### Eclipse Workspace Patch 1.0 #P HttpClient Index: httpclient/src/main/java/org/apache/http/impl/auth/NegotiateSchemeFactory.java =================================================================== --- httpclient/src/main/java/org/apache/http/impl/auth/NegotiateSchemeFactory.java (revision 814835) +++ httpclient/src/main/java/org/apache/http/impl/auth/NegotiateSchemeFactory.java (working copy) @@ -40,7 +40,7 @@ negotiateScheme.setStripPort(stripPort); negotiateScheme.setSpnegoCreate(spnegoCreate); negotiateScheme.setSpengoGenerator(spengoGenerator); - return new NegotiateScheme(); + return negotiateScheme; } public NegotiateSchemeFactory(){ Index: httpclient/src/examples/org/apache/http/examples/client/ClientKerberosAuthentication.java =================================================================== --- httpclient/src/examples/org/apache/http/examples/client/ClientKerberosAuthentication.java (revision 814835) +++ httpclient/src/examples/org/apache/http/examples/client/ClientKerberosAuthentication.java (working copy) @@ -52,8 +52,30 @@ /** * Kerberos auth example. - *

- * krb5.conf + * + *

Takes one arguement args[0] = 'http://examplehost/path/'

+ *
Information
+ *

For the best compatabilty use Java >= 1.6 as it supports SPNEGO authentication more completely.

+ *

NegotiateSchemeFactory

+ *

Has three custom methods

+ *

setStripPort(boolean) - default is false, with strip the port off the Kerberos + * service name if true. Found useful with JbossNegotiation. Java >= 1.5

+ * + *

Below are for Java 1.5.

+ * + *

setSpnegoCreate(boolean) - default is false, try to create an SPNEGO token via + * the token set in setSpengoGenerator. TODO - merge logic so just setSpengoGenerator

+ * + *

setSpengoGenerator(new SpnegoTokenGenerator()) - default is null, class to use to wrap + * kerberos token. An example is in contrib - org.apache.http.contrib.auth.BouncySpnegoTokenGenerator. + * Requires use of bouncy castle libs + *

+ * + *
Addtional Config Files
+ *

Two files control how Java uses/configures Kerberos. Very basic examples are below. There + * is a large amount of information on the web.

+ *

http://java.sun.com/j2se/1.5.0/docs/guide/security/jaas/spec/com/sun/security/auth/module/Krb5LoginModule.html + *

krb5.conf

*
  * [libdefaults]
  *     default_realm = AD.EXAMPLE.NET
@@ -122,19 +144,22 @@
 
         DefaultHttpClient httpclient = new DefaultHttpClient();
 
+        /* NegotiateSchemeFactory creates the NegotiateScheme instance to be use for each request
+         * if using Java 5/6 and IIS7 you can just use the defaults. JbossNegotiate use setStripPort(true),
+         * or add service names with ports to kerberos DB. JbossNegotiate needs Java 6 or a SpengoGenerator.
+         */
+        NegotiateSchemeFactory negotiateFact = new NegotiateSchemeFactory();
+//        negotiateFact.setStripPort(false);
+//        negotiateFact.setSpnegoCreate(true);
+//        negotiateFact.setSpengoGenerator(new BouncySpnegoTokenGenerator());
+        
         AuthSchemeRegistry authSchemeRegistry = httpclient.getAuthSchemes();
         authSchemeRegistry.unregister("basic");
         authSchemeRegistry.unregister("digest");
         authSchemeRegistry.unregister("NTLM");
-        
-        NegotiateSchemeFactory negotiateFact = new NegotiateSchemeFactory();
-        negotiateFact.setStripPort(false);
-        negotiateFact.setSpnegoCreate(false);
-//        negotiateFact.setSpengoGenerator(new BouncySpnegoTokenGenerator());
-        
         authSchemeRegistry.register("Negotiate", negotiateFact);
-        //        authSchemeRegistry.register("NTLM", new NTLMSchemeFactory());
-        //        authSchemeRegistry.register("Basic", new BasicSchemeFactory());
+//        authSchemeRegistry.register("NTLM", new NTLMSchemeFactory());
+//        authSchemeRegistry.register("Basic", new BasicSchemeFactory());
         httpclient.setAuthSchemes(authSchemeRegistry);
 
         Credentials use_jaas_creds = new Credentials() {