HTTPCLIENT-1736: do not request cred delegation by default when using Kerberos auth

git-svn-id: https://svn.apache.org/repos/asf/httpcomponents/httpclient/branches/4.5.x@1746747 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Oleg Kalnichevski 2016-06-03 19:21:14 +00:00
parent b52a623ccf
commit 572fd4cd9c
2 changed files with 17 additions and 10 deletions

View File

@ -37,7 +37,7 @@ import java.io.IOException;
* @since 4.1
*
* @deprecated (4.2) subclass {@link KerberosScheme} and override
* {@link KerberosScheme#generateGSSToken(byte[], org.ietf.jgss.Oid, String)}
* {@link KerberosScheme#generateGSSToken(byte[], org.ietf.jgss.Oid, String, org.apache.http.auth.Credentials)}
*/
@Deprecated
public interface SpnegoTokenGenerator {

View File

@ -111,10 +111,6 @@ public abstract class GGSSchemeBase extends AuthSchemeBase {
protected byte[] generateGSSToken(
final byte[] input, final Oid oid, final String authServer,
final Credentials credentials) throws GSSException {
byte[] inputBuff = input;
if (inputBuff == null) {
inputBuff = new byte[0];
}
final GSSManager manager = getManager();
final GSSName serverName = manager.createName("HTTP@" + authServer, GSSName.NT_HOSTBASED_SERVICE);
@ -125,13 +121,24 @@ public abstract class GGSSchemeBase extends AuthSchemeBase {
gssCredential = null;
}
final GSSContext gssContext = manager.createContext(
serverName.canonicalize(oid), oid, gssCredential, GSSContext.DEFAULT_LIFETIME);
gssContext.requestMutualAuth(true);
gssContext.requestCredDeleg(true);
return gssContext.initSecContext(inputBuff, 0, inputBuff.length);
final GSSContext gssContext = createGSSContext(manager, oid, serverName, gssCredential);
if (input != null) {
return gssContext.initSecContext(input, 0, input.length);
} else {
return gssContext.initSecContext(new byte[] {}, 0, 0);
}
}
GSSContext createGSSContext(
final GSSManager manager,
final Oid oid,
final GSSName serverName,
final GSSCredential gssCredential) throws GSSException {
final GSSContext gssContext = manager.createContext(serverName.canonicalize(oid), oid, gssCredential,
GSSContext.DEFAULT_LIFETIME);
gssContext.requestMutualAuth(true);
return gssContext;
}
/**
* @deprecated (4.4) Use {@link #generateToken(byte[], String, org.apache.http.auth.Credentials)}.
*/