enable-auth-negotiate-port</code>)
>>>> +     * to include the port if it differs from <code>80</code>
or
>>>> +     * <code>443</code>. That behavior can be changed by setting

>>>> the
>>> jmeter
>>>> +     * property <code>kerberos.spnego.strip_port</code>.
>>>> +     *
>>>> +     * @param url to be checked
>>>> +     * @return <code>true</code> when port should omitted in
SPN
>>>> +     */
>>>> +    private boolean isStripPort(URL url) {
>>>> +        if (STRIP_PORT) {
>>>> +            return true;
>>>> +        }
>>>> +        return (url.getPort() == HTTPConstants.DEFAULT_HTTP_PORT ||
>>>> +                url.getPort() == HTTPConstants.DEFAULT_HTTPS_PORT);
>>>> +    }
>>>> +
>>>>      /** {@inheritDoc} */
>>>>      @Override
>>>>      public void testStarted() {
>>>> 
>>>> Modified: jmeter/trunk/xdocs/changes.xml
>>>> URL:
>>> http://svn.apache.org/viewvc/jmeter/trunk/xdocs/changes.xml?rev=1611785&r1=1611784&r2=1611785&view=diff
>>>> 
>>> ==============================================================================
>>>> --- jmeter/trunk/xdocs/changes.xml (original)
>>>> +++ jmeter/trunk/xdocs/changes.xml Fri Jul 18 20:05:59 2014
>>>> @@ -213,7 +213,7 @@ A workaround is to use a Java 7 update 4
>>>>  <h3>Timers, Assertions, Config, Pre- &amp; Post-Processors</h3>
>>>>  <ul>
>>>>  <li><bugzilla>56691</bugzilla> - Synchronizing Timer :
Add timeout
>>> on waiting</li>
>>>> -<li><bugzilla>56701</bugzilla> - HTTP Authorization Manager/
>>> Kerberos Authentication: add port to SPN when server port is neither 
>>> 80
>>> nor 443</li>
>>>> +<li><bugzilla>56701</bugzilla> - HTTP Authorization Manager/
>>> Kerberos Authentication: add port to SPN when server port is neither 
>>> 80
>>> nor 443. Based on patches from Dan Haughey (dan.haughey at
>>> swinton.co.uk) and Felix Schumacher (felix.schumacher at
>>> internetallee.de)</li>
>>>>  </ul>
>>>> 
>>>>  <h3>Functions</h3>
>>>> @@ -253,6 +253,8 @@ A workaround is to use a Java 7 update 4
>>>>  <li>Nicola Ambrosetti (ambrosetti.nicola at gmail.com)</li>
>>>>  <li><a href="http://ubikloadpack.com">Ubik Load Pack
>>> support</a></li>
>>>>  <li>Mikhail Epikhin (epihin-m at yandex.ru)</li>
>>>> +<li>Dan Haughey (dan.haughey at swinton.co.uk)</li>
>>>> +<li>Felix Schumacher (felix.schumacher at internetallee.de)</li>
>>>>  </ul>
>>>> 
>>>>  <br/>
>>>> 
>>>> Modified: jmeter/trunk/xdocs/usermanual/component_reference.xml
>>>> URL:
>>> http://svn.apache.org/viewvc/jmeter/trunk/xdocs/usermanual/component_reference.xml?rev=1611785&r1=1611784&r2=1611785&view=diff
>>>> 
>>> ==============================================================================
>>>> --- jmeter/trunk/xdocs/usermanual/component_reference.xml (original)
>>>> +++ jmeter/trunk/xdocs/usermanual/component_reference.xml Fri Jul 18
>>> 20:05:59 2014
>>>> @@ -3545,6 +3545,18 @@ You can also configure those two propert
>>>>  Look at the two sample configuration files (krb5.conf and 
>>>> jaas.conf)
>>> located in the jmeter bin folder for references to more 
>>> documentation,
>>> and tweak them to match
>>>>  your Kerberos configuration.
>>>>  </p>
>>>> +<p>
>>>> +When generating a SPN for Kerberos SPNEGO authentication IE and
>>> Firefox will omit the port number
>>>> +from the url. Chrome has an option
>>> (<code>--enable-auth-negotiate-port</code>) to include the port
>>>> +number if it differs from the standard ones (<code>80</code>
and
>>> <code>443</code>). That behavior
>>>> +can be emulated by setting the following jmeter property as below.
>>>> +<pre>
>>>> +In jmeter.properties or user.properties, set:
>>>> +<ul>
>>>> +<li>kerberos.spnego.strip_port=false</li>
>>>> +</ul>
>>>> +</pre>
>>>> +</p>
>>>>  <br></br>
>>>>  <b>Controls:</b>
>>>>  <ul>
>>>> 
>>>> 
>> 

Mime
View raw message