|Re: [jgit-dev] SPNEGO authentication for jgit|
On Tue, Feb 25, 2014 at 2:11 AM, Halstrick, Christian <christian.halstrick@xxxxxxx> wrote:
have you seen my changes to teach jgit to use org.apache httpclient instead of jdk’s HttpURLConnection ? JGit will then not use jdks HttpURLConnection at all and uses apaches classeswhich support SPNEGO. I am not sure whether this will help but I can imagine that it will at least change the situation a lot. I could imagine that your changes are still needed also when weuse HttpClient … but I think you should test this. In the best case you would even not need your changes but simply switch to usage of HttpClient. My guess would be that we still need your changesalso when we use httpclient. JDKs HttpURLConnection and Apaches HttpClient both support SPNEGO so the difference shouldn’t be big.Hi Christian,
Yes, I saw your changes and tested them. That's actually what triggered me to work on SPNEGO :)
From my tests, Apache HC doesn't support out of the box SPNEGO: you need to register a auth module like suggested by  and probably some other stuff (I tried to reuse the example as-is with no success). And it probably as the same issue as JDK HttpUrlConnection: not being able to handle authentication for streamed requests.
But on the bright side, it works as-is with my changes. The only difference I noticed is a prompt for user/password when creating the security token for the first time (I suspect that Sun has some methods to avoid this), but pressing enter (without entering informations) is enough to complete authentication and clone a repository for example.Is there any chance that we get tests for this? We do have unit tests where we start our own jetty based git server inside the test and check that the user gets authenticated usingBASIC authentication . Is there any chance to get such a test for SPNEGO?I would love to provide tests, but I'm not sure if it is doable (I haven't found an easy way for now). SPNEGO is using jGSS which is using the system libraries for security/authentication. I'm looking for a way to mock/inject my own code in the process, but haven't seen an API yet to do so...CiaoChris https://raw.github.com/eclipse/jgit/master/org.eclipse.jgit.http.test/tst/org/eclipse/jgit/http/test/HttpClientTests.java
From: jgit-dev-bounces@xxxxxxxxxxx [mailto:jgit-dev-bounces@xxxxxxxxxxx] On Behalf Of Laurent Goujon
Sent: Dienstag, 25. Februar 2014 04:37
Subject: [jgit-dev] SPNEGO authentication for jgit
My company is using SPNEGO/Kerberos for git authentication, and it seems it doesn't work well with jgit.
I open bug 428836  to track this issue, and I also tried to fix it by myself. So far, I submitted 4 patches to Gerrit to implement the feature.
It would be great if some people could review them, and provides feedback. Patches have been submitted to Hudson, but builds aborted before the end.
Thanks in advance,
Back to the top