Apache
/
httpcomponents-client
mirror of https://github.com/apache/httpcomponents-client.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

GGS based experimental authentication schemes deprecated and disabled by default

This commit is contained in:
Oleg Kalnichevski 2023-05-07 16:24:32 +02:00
parent 83c6079e65
commit 2176eb3861
14 changed files with 75 additions and 277 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

226
httpclient5-testing/src/test/java/org/apache/hc/client5/testing/sync/TestSPNegoScheme.java
View File

@ -1,226 +0,0 @@
/*
* ====================================================================
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*
*/
package org.apache.hc.client5.testing.sync;
import java.io.IOException;
import java.security.Principal;
import org.apache.hc.client5.http.SystemDefaultDnsResolver;
import org.apache.hc.client5.http.auth.AuthScheme;
import org.apache.hc.client5.http.auth.AuthSchemeFactory;
import org.apache.hc.client5.http.auth.AuthScope;
import org.apache.hc.client5.http.auth.Credentials;
import org.apache.hc.client5.http.auth.CredentialsProvider;
import org.apache.hc.client5.http.auth.KerberosConfig;
import org.apache.hc.client5.http.auth.StandardAuthScheme;
import org.apache.hc.client5.http.classic.methods.HttpGet;
import org.apache.hc.client5.http.impl.auth.CredentialsProviderBuilder;
import org.apache.hc.client5.http.impl.auth.SPNegoScheme;
import org.apache.hc.client5.http.impl.classic.CloseableHttpClient;
import org.apache.hc.client5.testing.sync.extension.TestClientResources;
import org.apache.hc.core5.http.ClassicHttpRequest;
import org.apache.hc.core5.http.ClassicHttpResponse;
import org.apache.hc.core5.http.HttpException;
import org.apache.hc.core5.http.HttpHost;
import org.apache.hc.core5.http.HttpStatus;
import org.apache.hc.core5.http.URIScheme;
import org.apache.hc.core5.http.config.Registry;
import org.apache.hc.core5.http.config.RegistryBuilder;
import org.apache.hc.core5.http.io.HttpRequestHandler;
import org.apache.hc.core5.http.io.entity.EntityUtils;
import org.apache.hc.core5.http.io.entity.StringEntity;
import org.apache.hc.core5.http.message.BasicHeader;
import org.apache.hc.core5.http.protocol.HttpContext;
import org.apache.hc.core5.testing.classic.ClassicTestServer;
import org.apache.hc.core5.util.Timeout;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.extension.RegisterExtension;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;
/**
* Tests for {@link SPNegoScheme}.
*/
public class TestSPNegoScheme {
public static final Timeout TIMEOUT = Timeout.ofMinutes(1);
@RegisterExtension
private TestClientResources testResources = new TestClientResources(URIScheme.HTTP, TIMEOUT);
/**
* This service will continue to ask for authentication.
*/
private static class PleaseNegotiateService implements HttpRequestHandler {
@Override
public void handle(
final ClassicHttpRequest request,
final ClassicHttpResponse response,
final HttpContext context) throws HttpException, IOException {
response.setCode(HttpStatus.SC_UNAUTHORIZED);
response.addHeader(new BasicHeader("WWW-Authenticate", StandardAuthScheme.SPNEGO + " blablabla"));
response.addHeader(new BasicHeader("Connection", "Keep-Alive"));
response.setEntity(new StringEntity("auth required "));
}
}
/**
* NegotatieScheme with a custom GSSManager that does not require any Jaas or
* Kerberos configuration.
*
*/
private static class NegotiateSchemeWithMockGssManager extends SPNegoScheme {
final GSSManager manager = Mockito.mock(GSSManager.class);
final GSSName name = Mockito.mock(GSSName.class);
final GSSContext context = Mockito.mock(GSSContext.class);
