diff -Nurp soapui-4.5.1_orig/src/dist/bin/allowtgtsessionkey.reg soapui-4.5.1/src/dist/bin/allowtgtsessionkey.reg --- soapui-4.5.1_orig/src/dist/bin/allowtgtsessionkey.reg 1969-12-31 19:00:00.000000000 -0500 +++ soapui-4.5.1/src/dist/bin/allowtgtsessionkey.reg 2013-02-14 20:04:36.000000000 -0500 @@ -0,0 +1,4 @@ +HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters +Value Name: allowtgtsessionkey +Value Type: REG_DWORD +Value: 0x01 diff -Nurp soapui-4.5.1_orig/src/dist/bin/krb5.conf soapui-4.5.1/src/dist/bin/krb5.conf --- soapui-4.5.1_orig/src/dist/bin/krb5.conf 1969-12-31 19:00:00.000000000 -0500 +++ soapui-4.5.1/src/dist/bin/krb5.conf 2013-02-14 20:01:49.000000000 -0500 @@ -0,0 +1,10 @@ +[libdefaults] + default_realm = AD.EXAMPLE.NET + udp_preference_limit = 1 +[realms] + AD.EXAMPLE.NET = { + kdc = KDC.AD.EXAMPLE.NET + } +[domain_realms] +.ad.example.net=AD.EXAMPLE.NET +ad.example.net=AD.EXAMPLE.NET diff -Nurp soapui-4.5.1_orig/src/dist/bin/login.conf soapui-4.5.1/src/dist/bin/login.conf --- soapui-4.5.1_orig/src/dist/bin/login.conf 1969-12-31 19:00:00.000000000 -0500 +++ soapui-4.5.1/src/dist/bin/login.conf 2013-02-14 20:02:28.000000000 -0500 @@ -0,0 +1,11 @@ +com.sun.security.jgss.login { + com.sun.security.auth.module.Krb5LoginModule required client=TRUE useTicketCache=true; +}; + +com.sun.security.jgss.initiate { + com.sun.security.auth.module.Krb5LoginModule required client=TRUE useTicketCache=true; +}; + +com.sun.security.jgss.accept { + com.sun.security.auth.module.Krb5LoginModule required client=TRUE useTicketCache=true; +}; diff -Nurp soapui-4.5.1_orig/src/dist/bin/readme_negotiate.txt soapui-4.5.1/src/dist/bin/readme_negotiate.txt --- soapui-4.5.1_orig/src/dist/bin/readme_negotiate.txt 1969-12-31 19:00:00.000000000 -0500 +++ soapui-4.5.1/src/dist/bin/readme_negotiate.txt 2013-02-14 23:04:09.000000000 -0500 @@ -0,0 +1,4 @@ +Important: +1. Before you use Negotiate Authentication, configure krb5.conf. +2. On a Windows client please add the registery key and set the value as specified in allowtgtsessionkey.reg if not done already. +3. If you are using Windows Vista+ and the logged in user is also an administrator on the machine and UAC is enabled, you should then run soapUI as an Administrator. diff -Nurp soapui-4.5.1_orig/src/dist/bin/soapui.bat soapui-4.5.1/src/dist/bin/soapui.bat --- soapui-4.5.1_orig/src/dist/bin/soapui.bat 2012-06-27 08:00:50.000000000 -0400 +++ soapui-4.5.1/src/dist/bin/soapui.bat 2013-02-14 20:21:04.000000000 -0500 @@ -19,7 +19,7 @@ rem init classpath rem JVM parameters, modify as appropriate -set JAVA_OPTS=-Xms128m -Xmx1024m -Dsoapui.properties=soapui.properties "-Dsoapui.home=%SOAPUI_HOME%\" +set JAVA_OPTS=-Xms128m -Xmx1024m -Dsoapui.properties=soapui.properties "-Dsoapui.home=%SOAPUI_HOME%\" -Djava.security.auth.login.config=login.cong -Djava.security.krb5.conf=krb5.conf -Djavax.security.auth.useSubjectCredsOnly=false if "%SOAPUI_HOME%" == "" goto START set JAVA_OPTS=%JAVA_OPTS% -Dsoapui.ext.libraries="%SOAPUI_HOME%ext" diff -Nurp soapui-4.5.1_orig/src/dist/bin/soapui.sh soapui-4.5.1/src/dist/bin/soapui.sh --- soapui-4.5.1_orig/src/dist/bin/soapui.sh 2012-06-27 08:00:50.000000000 -0400 +++ soapui-4.5.1/src/dist/bin/soapui.sh 