Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-users] migration woes from version 9 to 10 - possible character encoding issue
  • From: Bryan Coleman <bryan.coleman@xxxxxxxx>
  • Date: Wed, 7 Sep 2022 14:48:00 +0000
  • Accept-language: en-US
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=dart.biz; dmarc=pass action=none header.from=dart.biz; dkim=pass header.d=dart.biz; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=YXBZ2U011JZaZYi/CYqciK8JnJ8t9V6nxJM5qnk/Dow=; b=ZVoX5nCX6k2QgN6Vw+VX/NrUSJhnk+NajXClypkEEvl2KIGCVzieqOJWfSkSh+oOPTmvGCY9bU8ypazj6S1njwgRv3gPNgFsBW5nEKA0LVp9ZXFldIORLVqwgrrnWk2+Hp5hca9wVPPqjmz0HFj1IVgFPvSLYgQ1xhHBPOAn4H2mLvS93x4UWvCebofCSvO7o3DG3feJYVZHa9j01u0yXPAosCrThJd8wdYYNrSFvtsW1hANOratKF57/RM/LUIphN3Keuh6JNhEAfp+lNT1QMtyHthmr3WxasPxFzSf2MaJDeEGUxAPPiKfdt0MpYGG4JZfgcZh++IXbnT56HwSKQ==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JN9f2EW5oh2d9d49VUR1DV1QH/9YVYOMZBaxaWEZmiH/QhUthmsJKenxwB57bmjh5Lsw2VXy0Aae8vOzmJvQfussIy8YLsSE2fAgmoOMsXbDpjGmhl/Pk2DnnMFghPM1Debn1ZVYDP69gnyxdFZ1RRVLtRxtDxCSt25wsfdGMdlmPasjDswwQ3JVXKTbmXg3KMy/9yf098vSwFyi1JxRYm2YAeT/TbUpvGzTj75ve7BQf05m3dVIEa+YSVe5aTJg2b2i5TjY/1Ww4CfjdE8Kq40SLazGaxtku7pgC9irFNQwAw42GV2VMpNjXHCsVBBbUON51y86AgMoZZd/Nt78IQ==
  • Delivered-to: jetty-users@xxxxxxxxxxx
  • List-archive: <https://www.eclipse.org/mailman/private/jetty-users/>
  • List-help: <mailto:jetty-users-request@eclipse.org?subject=help>
  • List-subscribe: <https://www.eclipse.org/mailman/listinfo/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=subscribe>
  • List-unsubscribe: <https://www.eclipse.org/mailman/options/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=unsubscribe>
  • Thread-index: AQHYsjLBBXbI7TDmsEykBqBgXPJjta20JhwAgABlL/CACZFhAIABOO4AgBMtvjCAASzJAIAAeGUA
  • Thread-topic: [jetty-users] migration woes from version 9 to 10 - possible character encoding issue
Thanks for the information.  

Yes, I believe it is related to the FallbackAuthenticator as well.  I was able to get the Basic portion of the fallback to work by bringing it in line with apparent differences from the BasicAuthenticator; specifically, the credential "space" and charset.  I wonder if there isn't something similar with the Kerberos authentication?  

I since tried to temporarily replace the FallbackAuthenticator with the ConfigurableSpnegoAuthenticator.  The result is a "RuntimeException: GSSException: Failure unspecified at GSS-API level (Mechanism level: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP-REQ - RC4 with HMAC)".  My thought was to get the out-of-the-box ConfigurableSpnegoAuthenticator to work before using custom code.  The odd thing is the code works fine with jetty 9; however, with jetty 10 the GSSException keeps coming to the surface.  

A few things I was trying to track down:  

     1) Does jetty 10 use a different set of default encoding types?  

     2) Is there a way to set libdefaults default_tkt_enctypes and default_tgt_enctypes programically via the JassConfigurator (i.e. Configuration)?

     3) Do I need to create the keytab file differently?



-----Original Message-----
From: Simone Bordet <simone.bordet@xxxxxxxxx> 
Sent: Wednesday, September 7, 2022 3:20 AM
To: JETTY user mailing list <jetty-users@xxxxxxxxxxx>
Cc: Bryan Coleman <bryan.coleman@xxxxxxxx>
Subject: Re: [jetty-users] migration woes from version 9 to 10 - possible character encoding issue

[You don't often get email from simone.bordet@xxxxxxxxx. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ]

Hi,

On Tue, Sep 6, 2022 at 5:08 PM Bryan Coleman via jetty-users <jetty-users@xxxxxxxxxxx> wrote:
>
> I believe I have narrowed the issue down to the login arena (i.e. login / authentication / authorization).
>
> I am using a fallback authenticator which is an extension of the ConfigurableSpnegoAuthenticator and works to authenticate clients using a myriad of options (Spnego, NTLM, Basic).
>
> With jetty 10, if I change things to start with the BasicAuthenticator, provide credentials, stop things and then restart with the FallbackAuthenticator it works; however, if I start with the FallbackAuthenticator out of the gate it tries to do Anonymous authentication and fails.

>From your description, seems to be a problem in your FallbackAuthenticator...

> Questions:
>
>         Any ideas?
>
>         Has anything changed with the Spnego setup requirements from jetty 9 to 10?

No.

>         Is there a good reference for Spnego setup?  (I noticed that 
> the programming guide still shows TODO for HttpClient SPNEGO 
> authentication support)

Look at the tests, see
https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Feclipse%2Fjetty.project%2Fblob%2Fjetty-10.0.11%2Fjetty-client%2Fsrc%2Ftest%2Fjava%2Forg%2Feclipse%2Fjetty%2Fclient%2Futil%2FSPNEGOAuthenticationTest.java&amp;data=05%7C01%7Cbryan.coleman%40dart.biz%7C155ac064663a4beb203108da90a16d93%7Cd90804aba2264b3da37a256f7aba7ff1%7C0%7C0%7C637981320260484464%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&amp;sdata=azA2GJxkQBX2MjOJaFiGWzhZhn8TnbU74DrP6%2FGPfJs%3D&amp;reserved=0.

--
Simone Bordet
---
Finally, no matter how good the architecture and design are, to deliver bug-free software with optimal performance and reliability,
the implementation technique must be flawless.   Victoria Livschitz

Back to the top