[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [jetty-users] migration woes from version 9 to 10 - possible character encoding issue
|
- From: Bryan Coleman <bryan.coleman@xxxxxxxx>
- Date: Wed, 7 Sep 2022 14:48:00 +0000
- Accept-language: en-US
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=dart.biz; dmarc=pass action=none header.from=dart.biz; dkim=pass header.d=dart.biz; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=YXBZ2U011JZaZYi/CYqciK8JnJ8t9V6nxJM5qnk/Dow=; b=ZVoX5nCX6k2QgN6Vw+VX/NrUSJhnk+NajXClypkEEvl2KIGCVzieqOJWfSkSh+oOPTmvGCY9bU8ypazj6S1njwgRv3gPNgFsBW5nEKA0LVp9ZXFldIORLVqwgrrnWk2+Hp5hca9wVPPqjmz0HFj1IVgFPvSLYgQ1xhHBPOAn4H2mLvS93x4UWvCebofCSvO7o3DG3feJYVZHa9j01u0yXPAosCrThJd8wdYYNrSFvtsW1hANOratKF57/RM/LUIphN3Keuh6JNhEAfp+lNT1QMtyHthmr3WxasPxFzSf2MaJDeEGUxAPPiKfdt0MpYGG4JZfgcZh++IXbnT56HwSKQ==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JN9f2EW5oh2d9d49VUR1DV1QH/9YVYOMZBaxaWEZmiH/QhUthmsJKenxwB57bmjh5Lsw2VXy0Aae8vOzmJvQfussIy8YLsSE2fAgmoOMsXbDpjGmhl/Pk2DnnMFghPM1Debn1ZVYDP69gnyxdFZ1RRVLtRxtDxCSt25wsfdGMdlmPasjDswwQ3JVXKTbmXg3KMy/9yf098vSwFyi1JxRYm2YAeT/TbUpvGzTj75ve7BQf05m3dVIEa+YSVe5aTJg2b2i5TjY/1Ww4CfjdE8Kq40SLazGaxtku7pgC9irFNQwAw42GV2VMpNjXHCsVBBbUON51y86AgMoZZd/Nt78IQ==
- Delivered-to: jetty-users@xxxxxxxxxxx
- List-archive: <https://www.eclipse.org/mailman/private/jetty-users/>
- List-help: <mailto:jetty-users-request@eclipse.org?subject=help>
- List-subscribe: <https://www.eclipse.org/mailman/listinfo/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=subscribe>
- List-unsubscribe: <https://www.eclipse.org/mailman/options/jetty-users>, <mailto:jetty-users-request@eclipse.org?subject=unsubscribe>
- Thread-index: AQHYsjLBBXbI7TDmsEykBqBgXPJjta20JhwAgABlL/CACZFhAIABOO4AgBMtvjCAASzJAIAAeGUA
- Thread-topic: [jetty-users] migration woes from version 9 to 10 - possible character encoding issue
Thanks for the information.
Yes, I believe it is related to the FallbackAuthenticator as well. I was able to get the Basic portion of the fallback to work by bringing it in line with apparent differences from the BasicAuthenticator; specifically, the credential "space" and charset. I wonder if there isn't something similar with the Kerberos authentication?
I since tried to temporarily replace the FallbackAuthenticator with the ConfigurableSpnegoAuthenticator. The result is a "RuntimeException: GSSException: Failure unspecified at GSS-API level (Mechanism level: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP-REQ - RC4 with HMAC)". My thought was to get the out-of-the-box ConfigurableSpnegoAuthenticator to work before using custom code. The odd thing is the code works fine with jetty 9; however, with jetty 10 the GSSException keeps coming to the surface.
A few things I was trying to track down:
1) Does jetty 10 use a different set of default encoding types?
2) Is there a way to set libdefaults default_tkt_enctypes and default_tgt_enctypes programically via the JassConfigurator (i.e. Configuration)?
3) Do I need to create the keytab file differently?
-----Original Message-----
From: Simone Bordet <simone.bordet@xxxxxxxxx>
Sent: Wednesday, September 7, 2022 3:20 AM
To: JETTY user mailing list <jetty-users@xxxxxxxxxxx>
Cc: Bryan Coleman <bryan.coleman@xxxxxxxx>
Subject: Re: [jetty-users] migration woes from version 9 to 10 - possible character encoding issue
[You don't often get email from simone.bordet@xxxxxxxxx. Learn why this is important at https://aka.ms/LearnAboutSenderIdentification ]
Hi,
On Tue, Sep 6, 2022 at 5:08 PM Bryan Coleman via jetty-users <jetty-users@xxxxxxxxxxx> wrote:
>
> I believe I have narrowed the issue down to the login arena (i.e. login / authentication / authorization).
>
> I am using a fallback authenticator which is an extension of the ConfigurableSpnegoAuthenticator and works to authenticate clients using a myriad of options (Spnego, NTLM, Basic).
>
> With jetty 10, if I change things to start with the BasicAuthenticator, provide credentials, stop things and then restart with the FallbackAuthenticator it works; however, if I start with the FallbackAuthenticator out of the gate it tries to do Anonymous authentication and fails.
>From your description, seems to be a problem in your FallbackAuthenticator...
> Questions:
>
> Any ideas?
>
> Has anything changed with the Spnego setup requirements from jetty 9 to 10?
No.
> Is there a good reference for Spnego setup? (I noticed that
> the programming guide still shows TODO for HttpClient SPNEGO
> authentication support)
Look at the tests, see
https://nam02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Feclipse%2Fjetty.project%2Fblob%2Fjetty-10.0.11%2Fjetty-client%2Fsrc%2Ftest%2Fjava%2Forg%2Feclipse%2Fjetty%2Fclient%2Futil%2FSPNEGOAuthenticationTest.java&data=05%7C01%7Cbryan.coleman%40dart.biz%7C155ac064663a4beb203108da90a16d93%7Cd90804aba2264b3da37a256f7aba7ff1%7C0%7C0%7C637981320260484464%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=azA2GJxkQBX2MjOJaFiGWzhZhn8TnbU74DrP6%2FGPfJs%3D&reserved=0.
--
Simone Bordet
---
Finally, no matter how good the architecture and design are, to deliver bug-free software with optimal performance and reliability,
the implementation technique must be flawless. Victoria Livschitz