Add SPNEGO authentication header #107
Conversation
JaCoCo code coverage report - scala:2.12.17
|
There was a problem hiding this comment.
There is also the matter of existing Swagger v3 OAS Annotations (aka OpenAPI docs) - this has bears no information about the Negotiate Auth option.
GET http://localhost:9090/v3/api-docs.yaml gives
/token/generate:
post:
security:
- basicAuth: []
...
securitySchemes:
basicAuth:
type: http
scheme: basic
...
but it should probably give
/token/generate:
post:
security:
- negotiate: []
- basicAuth: []
...
securitySchemes:
negotiate:
type: http
scheme: negotiate
basicAuth:
type: http
scheme: basic
I think that the solution might be adding another
@SecurityRequirement(name = "negotiate")and introducing something like
@SecurityScheme(
name = "negotiate",
`type` = SecuritySchemeType.HTTP,
scheme = "negotiate"
)
I am not sure that it is entirely correct (perhaps do your own research how it should be done properly, but something along these lines| response: HttpServletResponse, | ||
| authException: AuthenticationException) => { | ||
| response.setStatus(HttpServletResponse.SC_UNAUTHORIZED) | ||
| response.addHeader("WWW-Authenticate", "Negotiate") |
There was a problem hiding this comment.
I tried it and when kerberos was disabled in config, running a POST against the endpoint ( curl -X POST http://localhost:9090/token/generate -v) resulted only in:
< WWW-Authenticate: Basic realm="Realm"
(as expected ✅ ).
However, when running the same while having kerberos enabled in config, it only returned
< WWW-Authenticate: Negotiate
This time I would expect both options being present in the headers:
< WWW-Authenticate: Basic realm="Realm"
< WWW-Authenticate: Negotiate
Added WWW-Authentication: Negotiate Header to 401 Status response when Kerberos is enabled
closes #106