Add property to disable SPNEGO

[carlspring]

Task Description

In our company we've had to fork the sonar-stash project and make it support SPNEGO using our in-house library which handles the SPNEGO/Kerberos authentication. We forked the sonar-stash project in order to make it support SPNEGO/Kerberos via our own in-house library. The sonar-stash uses the async-http-client for handling it's HTTP requests.

What happens is that both our in-house SPNEGO/Kerberos library and the async-http-client library are trying to set the Authorization header. From the looks of it, our library kicks in and does it's job, but then the async-http-client also kicks in and wipes out the token and sets an incorrect one and then the authentication and authorization negotiation fails.

Proposal

We would like to propose adding a simple boolean property in the SPNEGO part of the switch case in perConnectionAuthorizationHeader in AuthenticatorUtils. This way it will be possible to disable SPNEGO by passing a property like org.asynchttpclient.disable.spnego.interceptor=true.

This fixes things for us and we'd be happy to submit a pull request for it.

Please, advise!

[slandelle]

make it support SPNEGO using our in-house library which handles the SPNEGO/Kerberos authentication.

Why not open source this library? Why not contribute back to sonar-stash?

[carlspring]

I doubt it would be possible to opensource this library. However, we will try to contribute the fixes for the sonar-stash plugin back to their project, despite the fact that it's reached an end-of-life, as it seems.

[carlspring]

Would you like us to open a pull request for the async-http-client with the proposed change?

[slandelle]

I doubt it would be possible to opensource this library.

Why not? How specific is it to your organization? Wouldn't it be fair to contribute back as your organization seems to be using a lot of open source?

[carlspring]

Yes, this is true and while I may be pro-opensource, as I said, I work for a large organization where such changes, (if at all approved by all stakeholders and the legal department), will take a lot of time. I don't think that opensourcing the library is something that's currently planned, or even possible. (It's also handled by another team, not under our jurisdiction).

We are, however, interested in submitting a pull request and were wondering:

• If you'd be open to accepting the change described above
• When do intend to make a new release and whether this change could be part of the upcoming release?

Thanks! :)

[carlspring]

@slandelle ,

Would you be happy with us providing a pull request for the above?

[TomGranot]

@carlspring Hey, I'm the new maintainer of the repo, slowly going over old stuff and trying to ping the people involved to see what's relevant. I assume you stayed with a fork of this library with the suggested change? If you can make the fork public and open a PR against this repo that would be great, I'll review it and consider whether to include it or not in a next release.

[carlspring]

Hi @TomGranot ,

Unfortunately, I am no longer with the company where I fixed this. As far as I remember, it was just a matter of adding a simpe property and an if-statement. As I am no longer in the company, I don't have a proper set up for the SPNEGO testing part, so I wouldn't really be able to reproduce, fix and test this. My explanation in the task's description should be enough to figure it out though.

I'm sorry I can't be of further assistance, but it was over a year ago.

All the best!

Kind regards,

Martin

[TomGranot]

@carlspring No worries, and I hope you landed somewhere else safely.

Will close for now and bring up if relevant again.