Apache
/
lucene
mirror of https://github.com/apache/lucene.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

SOLR-7950: Invalid auth scheme configuration of Http client when using Kerberos (SPNEGO) 

git-svn-id: https://svn.apache.org/repos/asf/lucene/dev/trunk@1698039 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
Gregory Chanan 2015-08-27 00:02:44 +00:00
parent 942750c33f
commit 4ef86ea9cc
2 changed files with 23 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
solr/solrj/src/java/org/apache/solr/client/solrj/impl/Krb5HttpClientConfigurer.java
View File

@ -34,6 +34,7 @@ import org.apache.http.HttpRequest;
import org.apache.http.HttpRequestInterceptor;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.Credentials;
import org.apache.http.auth.AuthSchemeRegistry;
import org.apache.http.impl.auth.SPNegoSchemeFactory;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.protocol.HttpContext;
@ -77,7 +78,10 @@ public class Krb5HttpClientConfigurer extends HttpClientConfigurer {
}
javax.security.auth.login.Configuration.setConfiguration(jaasConfig);
httpClient.getAuthSchemes().register(AuthSchemes.SPNEGO, new SPNegoSchemeFactory(true, false));
//Enable only SPNEGO authentication scheme.
AuthSchemeRegistry registry = new AuthSchemeRegistry();
registry.register(AuthSchemes.SPNEGO, new SPNegoSchemeFactory(true, false));
httpClient.setAuthSchemes(registry);
// Get the credentials from the JAAS configuration rather than here
Credentials useJaasCreds = new Credentials() {
public String getPassword() {

19
solr/solrj/src/test/org/apache/solr/client/solrj/impl/HttpClientUtilTest.java
View File

@ -18,11 +18,13 @@ package org.apache.solr.client.solrj.impl;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;
import java.io.IOException;
import java.util.concurrent.atomic.AtomicInteger;
import org.apache.http.auth.AuthScope;
import org.apache.http.client.config.AuthSchemes;
import org.apache.http.client.HttpClient;
import org.apache.http.client.params.ClientPNames;
import org.apache.http.conn.ssl.AllowAllHostnameVerifier;
@ -30,6 +32,7 @@ import org.apache.http.conn.ssl.BrowserCompatHostnameVerifier;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.conn.ssl.X509HostnameVerifier;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.AbstractHttpClient;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.impl.conn.PoolingClientConnectionManager;
import org.apache.http.params.HttpConnectionParams;
@ -73,7 +76,21 @@ public class HttpClientUtilTest {
client.close();
}
}
@Test
public void testAuthSchemeConfiguration() {
System.setProperty(Krb5HttpClientConfigurer.LOGIN_CONFIG_PROP, "test");
try {
HttpClientUtil.setConfigurer(new Krb5HttpClientConfigurer());
AbstractHttpClient client = (AbstractHttpClient)HttpClientUtil.createClient(null);
assertEquals(1, client.getAuthSchemes().getSchemeNames().size());
assertTrue(AuthSchemes.SPNEGO.equalsIgnoreCase(client.getAuthSchemes().getSchemeNames().get(0)));
} finally {
//Cleanup the system property.
System.clearProperty(Krb5HttpClientConfigurer.LOGIN_CONFIG_PROP);
}
}
@Test
public void testReplaceConfigurer() throws IOException{