NegotiateSchemeWithMockGssManager() throws Exception {
super(KerberosConfig.DEFAULT, SystemDefaultDnsResolver.INSTANCE);
Mockito.when(context.initSecContext(
ArgumentMatchers.any(), ArgumentMatchers.anyInt(), ArgumentMatchers.anyInt()))
.thenReturn("12345678".getBytes());
Mockito.when(manager.createName(
ArgumentMatchers.anyString(), ArgumentMatchers.any()))
.thenReturn(name);
Mockito.when(manager.createContext(
ArgumentMatchers.any(), ArgumentMatchers.any(),
ArgumentMatchers.any(), ArgumentMatchers.anyInt()))
.thenReturn(context);
}
@Override
protected GSSManager getManager() {
return manager;
}
}
@SuppressWarnings("deprecation")
private static class UseJaasCredentials implements Credentials {
@Override
public char[] getPassword() {
return null;
}
@Override
public Principal getUserPrincipal() {
return null;
}
}
private static class NegotiateSchemeFactoryWithMockGssManager implements AuthSchemeFactory {
NegotiateSchemeWithMockGssManager scheme;
NegotiateSchemeFactoryWithMockGssManager() throws Exception {
scheme = new NegotiateSchemeWithMockGssManager();
}
@Override
public AuthScheme create(final HttpContext context) {
return scheme;
}
}
/**
* Tests that the client will stop connecting to the server if
* the server still keep asking for a valid ticket.
*/
@Test
public void testDontTryToAuthenticateEndlessly() throws Exception {
final ClassicTestServer server = testResources.startServer(null, null, null);
server.registerHandler("*", new PleaseNegotiateService());
final HttpHost target = testResources.targetHost();
final AuthSchemeFactory nsf = new NegotiateSchemeFactoryWithMockGssManager();
final CredentialsProvider credentialsProvider = CredentialsProviderBuilder.create()
.add(new AuthScope(null, null, -1, null, null), new UseJaasCredentials())
.build();
final Registry<AuthSchemeFactory> authSchemeRegistry = RegistryBuilder.<AuthSchemeFactory>create()
.register(StandardAuthScheme.SPNEGO, nsf)
.build();
final CloseableHttpClient client = testResources.startClient(builder -> builder
.setDefaultAuthSchemeRegistry(authSchemeRegistry)
.setDefaultCredentialsProvider(credentialsProvider)
);
final String s = "/path";
final HttpGet httpget = new HttpGet(s);
client.execute(target, httpget, response -> {
EntityUtils.consume(response.getEntity());
Assertions.assertEquals(HttpStatus.SC_UNAUTHORIZED, response.getCode());
return null;
});
}
/**
* Javadoc specifies that {@link GSSContext#initSecContext(byte[], int, int)} can return null
* if no token is generated. Client should be able to deal with this response.
*/
@Test
public void testNoTokenGeneratedError() throws Exception {
final ClassicTestServer server = testResources.startServer(null, null, null);
server.registerHandler("*", new PleaseNegotiateService());
final HttpHost target = testResources.targetHost();
final AuthSchemeFactory nsf = new NegotiateSchemeFactoryWithMockGssManager();
final CredentialsProvider credentialsProvider = CredentialsProviderBuilder.create()
.add(new AuthScope(null, null, -1, null, null), new UseJaasCredentials())
.build();
final Registry<AuthSchemeFactory> authSchemeRegistry = RegistryBuilder.<AuthSchemeFactory>create()
.register(StandardAuthScheme.SPNEGO, nsf)
.build();
final CloseableHttpClient client = testResources.startClient(builder -> builder
.setDefaultAuthSchemeRegistry(authSchemeRegistry)
.setDefaultCredentialsProvider(credentialsProvider)
);
final String s = "/path";
final HttpGet httpget = new HttpGet(s);
client.execute(target, httpget, response -> {
EntityUtils.consume(response.getEntity());
Assertions.assertEquals(HttpStatus.SC_UNAUTHORIZED, response.getCode());
return null;
});
}
}

