Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add SPNEGO authentication header #107

Merged
merged 3 commits into from
Nov 19, 2024

Conversation

TheLydonKing
Copy link
Collaborator

Added WWW-Authentication: Negotiate Header to 401 Status response when Kerberos is enabled

closes #106

@TheLydonKing TheLydonKing self-assigned this Nov 15, 2024
@TheLydonKing TheLydonKing linked an issue Nov 15, 2024 that may be closed by this pull request
Copy link

github-actions bot commented Nov 15, 2024

JaCoCo code coverage report - scala:2.12.17

File Coverage [84.42%] 🍏
SecurityConfig.scala 84.91% 🍏
TokenController.scala 84.12% 🍏
Total Project Coverage 62.72% 🍏

Copy link
Collaborator

@dk1844 dk1844 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There is also the matter of existing Swagger v3 OAS Annotations (aka OpenAPI docs) - this has bears no information about the Negotiate Auth option.
GET http://localhost:9090/v3/api-docs.yaml gives

  /token/generate:
    post:
      security:
      - basicAuth: []
  ...
  securitySchemes:
    basicAuth:
      type: http
      scheme: basic
...

but it should probably give

  /token/generate:
    post:
      security:
      - negotiate: []
      - basicAuth: []
  ...
  securitySchemes:
    negotiate:
      type: http
      scheme: negotiate
    basicAuth:
      type: http
      scheme: basic

I think that the solution might be adding another

  @SecurityRequirement(name = "negotiate")

and introducing something like

@SecurityScheme(
  name = "negotiate",
  `type` = SecuritySchemeType.HTTP,
  scheme = "negotiate"
)

I am not sure that it is entirely correct (perhaps do your own research how it should be done properly, but something along these lines

Copy link
Collaborator

@dk1844 dk1844 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM (tested on my machine)

@TheLydonKing TheLydonKing merged commit 93cf38d into master Nov 19, 2024
3 checks passed
@TheLydonKing TheLydonKing deleted the feature/106-add-spnego-auth-to-response-headers branch November 19, 2024 12:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Add SPNEGO auth to response headers
2 participants