2013-02-14 20:20:25.000000000 -0500 @@ -29,7 +29,7 @@ export SOAPUI_HOME export SOAPUI_CLASSPATH -JAVA_OPTS="-Xms128m -Xmx1024m -Dsoapui.properties=soapui.properties -Dsoapui.home=$SOAPUI_HOME" +JAVA_OPTS="-Xms128m -Xmx1024m -Dsoapui.properties=soapui.properties -Dsoapui.home=$SOAPUI_HOME -Djava.security.auth.login.config=login.cong -Djava.security.krb5.conf=krb5.conf -Djavax.security.auth.useSubjectCredsOnly=false" if [ $SOAPUI_HOME != "" ] then diff -Nurp soapui-4.5.1_orig/src/dist_standalone/bin/allowtgtsessionkey.reg soapui-4.5.1/src/dist_standalone/bin/allowtgtsessionkey.reg --- soapui-4.5.1_orig/src/dist_standalone/bin/allowtgtsessionkey.reg 1969-12-31 19:00:00.000000000 -0500 +++ soapui-4.5.1/src/dist_standalone/bin/allowtgtsessionkey.reg 2013-02-14 22:56:45.000000000 -0500 @@ -0,0 +1,4 @@ +HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters +Value Name: allowtgtsessionkey +Value Type: REG_DWORD +Value: 0x01 diff -Nurp soapui-4.5.1_orig/src/dist_standalone/bin/krb5.conf soapui-4.5.1/src/dist_standalone/bin/krb5.conf --- soapui-4.5.1_orig/src/dist_standalone/bin/krb5.conf 1969-12-31 19:00:00.000000000 -0500 +++ soapui-4.5.1/src/dist_standalone/bin/krb5.conf 2013-02-14 22:57:06.000000000 -0500 @@ -0,0 +1,10 @@ +[libdefaults] + default_realm = AD.EXAMPLE.NET + udp_preference_limit = 1 +[realms] + AD.EXAMPLE.NET = { + kdc = KDC.AD.EXAMPLE.NET + } +[domain_realms] +.ad.example.net=AD.EXAMPLE.NET +ad.example.net=AD.EXAMPLE.NET diff -Nurp soapui-4.5.1_orig/src/dist_standalone/bin/login.conf soapui-4.5.1/src/dist_standalone/bin/login.conf --- soapui-4.5.1_orig/src/dist_standalone/bin/login.conf 1969-12-31 19:00:00.000000000 -0500 +++ soapui-4.5.1/src/dist_standalone/bin/login.conf 2013-02-14 22:57:13.000000000 -0500 @@ -0,0 +1,11 @@ +com.sun.security.jgss.login { + com.sun.security.auth.module.Krb5LoginModule required client=TRUE useTicketCache=true; +}; + +com.sun.security.jgss.initiate { + com.sun.security.auth.module.Krb5LoginModule required client=TRUE useTicketCache=true; +}; + +com.sun.security.jgss.accept { + com.sun.security.auth.module.Krb5LoginModule required client=TRUE useTicketCache=true; +}; diff -Nurp soapui-4.5.1_orig/src/dist_standalone/bin/readme_negotiate.txt soapui-4.5.1/src/dist_standalone/bin/readme_negotiate.txt --- soapui-4.5.1_orig/src/dist_standalone/bin/readme_negotiate.txt 1969-12-31 19:00:00.000000000 -0500 +++ soapui-4.5.1/src/dist_standalone/bin/readme_negotiate.txt 2013-02-14 23:03:57.000000000 -0500 @@ -0,0 +1,4 @@ +Important: +1. Before you use Negotiate Authentication, configure krb5.conf. +2. On a Windows client please add the registery key and set the value as specified in allowtgtsessionkey.reg if not done already. +3. If you are using Windows Vista+ and the logged in user is also an administrator on the machine and UAC is enabled, you should then run soapUI as an Administrator. diff -Nurp soapui-4.5.1_orig/src/dist_standalone/bin/soapui.bat soapui-4.5.1/src/dist_standalone/bin/soapui.bat --- soapui-4.5.1_orig/src/dist_standalone/bin/soapui.bat 2012-06-27 08:00:49.000000000 -0400 +++ soapui-4.5.1/src/dist_standalone/bin/soapui.bat 2013-02-14 22:53:49.000000000 -0500 @@ -24,7 +24,7 @@ rem