5
httpclient5/src/main/java/org/apache/hc/client5/http/auth/KerberosConfig.java
View File

@ -34,7 +34,12 @@ import org.apache.hc.core5.annotation.ThreadingBehavior;
* Immutable class encapsulating Kerberos configuration options.
*
* @since 4.6
*
* @deprecated Do not use. The GGS based experimental authentication schemes are no longer
* supported. Consider using Basic or Bearer authentication with TLS instead.
*
*/
@Deprecated
@Contract(threading = ThreadingBehavior.IMMUTABLE)
public class KerberosConfig implements Cloneable {

7
httpclient5/src/main/java/org/apache/hc/client5/http/auth/KerberosCredentials.java
View File

@ -37,7 +37,14 @@ import org.ietf.jgss.GSSCredential;
* Kerberos specific {@link Credentials} representation based on {@link GSSCredential}.
*
* @since 4.4
*
* @deprecated Do not use. The GGS based experimental authentication schemes are no longer
* supported. Consider using Basic or Bearer authentication with TLS instead.
*
* @see UsernamePasswordCredentials
* @see BearerToken
*/
@Deprecated
@Contract(threading = ThreadingBehavior.IMMUTABLE)
public class KerberosCredentials implements Credentials, Serializable {

16
httpclient5/src/main/java/org/apache/hc/client5/http/auth/StandardAuthScheme.java
View File

@ -65,17 +65,21 @@ public final class StandardAuthScheme {
public static final String NTLM = "NTLM";
/**
* SPNEGO authentication scheme as defined in RFC 4559 and RFC 4178
* (considered to be the most secure among currently supported
* authentication schemes if Kerberos is selected).
* SPNEGO authentication scheme as defined in RFC 4559 and RFC 4178.
*
* @deprecated Do not use. The GGS based experimental authentication schemes are no longer
* supported. Consider using Basic or Bearer authentication with TLS instead.
*/
@Deprecated
public static final String SPNEGO = "Negotiate";
/**
* Kerberos authentication scheme as defined in RFC 4120
* (considered to be the most secure among currently supported
* authentication schemes).
* Kerberos authentication scheme as defined in RFC 4120.
*
* @deprecated Do not use. The GGS based experimental authentication schemes are no longer
* supported. Consider using Basic or Bearer authentication with TLS instead.
*/
@Deprecated
public static final String KERBEROS = "Kerberos";
}

2
httpclient5/src/main/java/org/apache/hc/client5/http/impl/DefaultAuthenticationStrategy.java
View File

@ -65,8 +65,6 @@ public class DefaultAuthenticationStrategy implements AuthenticationStrategy {
private static final List<String> DEFAULT_SCHEME_PRIORITY =
Collections.unmodifiableList(Arrays.asList(
StandardAuthScheme.SPNEGO,
StandardAuthScheme.KERBEROS,
StandardAuthScheme.BEARER,
StandardAuthScheme.DIGEST,
StandardAuthScheme.BASIC));

4
httpclient5/src/main/java/org/apache/hc/client5/http/impl/async/H2AsyncClientBuilder.java
View File

@ -60,8 +60,6 @@ import org.apache.hc.client5.http.impl.auth.BasicCredentialsProvider;
import org.apache.hc.client5.http.impl.auth.BasicSchemeFactory;
import org.apache.hc.client5.http.impl.auth.BearerSchemeFactory;
import org.apache.hc.client5.http.impl.auth.DigestSchemeFactory;
import org.apache.hc.client5.http.impl.auth.KerberosSchemeFactory;
import org.apache.hc.client5.http.impl.auth.SPNegoSchemeFactory;
import org.apache.hc.client5.http.impl.auth.SystemDefaultCredentialsProvider;
import org.apache.hc.client5.http.impl.nio.MultihomeConnectionInitiator;
import org.apache.hc.client5.http.impl.routing.DefaultRoutePlanner;
@ -821,8 +819,6 @@ public class H2AsyncClientBuilder {
.register(StandardAuthScheme.BASIC, BasicSchemeFactory.INSTANCE)
.register(StandardAuthScheme.DIGEST, DigestSchemeFactory.INSTANCE)
.register(StandardAuthScheme.BEARER, BearerSchemeFactory.INSTANCE)
.register(StandardAuthScheme.SPNEGO, SPNegoSchemeFactory.DEFAULT)
.register(StandardAuthScheme.KERBEROS, KerberosSchemeFactory.DEFAULT)
.build();
}
Lookup<CookieSpecFactory> cookieSpecRegistryCopy = this.cookieSpecRegistry;

4
httpclient5/src/main/java/org/apache/hc/client5/http/impl/async/HttpAsyncClientBuilder.java
View File

