private HttpContext createContextForServer(ServerInfo serverInfo) { HttpContext httpContext = null; if (serverInfo.credentials != null || serverInfo.ntCredentials != null) { HttpClientContext context = HttpClientContext.create(); CredentialsProvider credsProvider = (useBuiltinWindowsAuthentication(serverInfo)) ? credsProvider = new WindowsCredentialsProvider(new SystemDefaultCredentialsProvider()) : new HttpClientCredentialsProvider(serverInfo.credentials, serverInfo.ntCredentials); if (serverInfo.credentials != null) { credsProvider.setCredentials(serverInfo.authscope, serverInfo.credentials); } if (serverInfo.ntCredentials != null) { credsProvider.setCredentials(serverInfo.authscope, serverInfo.ntCredentials); } context.setCredentialsProvider(credsProvider); httpContext = context; } return httpContext; }
public void configure(HttpClientBuilder builder) { SystemDefaultCredentialsProvider credentialsProvider = new SystemDefaultCredentialsProvider(); configureSslSocketConnectionFactory(builder, httpSettings.getSslContextFactory()); configureAuthSchemeRegistry(builder); configureCredentials(builder, credentialsProvider, httpSettings.getAuthenticationSettings()); configureProxy(builder, credentialsProvider, httpSettings); configureUserAgent(builder); builder.setDefaultCredentialsProvider(credentialsProvider); }
@Test(timeout=30000) // this timeout (in ms) needs to be extended if you're actively debugging the code public void testNoInfiniteLoopOnSPNOutsideDomain() throws Exception { Assume.assumeTrue("Test can only be run on Windows", WinHttpClients.isWinAuthAvailable()); // HTTPCLIENT-1545 // If a service principal name (SPN) from outside your Windows domain tree (e.g., HTTP/example.com) is used, // InitializeSecurityContext will return SEC_E_DOWNGRADE_DETECTED (decimal: -2146892976, hex: 0x80090350). // Because WindowsNegotiateScheme wasn't setting the completed state correctly when authentication fails, // HttpClient goes into an infinite loop, constantly retrying the negotiate authentication to kingdom // come. This error message, "The system detected a possible attempt to compromise security. Please ensure that // you can contact the server that authenticated you." is associated with SEC_E_DOWNGRADE_DETECTED. final Registry<AuthSchemeProvider> authSchemeRegistry = RegistryBuilder.<AuthSchemeProvider>create() .register(AuthSchemes.SPNEGO, new AuthSchemeProvider() { @Override public AuthScheme create(final HttpContext context) { return new WindowsNegotiateSchemeGetTokenFail(AuthSchemes.SPNEGO, "HTTP/example.com"); } }).build(); final CredentialsProvider credsProvider = new WindowsCredentialsProvider(new SystemDefaultCredentialsProvider()); final CloseableHttpClient customClient = HttpClientBuilder.create() .setDefaultCredentialsProvider(credsProvider) .setDefaultAuthSchemeRegistry(authSchemeRegistry).build(); final HttpHost target = start(); final HttpGet httpGet = new HttpGet("/"); final CloseableHttpResponse response = customClient.execute(target, httpGet); try { EntityUtils.consume(response.getEntity()); } finally { response.close(); } }
private static HttpClientContext internalCreateSSOContext() { if (log.isDebugEnabled()) log.debug("internalCreateSSOContext("); //System.setProperty("java.security.krb5.conf", "C:\\Windows\\krb5.ini"); //System.setProperty("sun.security.krb5.debug", "true"); System.setProperty("javax.security.auth.useSubjectCredsOnly","false"); HttpClientContext context = HttpClientContext.create(); if (isNTLMAuthenticationEnabled()) { if (log.isDebugEnabled()) log.debug("set WindowsCredentialsProvider"); final CredentialsProvider credsProvider = new WindowsCredentialsProvider(new SystemDefaultCredentialsProvider()); context.setCredentialsProvider(credsProvider); } else { if (log.isDebugEnabled()) log.debug("set JAAS credential provider"); // This may seem odd, but specifying 'null' as principal tells java to use the logged in user's credentials Credentials useJaasCreds = new Credentials() { public String getPassword() { return null; } public Principal getUserPrincipal() { return null; } }; BasicCredentialsProvider credentialsProvider = new BasicCredentialsProvider(); credentialsProvider.setCredentials( new AuthScope(null, -1, null), useJaasCreds ); context.setCredentialsProvider(credentialsProvider); } if (log.isDebugEnabled()) log.debug(")internalCreateSSOContext"); return context; }