init classpath @SOAPUICLASSPATHCOMPACT@ rem JVM parameters, modify as appropriate -set JAVA_OPTS=-Xms128m -Xmx1024m -Dsoapui.properties=soapui.properties "-Dsoapui.home=%SOAPUI_HOME%\" +set JAVA_OPTS=-Xms128m -Xmx1024m -Dsoapui.properties=soapui.properties "-Dsoapui.home=%SOAPUI_HOME%\" -Djava.security.auth.login.config=login.cong -Djava.security.krb5.conf=krb5.conf -Djavax.security.auth.useSubjectCredsOnly=false if "%SOAPUI_HOME%" == "" goto START set JAVA_OPTS=%JAVA_OPTS% -Dsoapui.ext.libraries="%SOAPUI_HOME%ext" diff -Nurp soapui-4.5.1_orig/src/dist_standalone/bin/soapui.sh soapui-4.5.1/src/dist_standalone/bin/soapui.sh --- soapui-4.5.1_orig/src/dist_standalone/bin/soapui.sh 2012-06-27 08:00:50.000000000 -0400 +++ soapui-4.5.1/src/dist_standalone/bin/soapui.sh 2013-02-14 22:55:20.000000000 -0500 @@ -37,7 +37,7 @@ fi export SOAPUI_CLASSPATH -JAVA_OPTS="-Xms128m -Xmx1024m -Dsoapui.properties=soapui.properties -Dgroovy.source.encoding=iso-8859-1 -Dsoapui.home=$SOAPUI_HOME/bin" +JAVA_OPTS="-Xms128m -Xmx1024m -Dsoapui.properties=soapui.properties -Dgroovy.source.encoding=iso-8859-1 -Dsoapui.home=$SOAPUI_HOME/bin" -Djava.security.auth.login.config=login.cong -Djava.security.krb5.conf=krb5.conf -Djavax.security.auth.useSubjectCredsOnly=false if [ $SOAPUI_HOME != "" ] then JAVA_OPTS="$JAVA_OPTS -Dsoapui.ext.libraries=$SOAPUI_HOME/bin/ext" diff -Nurp soapui-4.5.1_orig/src/java/com/eviware/soapui/impl/wsdl/endpoint/DefaultEndpointStrategy.java soapui-4.5.1/src/java/com/eviware/soapui/impl/wsdl/endpoint/DefaultEndpointStrategy.java --- soapui-4.5.1_orig/src/java/com/eviware/soapui/impl/wsdl/endpoint/DefaultEndpointStrategy.java 2012-06-27 08:00:50.000000000 -0400 +++ soapui-4.5.1/src/java/com/eviware/soapui/impl/wsdl/endpoint/DefaultEndpointStrategy.java 2013-02-14 15:20:09.000000000 -0500 @@ -266,6 +266,11 @@ public class DefaultEndpointStrategy imp } } } + else if ( authType.equals( AuthType.NTLM_KERBEROS ) ) + { + HttpAuthenticationRequestFilter.initRequestCredentials( context, null, project.getSettings(), null, null, authType); + } + } private void copyToRequest( SubmitContext context, AbstractHttpRequestInterface wsdlRequest, @@ -327,6 +332,10 @@ public class DefaultEndpointStrategy imp HttpAuthenticationRequestFilter.initRequestCredentials( context, username, project.getSettings(), password, domain, authType ); } + else if ( !StringUtils.hasContent( wssType ) && authType.equals( AuthType.NTLM_KERBEROS ) ) + { + HttpAuthenticationRequestFilter.initRequestCredentials( context, null, project.getSettings(), null, null, authType); + } else if( StringUtils.hasContent( wssType ) || StringUtils.hasContent( wssTimeToLive ) ) { try diff -Nurp soapui-4.5.1_orig/src/java/com/eviware/soapui/impl/wsdl/submit/filters/HttpAuthenticationRequestFilter.java soapui-4.5.1/src/java/com/eviware/soapui/impl/wsdl/submit/filters/HttpAuthenticationRequestFilter.java --- soapui-4.5.1_orig/src/java/com/eviware/soapui/impl/wsdl/submit/filters/HttpAuthenticationRequestFilter.java 2012-06-27 08:00:51.000000000 -0400 +++ soapui-4.5.1/src/java/com/eviware/soapui/impl/wsdl/submit/filters/HttpAuthenticationRequestFilter.java 2013-02-14 22:44:00.000000000 -0500 @@ -14,6 +14,7 @@ package