@ -66,8 +66,6 @@ import org.apache.hc.client5.http.impl.auth.BasicCredentialsProvider;
import org.apache.hc.client5.http.impl.auth.BasicSchemeFactory;
import org.apache.hc.client5.http.impl.auth.BearerSchemeFactory;
import org.apache.hc.client5.http.impl.auth.DigestSchemeFactory;
import org.apache.hc.client5.http.impl.auth.KerberosSchemeFactory;
import org.apache.hc.client5.http.impl.auth.SPNegoSchemeFactory;
import org.apache.hc.client5.http.impl.auth.SystemDefaultCredentialsProvider;
import org.apache.hc.client5.http.impl.nio.PoolingAsyncClientConnectionManagerBuilder;
import org.apache.hc.client5.http.impl.routing.DefaultProxyRoutePlanner;
@ -1008,8 +1006,6 @@ public class HttpAsyncClientBuilder {
.register(StandardAuthScheme.BASIC, BasicSchemeFactory.INSTANCE)
.register(StandardAuthScheme.DIGEST, DigestSchemeFactory.INSTANCE)
.register(StandardAuthScheme.BEARER, BearerSchemeFactory.INSTANCE)
.register(StandardAuthScheme.SPNEGO, SPNegoSchemeFactory.DEFAULT)
.register(StandardAuthScheme.KERBEROS, KerberosSchemeFactory.DEFAULT)
.build();
}
Lookup<CookieSpecFactory> cookieSpecRegistryCopy = this.cookieSpecRegistry;

32
httpclient5/src/main/java/org/apache/hc/client5/http/impl/auth/GGSSchemeBase.java
View File

@ -29,21 +29,19 @@ package org.apache.hc.client5.http.impl.auth;
import java.net.UnknownHostException;
import java.security.Principal;
import org.apache.hc.client5.http.utils.Base64;
import org.apache.hc.client5.http.DnsResolver;
import org.apache.hc.client5.http.SystemDefaultDnsResolver;
import org.apache.hc.client5.http.auth.AuthChallenge;
import org.apache.hc.client5.http.auth.AuthScheme;
import org.apache.hc.client5.http.auth.StandardAuthScheme;
import org.apache.hc.client5.http.auth.AuthScope;
import org.apache.hc.client5.http.auth.AuthenticationException;
import org.apache.hc.client5.http.auth.Credentials;
import org.apache.hc.client5.http.auth.CredentialsProvider;
import org.apache.hc.client5.http.auth.InvalidCredentialsException;
import org.apache.hc.client5.http.auth.KerberosConfig;
import org.apache.hc.client5.http.auth.KerberosCredentials;
import org.apache.hc.client5.http.auth.MalformedChallengeException;
import org.apache.hc.client5.http.auth.StandardAuthScheme;
import org.apache.hc.client5.http.protocol.HttpClientContext;
import org.apache.hc.client5.http.utils.Base64;
import org.apache.hc.core5.http.HttpHost;
import org.apache.hc.core5.http.HttpRequest;
import org.apache.hc.core5.http.protocol.HttpContext;
@ -61,7 +59,11 @@ import org.slf4j.LoggerFactory;
* Common behavior for {@code GSS} based authentication schemes.
*
* @since 4.2
*
* @deprecated Do not use. The GGS based experimental authentication schemes are no longer
* supported. Consider using Basic or Bearer authentication with TLS instead.
*/
@Deprecated
public abstract class GGSSchemeBase implements AuthScheme {
enum State {
@ -74,7 +76,7 @@ public abstract class GGSSchemeBase implements AuthScheme {
private static final Logger LOG = LoggerFactory.getLogger(GGSSchemeBase.class);
private static final String NO_TOKEN = "";
private static final String KERBEROS_SCHEME = "HTTP";
private final KerberosConfig config;
private final org.apache.hc.client5.http.auth.KerberosConfig config;
private final DnsResolver dnsResolver;
/** Authentication process state */
@ -83,19 +85,19 @@ public abstract class GGSSchemeBase implements AuthScheme {
private String challenge;
private byte[] token;
GGSSchemeBase(final KerberosConfig config, final DnsResolver dnsResolver) {
GGSSchemeBase(final org.apache.hc.client5.http.auth.KerberosConfig config, final DnsResolver dnsResolver) {
super();
this.config = config != null ? config : KerberosConfig.DEFAULT;
this.config = config != null ? config : org.apache.hc.client5.http.auth.KerberosConfig.DEFAULT;
this.dnsResolver = dnsResolver != null ? dnsResolver : SystemDefaultDnsResolver.INSTANCE;
this.state = State.UNINITIATED;
}
GGSSchemeBase(final KerberosConfig config) {
GGSSchemeBase(final org.apache.hc.client5.http.auth.KerberosConfig config) {
this(config, SystemDefaultDnsResolver.INSTANCE);
}
GGSSchemeBase() {
this(KerberosConfig.DEFAULT, SystemDefaultDnsResolver.INSTANCE);
this(org.apache.hc.client5.http.auth.KerberosConfig.DEFAULT, SystemDefaultDnsResolver.INSTANCE);
}
@Override
@ -155,8 +157,8 @@ public abstract class GGSSchemeBase implements AuthScheme {
final GSSContext gssContext = manager.createContext(serverName.canonicalize(oid), oid, gssCredential,
GSSContext.DEFAULT_LIFETIME);
gssContext.requestMutualAuth(true);
if (config.getRequestDelegCreds() != KerberosConfig.Option.DEFAULT) {
gssContext.requestCredDeleg(config.getRequestDelegCreds() == KerberosConfig.Option.ENABLE);
if (config.getRequestDelegCreds() != org.apache.hc.client5.http.auth.KerberosConfig.Option.DEFAULT) {
gssContext.requestCredDeleg(config.getRequestDelegCreds() == org.apache.hc.client5.http.auth.KerberosConfig.Option.ENABLE);
}
return gssContext;
}
@ -181,8 +183,8 @@ public abstract class GGSSchemeBase implements AuthScheme {
final Credentials credentials = credentialsProvider.getCredentials(
new AuthScope(host, null, getName()), context);
if (credentials instanceof KerberosCredentials) {
this.gssCredential = ((KerberosCredentials) credentials).getGSSCredential();
if (credentials instanceof org.apache.hc.client5.http.auth.KerberosCredentials) {
this.gssCredential = ((org.apache.hc.client5.http.auth.KerberosCredentials) credentials).getGSSCredential();
} else {
this.gssCredential = null;
}
@ -210,13 +212,13 @@ public abstract class GGSSchemeBase implements AuthScheme {
try {
final String authServer;
String hostname = host.getHostName();
if (config.getUseCanonicalHostname() != KerberosConfig.Option.DISABLE){
if (config.getUseCanonicalHostname() != org.apache.hc.client5.http.auth.KerberosConfig.Option.DISABLE){
try {
hostname = dnsResolver.resolveCanonicalHostname(host.getHostName());
} catch (final UnknownHostException ignore){
}
}
if (config.getStripPort() != KerberosConfig.Option.DISABLE) {
if (config.getStripPort() != org.apache.hc.client5.http.auth.KerberosConfig.Option.DISABLE) {
authServer = hostname;
} else {
authServer = hostname + ":" + host.getPort();

