jmeter-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From pmoua...@apache.org
Subject svn commit: r1611785 - in /jmeter/trunk: bin/jmeter.properties src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java xdocs/changes.xml xdocs/usermanual/component_reference.xml
Date Fri, 18 Jul 2014 20:06:00 GMT
Author: pmouawad
Date: Fri Jul 18 20:05:59 2014
New Revision: 1611785

URL: http://svn.apache.org/r1611785
Log:
Bug 56701 - HTTP Authorization Manager/ Kerberos Authentication: add port to SPN when server
port is neither 80 nor 443
Add a jmeter property to control behaviour.
By default strip port.
Bugzilla Id: 56701

Modified:
    jmeter/trunk/bin/jmeter.properties
    jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java
    jmeter/trunk/xdocs/changes.xml
    jmeter/trunk/xdocs/usermanual/component_reference.xml

Modified: jmeter/trunk/bin/jmeter.properties
URL: http://svn.apache.org/viewvc/jmeter/trunk/bin/jmeter.properties?rev=1611785&r1=1611784&r2=1611785&view=diff
==============================================================================
--- jmeter/trunk/bin/jmeter.properties (original)
+++ jmeter/trunk/bin/jmeter.properties Fri Jul 18 20:05:59 2014
@@ -337,7 +337,11 @@ log_level.jorphan=INFO
 
 # AuthManager Kerberos configuration
 # Name of application module used in jaas.conf
-#kerberos_jaas_application=JMeter
+#kerberos_jaas_application=JMeter  
+
+# Should ports be stripped from urls before constructing SPNs
+# for spnego authentication
+#kerberos.spnego.strip_port=true
 
 #         Sample logging levels for Commons HttpClient
 #
@@ -962,8 +966,8 @@ beanshell.server.file=../extras/startup.
 #jsyntaxtextarea.maxundos=50
 
 # Maximum size of HTML page that can be displayed; default=200 * 1024
-# Set to 0 to disable the size check
-#view.results.tree.max_size=0
+# Set to 0 to disable the size check and display the whole response
+#view.results.tree.max_size=204800
 
 # Order of Renderers in View Results Tree
 # Note full class names should be used for non jmeter core renderers

Modified: jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java
URL: http://svn.apache.org/viewvc/jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java?rev=1611785&r1=1611784&r2=1611785&view=diff
==============================================================================
--- jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java
(original)
+++ jmeter/trunk/src/protocol/http/org/apache/jmeter/protocol/http/control/AuthManager.java
Fri Jul 18 20:05:59 2014
@@ -96,6 +96,9 @@ public class AuthManager extends ConfigT
 
     private static final boolean DEFAULT_CLEAR_VALUE = false;
 
+    /** Decides whether port should be omitted from SPN for kerberos spnego authentication
*/
+    private static final boolean STRIP_PORT = JMeterUtils.getPropDefault("kerberos.spnego.strip_port",
true);
+
     public enum Mechanism {
         BASIC_DIGEST, KERBEROS;
     }
@@ -392,8 +395,7 @@ public class AuthManager extends ConfigT
                 log.debug(username + " > D="+domain+" R="+realm + " M="+auth.getMechanism());
             }
             if (Mechanism.KERBEROS.equals(auth.getMechanism())) {
-                boolean stripPort = (url.getPort() == HTTPConstants.DEFAULT_HTTP_PORT ||
url.getPort() == HTTPConstants.DEFAULT_HTTPS_PORT);
-                ((AbstractHttpClient) client).getAuthSchemes().register(AuthPolicy.SPNEGO,
new SPNegoSchemeFactory(stripPort));
+                ((AbstractHttpClient) client).getAuthSchemes().register(AuthPolicy.SPNEGO,
new SPNegoSchemeFactory(isStripPort(url)));
                 credentialsProvider.setCredentials(new AuthScope(null, -1, null), USE_JAAS_CREDENTIALS);
             } else {
                 credentialsProvider.setCredentials(
@@ -403,6 +405,24 @@ public class AuthManager extends ConfigT
         }
     }
 
