HTTPCLIENT-1736: do not request cred delegation by default when using Kerberos auth
git-svn-id: https://svn.apache.org/repos/asf/httpcomponents/httpclient/branches/4.5.x@1746747 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
b52a623ccf
commit
572fd4cd9c
|
@ -37,7 +37,7 @@ import java.io.IOException;
|
|||
* @since 4.1
|
||||
*
|
||||
* @deprecated (4.2) subclass {@link KerberosScheme} and override
|
||||
* {@link KerberosScheme#generateGSSToken(byte[], org.ietf.jgss.Oid, String)}
|
||||
* {@link KerberosScheme#generateGSSToken(byte[], org.ietf.jgss.Oid, String, org.apache.http.auth.Credentials)}
|
||||
*/
|
||||
@Deprecated
|
||||
public interface SpnegoTokenGenerator {
|
||||
|
|
|
@ -111,10 +111,6 @@ public abstract class GGSSchemeBase extends AuthSchemeBase {
|
|||
protected byte[] generateGSSToken(
|
||||
final byte[] input, final Oid oid, final String authServer,
|
||||
final Credentials credentials) throws GSSException {
|
||||
byte[] inputBuff = input;
|
||||
if (inputBuff == null) {
|
||||
inputBuff = new byte[0];
|
||||
}
|
||||
final GSSManager manager = getManager();
|
||||
final GSSName serverName = manager.createName("HTTP@" + authServer, GSSName.NT_HOSTBASED_SERVICE);
|
||||
|
||||
|
@ -125,13 +121,24 @@ public abstract class GGSSchemeBase extends AuthSchemeBase {
|
|||
gssCredential = null;
|
||||
}
|
||||
|
||||
final GSSContext gssContext = manager.createContext(
|
||||
serverName.canonicalize(oid), oid, gssCredential, GSSContext.DEFAULT_LIFETIME);
|
||||
gssContext.requestMutualAuth(true);
|
||||
gssContext.requestCredDeleg(true);
|
||||
return gssContext.initSecContext(inputBuff, 0, inputBuff.length);
|
||||
final GSSContext gssContext = createGSSContext(manager, oid, serverName, gssCredential);
|
||||
if (input != null) {
|
||||
return gssContext.initSecContext(input, 0, input.length);
|
||||
} else {
|
||||
return gssContext.initSecContext(new byte[] {}, 0, 0);
|
||||
}
|
||||
}
|
||||
|
||||
GSSContext createGSSContext(
|
||||
final GSSManager manager,
|
||||
final Oid oid,
|
||||
final GSSName serverName,
|
||||
final GSSCredential gssCredential) throws GSSException {
|
||||
final GSSContext gssContext = manager.createContext(serverName.canonicalize(oid), oid, gssCredential,
|
||||
GSSContext.DEFAULT_LIFETIME);
|
||||
gssContext.requestMutualAuth(true);
|
||||
return gssContext;
|
||||
}
|
||||
/**
|
||||
* @deprecated (4.4) Use {@link #generateToken(byte[], String, org.apache.http.auth.Credentials)}.
|
||||
*/
|
||||
|
|
Loading…
Reference in New Issue