10
httpclient5/src/main/java/org/apache/hc/client5/http/impl/auth/KerberosScheme.java
View File

@ -28,7 +28,6 @@ package org.apache.hc.client5.http.impl.auth;
import org.apache.hc.client5.http.DnsResolver;
import org.apache.hc.client5.http.auth.StandardAuthScheme;
import org.apache.hc.client5.http.auth.KerberosConfig;
import org.apache.hc.core5.annotation.Experimental;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.Oid;
@ -41,7 +40,14 @@ import org.ietf.jgss.Oid;
* </p>
*
* @since 4.2
*
* @deprecated Do not use. The GGS based experimental authentication schemes are no longer
* supported. Consider using Basic or Bearer authentication with TLS instead.
*
* @see BasicScheme
* @see BearerScheme
*/
@Deprecated
@Experimental
public class KerberosScheme extends GGSSchemeBase {
@ -50,7 +56,7 @@ public class KerberosScheme extends GGSSchemeBase {
/**
* @since 5.0
*/
public KerberosScheme(final KerberosConfig config, final DnsResolver dnsResolver) {
public KerberosScheme(final org.apache.hc.client5.http.auth.KerberosConfig config, final DnsResolver dnsResolver) {
super(config, dnsResolver);
}

14
httpclient5/src/main/java/org/apache/hc/client5/http/impl/auth/KerberosSchemeFactory.java
View File