com.eviware.soapui.impl.wsdl.sub import java.net.InetAddress; import java.net.UnknownHostException; +import java.security.Principal; import org.apache.http.Header; import org.apache.http.auth.AuthScope; @@ -146,12 +147,27 @@ public class HttpAuthenticationRequestFi } else if( AuthPolicy.BASIC.equalsIgnoreCase( authScope.getScheme() ) || AuthPolicy.DIGEST.equalsIgnoreCase( authScope.getScheme() ) - || AuthPolicy.SPNEGO.equalsIgnoreCase( authScope.getScheme() ) ) + /*|| AuthPolicy.SPNEGO.equalsIgnoreCase( authScope.getScheme() ) */) { logger.info( authScope.getHost() + ":" + authScope.getPort() + " requires authentication with the realm '" + authScope.getRealm() + "'" ); return new UsernamePasswordCredentials( username, password ); } + else if( AuthPolicy.SPNEGO.equalsIgnoreCase( authScope.getScheme() ) ) + { + logger.info("Passing null credentials for SPNEGO"); + return new Credentials() + { + public String getPassword() + { + return null; + } + public Principal getUserPrincipal() + { + return null; + } + }; + } } finally { diff -Nurp soapui-4.5.1_orig/src/java/com/eviware/soapui/impl/wsdl/submit/filters/WsdlRequestCredentialsProvider.java soapui-4.5.1/src/java/com/eviware/soapui/impl/wsdl/submit/filters/WsdlRequestCredentialsProvider.java --- soapui-4.5.1_orig/src/java/com/eviware/soapui/impl/wsdl/submit/filters/WsdlRequestCredentialsProvider.java 2012-06-27 08:00:50.000000000 -0400 +++ soapui-4.5.1/src/java/com/eviware/soapui/impl/wsdl/submit/filters/WsdlRequestCredentialsProvider.java 2013-02-14 22:42:07.000000000 -0500 @@ -14,6 +14,7 @@ package com.eviware.soapui.impl.wsdl.sub import java.net.InetAddress; import java.net.UnknownHostException; +import java.security.Principal; import org.apache.http.auth.AuthScope; import org.apache.http.auth.Credentials; @@ -79,12 +80,27 @@ public final class WsdlRequestCredential } else if( AuthPolicy.BASIC.equalsIgnoreCase( authScope.getScheme() ) || AuthPolicy.DIGEST.equalsIgnoreCase( authScope.getScheme() ) - || AuthPolicy.SPNEGO.equalsIgnoreCase( authScope.getScheme() ) ) + /*|| AuthPolicy.SPNEGO.equalsIgnoreCase( authScope.getScheme() )*/ ) { logger.info( authScope.getHost() + ":" + authScope.getPort() + " requires authentication with the realm '" + authScope.getRealm() + "'" ); return new UsernamePasswordCredentials( wsdlRequest.getUsername(), password ); } + else if( AuthPolicy.SPNEGO.equalsIgnoreCase( authScope.getScheme() ) ) + { + logger.info("Passing null credentials for SPNEGO"); + return new Credentials() + { + public String getPassword() + { + return null; + } + public Principal getUserPrincipal() + { + return null; + } + }; + } } finally { diff -Nurp soapui-4.5.1_orig/src/java/com/eviware/soapui/impl/wsdl/support/http/HeadderRequestInterceptor.java soapui-4.5.1/src/java/com/eviware/soapui/impl/wsdl/support/http/HeadderRequestInterceptor.java --- soapui-4.5.1_orig/src/java/com/eviware/soapui/impl/wsdl/support/http/HeadderRequestInterceptor.java 2012-06-27 08:00:50.000000000 -0400 +++ soapui-4.5.1/src/java/com/eviware/soapui/impl/wsdl/support/http/HeadderRequestInterceptor.java 2013-02-14 01:59:57.000000000 -0500 @@ -42,7 +42,7 @@ public class HeadderRequestInterceptor i HttpRequest original = ( ( RequestWrapper )request ).getOriginal(); List