+    /**
+     * IE and Firefox will always strip port from the url before constructing
+     * the SPN. Chrome has an option (<code>--enable-auth-negotiate-port</code>)
+     * to include the port if it differs from <code>80</code> or
+     * <code>443</code>. That behavior can be changed by setting the jmeter
+     * property <code>kerberos.spnego.strip_port</code>.
+     *
+     * @param url to be checked
+     * @return <code>true</code> when port should omitted in SPN
+     */
+    private boolean isStripPort(URL url) {
+        if (STRIP_PORT) {
+            return true;
+        }
+        return (url.getPort() == HTTPConstants.DEFAULT_HTTP_PORT || 
+                url.getPort() == HTTPConstants.DEFAULT_HTTPS_PORT);
+    }
+
     /** {@inheritDoc} */
     @Override
     public void testStarted() {

Modified: jmeter/trunk/xdocs/changes.xml
URL: http://svn.apache.org/viewvc/jmeter/trunk/xdocs/changes.xml?rev=1611785&r1=1611784&r2=1611785&view=diff
==============================================================================
--- jmeter/trunk/xdocs/changes.xml (original)
+++ jmeter/trunk/xdocs/changes.xml Fri Jul 18 20:05:59 2014
@@ -213,7 +213,7 @@ A workaround is to use a Java 7 update 4
 <h3>Timers, Assertions, Config, Pre- &amp; Post-Processors</h3>
 <ul>
 <li><bugzilla>56691</bugzilla> - Synchronizing Timer : Add timeout on waiting</li>
-<li><bugzilla>56701</bugzilla> - HTTP Authorization Manager/ Kerberos Authentication:
add port to SPN when server port is neither 80 nor 443</li>
+<li><bugzilla>56701</bugzilla> - HTTP Authorization Manager/ Kerberos Authentication:
add port to SPN when server port is neither 80 nor 443. Based on patches from Dan Haughey
(dan.haughey at swinton.co.uk) and Felix Schumacher (felix.schumacher at internetallee.de)</li>
 </ul>
 
 <h3>Functions</h3>
@@ -253,6 +253,8 @@ A workaround is to use a Java 7 update 4
 <li>Nicola Ambrosetti (ambrosetti.nicola at gmail.com)</li>
 <li><a href="http://ubikloadpack.com">Ubik Load Pack support</a></li>
 <li>Mikhail Epikhin (epihin-m at yandex.ru)</li>
+<li>Dan Haughey (dan.haughey at swinton.co.uk)</li>
+<li>Felix Schumacher (felix.schumacher at internetallee.de)</li>
 </ul>
 
 <br/>

Modified: jmeter/trunk/xdocs/usermanual/component_reference.xml
URL: http://svn.apache.org/viewvc/jmeter/trunk/xdocs/usermanual/component_reference.xml?rev=1611785&r1=1611784&r2=1611785&view=diff
==============================================================================
--- jmeter/trunk/xdocs/usermanual/component_reference.xml (original)
+++ jmeter/trunk/xdocs/usermanual/component_reference.xml Fri Jul 18 20:05:59 2014
@@ -3545,6 +3545,18 @@ You can also configure those two propert
 Look at the two sample configuration files (krb5.conf and jaas.conf) located in the jmeter
bin folder for references to more documentation, and tweak them to match 
 your Kerberos configuration.
 </p>
+<p>
+When generating a SPN for Kerberos SPNEGO authentication IE and Firefox will omit the port
number
+from the url. Chrome has an option (<code>--enable-auth-negotiate-port</code>)
to include the port
+number if it differs from the standard ones (<code>80</code> and <code>443</code>).
That behavior
+can be emulated by setting the following jmeter property as below.
+<pre>
+In jmeter.properties or user.properties, set:
+<ul>
+<li>kerberos.spnego.strip_port=false</li>
+</ul>
+</pre> 
+</p>
 <br></br>
 <b>Controls:</b>
 <ul>



Mime
View raw message