@ -30,7 +30,6 @@ import org.apache.hc.client5.http.DnsResolver;
import org.apache.hc.client5.http.SystemDefaultDnsResolver;
import org.apache.hc.client5.http.auth.AuthScheme;
import org.apache.hc.client5.http.auth.AuthSchemeFactory;
import org.apache.hc.client5.http.auth.KerberosConfig;
import org.apache.hc.core5.annotation.Contract;
import org.apache.hc.core5.annotation.Experimental;
import org.apache.hc.core5.annotation.ThreadingBehavior;
@ -45,7 +44,14 @@ import org.apache.hc.core5.http.protocol.HttpContext;
* </p>
*
* @since 4.2
*
* @deprecated Do not use. The GGS based experimental authentication schemes are no longer
* supported. Consider using Basic or Bearer authentication with TLS instead.
*
* @see BasicSchemeFactory
* @see BearerSchemeFactory
*/
@Deprecated
@Contract(threading = ThreadingBehavior.STATELESS)
@Experimental
public class KerberosSchemeFactory implements AuthSchemeFactory {
@ -53,16 +59,16 @@ public class KerberosSchemeFactory implements AuthSchemeFactory {
/**
* Singleton instance for the default configuration.
*/
public static final KerberosSchemeFactory DEFAULT = new KerberosSchemeFactory(KerberosConfig.DEFAULT,
public static final KerberosSchemeFactory DEFAULT = new KerberosSchemeFactory(org.apache.hc.client5.http.auth.KerberosConfig.DEFAULT,
SystemDefaultDnsResolver.INSTANCE);
private final KerberosConfig config;
private final org.apache.hc.client5.http.auth.KerberosConfig config;
private final DnsResolver dnsResolver;
/**
* @since 5.0
*/
public KerberosSchemeFactory(final KerberosConfig config, final DnsResolver dnsResolver) {
public KerberosSchemeFactory(final org.apache.hc.client5.http.auth.KerberosConfig config, final DnsResolver dnsResolver) {
super();
this.config = config;
this.dnsResolver = dnsResolver;

10
httpclient5/src/main/java/org/apache/hc/client5/http/impl/auth/SPNegoScheme.java
View File

@ -28,7 +28,6 @@ package org.apache.hc.client5.http.impl.auth;
import org.apache.hc.client5.http.DnsResolver;
import org.apache.hc.client5.http.auth.StandardAuthScheme;
import org.apache.hc.client5.http.auth.KerberosConfig;
import org.apache.hc.core5.annotation.Experimental;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.Oid;
@ -42,7 +41,14 @@ import org.ietf.jgss.Oid;
* </p>
*
* @since 4.2
*
* @deprecated Do not use. The GGS based experimental authentication schemes are no longer
* supported. Consider using Basic or Bearer authentication with TLS instead.
*
* @see BasicScheme
* @see BearerScheme
*/
@Deprecated
@Experimental
public class SPNegoScheme extends GGSSchemeBase {
@ -51,7 +57,7 @@ public class SPNegoScheme extends GGSSchemeBase {
/**
* @since 5.0
*/
public SPNegoScheme(final KerberosConfig config, final DnsResolver dnsResolver) {
public SPNegoScheme(final org.apache.hc.client5.http.auth.KerberosConfig config, final DnsResolver dnsResolver) {
super(config, dnsResolver);
}

14
httpclient5/src/main/java/org/apache/hc/client5/http/impl/auth/SPNegoSchemeFactory.java
View File