oHeaders = Arrays.asList( original.getAllHeaders() ); for( Header header : wHeaders ) - if( !oHeaders.contains( header ) ) + if( !oHeaders.contains( header ) && !header.getName().equals( "Content-Length" ) ) original.addHeader( header.getName(), header.getValue() ); } diff -Nurp soapui-4.5.1_orig/src/java/com/eviware/soapui/impl/wsdl/support/http/HttpClientSupport.java soapui-4.5.1/src/java/com/eviware/soapui/impl/wsdl/support/http/HttpClientSupport.java --- soapui-4.5.1_orig/src/java/com/eviware/soapui/impl/wsdl/support/http/HttpClientSupport.java 2012-06-27 08:00:51.000000000 -0400 +++ soapui-4.5.1/src/java/com/eviware/soapui/impl/wsdl/support/http/HttpClientSupport.java 2013-02-14 20:22:23.000000000 -0500 @@ -35,6 +35,7 @@ import org.apache.http.conn.scheme.Plain import org.apache.http.conn.scheme.Scheme; import org.apache.http.conn.scheme.SchemeRegistry; import org.apache.http.impl.auth.NTLMSchemeFactory; +import org.apache.http.impl.auth.NegotiateSchemeFactory; import org.apache.http.impl.client.DefaultHttpClient; import org.apache.http.impl.client.RequestWrapper; import org.apache.http.params.CoreConnectionPNames; @@ -215,7 +216,7 @@ public class HttpClientSupport // this interceptor needs to be last one added and executed. httpClient.addRequestInterceptor( new HeadderRequestInterceptor(), httpClient.getRequestInterceptorCount()); httpClient.getAuthSchemes().register( AuthPolicy.NTLM, new NTLMSchemeFactory() ); - httpClient.getAuthSchemes().register( AuthPolicy.SPNEGO, new NTLMSchemeFactory() ); + httpClient.getAuthSchemes().register( AuthPolicy.SPNEGO, new NegotiateSchemeFactory(null, true) ); settings.addSettingsListener( new SSLSettingsListener() ); } diff -Nurp soapui-4.5.1_orig/src/java/com/eviware/soapui/impl/wsdl/support/wsdl/UrlWsdlLoader.java soapui-4.5.1/src/java/com/eviware/soapui/impl/wsdl/support/wsdl/UrlWsdlLoader.java --- soapui-4.5.1_orig/src/java/com/eviware/soapui/impl/wsdl/support/wsdl/UrlWsdlLoader.java 2012-06-27 08:00:49.000000000 -0400 +++ soapui-4.5.1/src/java/com/eviware/soapui/impl/wsdl/support/wsdl/UrlWsdlLoader.java 2013-02-14 22:43:18.000000000 -0500 @@ -20,6 +20,7 @@ import java.net.URL; import java.net.UnknownHostException; import java.util.HashMap; import java.util.Map; +import java.security.Principal; import org.apache.http.auth.AuthScope; import org.apache.http.auth.Credentials; @@ -287,7 +288,7 @@ public class UrlWsdlLoader extends WsdlL pw = ""; if( AuthPolicy.NTLM.equalsIgnoreCase( authScope.getScheme() ) - || AuthPolicy.SPNEGO.equalsIgnoreCase( authScope.getScheme() ) ) + /*|| AuthPolicy.SPNEGO.equalsIgnoreCase( authScope.getScheme() )*/ ) { String workstation = ""; try @@ -324,6 +325,22 @@ public class UrlWsdlLoader extends WsdlL return credentials; } } + else if( AuthPolicy.SPNEGO.equalsIgnoreCase( authScope.getScheme() ) ) + { + log.info("Passing null credentials for SPNEGO"); + return new Credentials() + { + public String getPassword() + { + return null; + } + public Principal getUserPrincipal() + { + return null; + } + }; + + } else if( AuthPolicy.BASIC.equalsIgnoreCase( authScope.getScheme() ) || AuthPolicy.DIGEST.equalsIgnoreCase( authScope.getScheme() ) ) {