@Test(timeout=30000) // this timeout (in ms) needs to be extended if you're actively debugging the code
public void testNoInfiniteLoopOnSPNOutsideDomain() throws Exception {
Assume.assumeTrue("Test can only be run on Windows", WinHttpClients.isWinAuthAvailable());
// HTTPCLIENT-1545
// If a service principal name (SPN) from outside your Windows domain tree (e.g., HTTP/example.com) is used,
// InitializeSecurityContext will return SEC_E_DOWNGRADE_DETECTED (decimal: -2146892976, hex: 0x80090350).
// Because WindowsNegotiateScheme wasn't setting the completed state correctly when authentication fails,
// HttpClient goes into an infinite loop, constantly retrying the negotiate authentication to kingdom
// come. This error message, "The system detected a possible attempt to compromise security. Please ensure that
// you can contact the server that authenticated you." is associated with SEC_E_DOWNGRADE_DETECTED.
final Registry<AuthSchemeProvider> authSchemeRegistry = RegistryBuilder.<AuthSchemeProvider>create()
.register(AuthSchemes.SPNEGO, new AuthSchemeProvider() {
@Override
public AuthScheme create(final HttpContext context) {
return new WindowsNegotiateSchemeGetTokenFail(AuthSchemes.SPNEGO, "HTTP/example.com");
}
}).build();
final CredentialsProvider credsProvider =
new WindowsCredentialsProvider(new SystemDefaultCredentialsProvider());
final CloseableHttpClient customClient = HttpClientBuilder.create()
.setDefaultCredentialsProvider(credsProvider)
.setDefaultAuthSchemeRegistry(authSchemeRegistry).build();
final HttpHost target = start();
final HttpGet httpGet = new HttpGet("/");
final CloseableHttpResponse response = customClient.execute(target, httpGet);
try {
EntityUtils.consume(response.getEntity());
} finally {
response.close();
}
}
TestWindowsNegotiateScheme.java 文件源码
java
阅读 25
收藏 0
点赞 0
评论 0
项目:purecloud-iot
作者:
评论列表
文章目录