@ -30,7 +30,6 @@ import org.apache.hc.client5.http.DnsResolver;
import org.apache.hc.client5.http.SystemDefaultDnsResolver;
import org.apache.hc.client5.http.auth.AuthScheme;
import org.apache.hc.client5.http.auth.AuthSchemeFactory;
import org.apache.hc.client5.http.auth.KerberosConfig;
import org.apache.hc.core5.annotation.Contract;
import org.apache.hc.core5.annotation.Experimental;
import org.apache.hc.core5.annotation.ThreadingBehavior;
@ -45,7 +44,14 @@ import org.apache.hc.core5.http.protocol.HttpContext;
* </p>
*
* @since 4.2
*
* @deprecated Do not use. The GGS based experimental authentication schemes are no longer
* supported. Consider using Basic or Bearer authentication with TLS instead.
*
* @see BasicSchemeFactory
* @see BearerSchemeFactory
*/
@Deprecated
@Contract(threading = ThreadingBehavior.STATELESS)
@Experimental
public class SPNegoSchemeFactory implements AuthSchemeFactory {
@ -53,16 +59,16 @@ public class SPNegoSchemeFactory implements AuthSchemeFactory {
/**
* Singleton instance for the default configuration.
*/
public static final SPNegoSchemeFactory DEFAULT = new SPNegoSchemeFactory(KerberosConfig.DEFAULT,
public static final SPNegoSchemeFactory DEFAULT = new SPNegoSchemeFactory(org.apache.hc.client5.http.auth.KerberosConfig.DEFAULT,
SystemDefaultDnsResolver.INSTANCE);
private final KerberosConfig config;
private final org.apache.hc.client5.http.auth.KerberosConfig config;
private final DnsResolver dnsResolver;
/**
* @since 5.0
*/
public SPNegoSchemeFactory(final KerberosConfig config, final DnsResolver dnsResolver) {
public SPNegoSchemeFactory(final org.apache.hc.client5.http.auth.KerberosConfig config, final DnsResolver dnsResolver) {
super();
this.config = config;
this.dnsResolver = dnsResolver;

4
httpclient5/src/main/java/org/apache/hc/client5/http/impl/classic/HttpClientBuilder.java
View File

@ -69,8 +69,6 @@ import org.apache.hc.client5.http.impl.auth.BasicCredentialsProvider;
import org.apache.hc.client5.http.impl.auth.BasicSchemeFactory;
import org.apache.hc.client5.http.impl.auth.BearerSchemeFactory;
import org.apache.hc.client5.http.impl.auth.DigestSchemeFactory;
import org.apache.hc.client5.http.impl.auth.KerberosSchemeFactory;
import org.apache.hc.client5.http.impl.auth.SPNegoSchemeFactory;
import org.apache.hc.client5.http.impl.auth.SystemDefaultCredentialsProvider;
import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder;
import org.apache.hc.client5.http.impl.routing.DefaultProxyRoutePlanner;
@ -965,8 +963,6 @@ public class HttpClientBuilder {
.register(StandardAuthScheme.BASIC, BasicSchemeFactory.INSTANCE)
.register(StandardAuthScheme.DIGEST, DigestSchemeFactory.INSTANCE)
.register(StandardAuthScheme.BEARER, BearerSchemeFactory.INSTANCE)
.register(StandardAuthScheme.SPNEGO, SPNegoSchemeFactory.DEFAULT)
.register(StandardAuthScheme.KERBEROS, KerberosSchemeFactory.DEFAULT)
.build();
}
Lookup<CookieSpecFactory> cookieSpecRegistryCopy = this.cookieSpecRegistry;

4
httpclient5/src/main/java/org/apache/hc/client5/http/impl/classic/ProxyClient.java
View File

@ -48,8 +48,6 @@ import org.apache.hc.client5.http.impl.auth.BasicCredentialsProvider;
import org.apache.hc.client5.http.impl.auth.BasicSchemeFactory;
import org.apache.hc.client5.http.impl.auth.DigestSchemeFactory;
import org.apache.hc.client5.http.impl.auth.HttpAuthenticator;
import org.apache.hc.client5.http.impl.auth.KerberosSchemeFactory;
import org.apache.hc.client5.http.impl.auth.SPNegoSchemeFactory;
import org.apache.hc.client5.http.impl.io.ManagedHttpClientConnectionFactory;
import org.apache.hc.client5.http.io.ManagedHttpClientConnection;
import org.apache.hc.client5.http.protocol.HttpClientContext;
@ -120,8 +118,6 @@ public class ProxyClient {
this.authSchemeRegistry = RegistryBuilder.<AuthSchemeFactory>create()
.register(StandardAuthScheme.BASIC, BasicSchemeFactory.INSTANCE)
.register(StandardAuthScheme.DIGEST, DigestSchemeFactory.INSTANCE)
.register(StandardAuthScheme.SPNEGO, SPNegoSchemeFactory.DEFAULT)
.register(StandardAuthScheme.KERBEROS, KerberosSchemeFactory.DEFAULT)
.build();
this.reuseStrategy = DefaultClientConnectionReuseStrategy.INSTANCE;
}