Fix the issues causing Kerberos/SPNego to fail

1. At the beginning of the negotiate, no token is defined in "WWW-Authenticate: Negotiate". 2. Kerberos expects HTTP.
apache · Feb 20, 2021 · a0184188c1a7651e4fdd8d4bd899506be0927e30 · a018418
1 parent c39117e
commit a0184188c1a7651e4fdd8d4bd899506be0927e30
Showing 1 changed file with 6 additions and 8 deletions.
diff --git a/httpclient5/src/main/java/org/apache/hc/client5/http/impl/auth/GGSSchemeBase.java b/httpclient5/src/main/java/org/apache/hc/client5/http/impl/auth/GGSSchemeBase.java
@@ -28,7 +28,6 @@
 
 import java.net.UnknownHostException;
 import java.security.Principal;
-import java.util.Locale;
 
 import org.apache.commons.codec.binary.Base64;
 import org.apache.hc.client5.http.DnsResolver;
@@ -73,7 +72,8 @@ enum State {
     }
 
     private static final Logger LOG = LoggerFactory.getLogger(GGSSchemeBase.class);
-
+    private static final String NO_TOKEN = "";
+    private static final String KERBEROS_SCHEME = "HTTP";
     private final KerberosConfig config;
     private final DnsResolver dnsResolver;
 
@@ -108,10 +108,9 @@ public void processChallenge(
             final AuthChallenge authChallenge,
             final HttpContext context) throws MalformedChallengeException {
         Args.notNull(authChallenge, "AuthChallenge");
-        if (authChallenge.getValue() == null) {
-            throw new MalformedChallengeException("Missing auth challenge");
-        }
-        this.challenge = authChallenge.getValue();
+
+        this.challenge = authChallenge.getValue() != null ? authChallenge.getValue() : NO_TOKEN;
+
         if (state == State.UNINITIATED) {
             token = Base64.decodeBase64(challenge.getBytes());
             state = State.CHALLENGE_RECEIVED;
@@ -222,14 +221,13 @@ public String generateAuthResponse(
                 } else {
                     authServer = hostname + ":" + host.getPort();
                 }
-                final String serviceName = host.getSchemeName().toUpperCase(Locale.ROOT);
 
                 if (LOG.isDebugEnabled()) {
                     final HttpClientContext clientContext = HttpClientContext.adapt(context);
                     final String exchangeId = clientContext.getExchangeId();
                     LOG.debug("{} init {}", exchangeId, authServer);
                 }
-                token = generateToken(token, serviceName, authServer);
+                token = generateToken(token, KERBEROS_SCHEME, authServer);
                 state = State.TOKEN_GENERATED;
             } catch (final GSSException gsse) {
                 state = State.FAILED;