diff --git a/client/pom.xml b/client/pom.xml
index b2e551d5a..fce6b75ca 100644
--- a/client/pom.xml
+++ b/client/pom.xml
@@ -19,7 +19,7 @@
org.asynchttpclient
async-http-client-project
- 3.0.1
+ 3.0.1.Apica.1
4.0.0
diff --git a/client/src/main/java/org/asynchttpclient/netty/handler/intercept/ProxyUnauthorized407Interceptor.java b/client/src/main/java/org/asynchttpclient/netty/handler/intercept/ProxyUnauthorized407Interceptor.java
index b30f6bbd9..07d2de710 100644
--- a/client/src/main/java/org/asynchttpclient/netty/handler/intercept/ProxyUnauthorized407Interceptor.java
+++ b/client/src/main/java/org/asynchttpclient/netty/handler/intercept/ProxyUnauthorized407Interceptor.java
@@ -144,6 +144,7 @@ public boolean exitAfterHandling407(Channel channel, NettyResponseFuture futu
try {
kerberosProxyChallenge(proxyRealm, proxyServer, requestHeaders);
} catch (SpnegoEngineException e) {
+ LOGGER.error("Kerberos/Spnego proxy auth failed", e);
String ntlmHeader2 = getHeaderWithPrefix(proxyAuthHeaders, "NTLM");
if (ntlmHeader2 != null) {
LOGGER.warn("Kerberos/Spnego proxy auth failed, proceeding with NTLM");
diff --git a/client/src/main/java/org/asynchttpclient/netty/request/NettyRequestFactory.java b/client/src/main/java/org/asynchttpclient/netty/request/NettyRequestFactory.java
index 67d9a67be..a3a1fa5a8 100755
--- a/client/src/main/java/org/asynchttpclient/netty/request/NettyRequestFactory.java
+++ b/client/src/main/java/org/asynchttpclient/netty/request/NettyRequestFactory.java
@@ -242,7 +242,10 @@ public NettyRequest newNettyRequest(Request request, boolean performConnectReque
}
// don't override authorization but append
- addAuthorizationHeader(headers, perRequestAuthorizationHeader(request, realm));
+ // set authorization header only for target requests
+ if (!connect) {
+ addAuthorizationHeader(headers, perRequestAuthorizationHeader(request, realm));
+ }
// only set proxy auth on request over plain HTTP, or when performing CONNECT
if (!uri.isSecured() || connect) {
setProxyAuthorizationHeader(headers, perRequestProxyAuthorizationHeader(request, proxyRealm));
diff --git a/client/src/main/java/org/asynchttpclient/spnego/SpnegoEngine.java b/client/src/main/java/org/asynchttpclient/spnego/SpnegoEngine.java
index d67d923bb..8435109e1 100644
--- a/client/src/main/java/org/asynchttpclient/spnego/SpnegoEngine.java
+++ b/client/src/main/java/org/asynchttpclient/spnego/SpnegoEngine.java
@@ -156,10 +156,9 @@ public String generateToken(String host) throws SpnegoEngineException {
// Try SPNEGO by default, fall back to Kerberos later if error
negotiationOid = new Oid(SPNEGO_OID);
- String spn = getCompleteServicePrincipalName(host);
try {
GSSManager manager = GSSManager.getInstance();
- GSSName serverName = manager.createName(spn, GSSName.NT_HOSTBASED_SERVICE);
+ GSSName serverName = getCompleteGSSName(host, manager);
GSSCredential myCred = null;
if (username != null || loginContextName != null || customLoginConfig != null && !customLoginConfig.isEmpty()) {
String contextName = loginContextName;
@@ -195,7 +194,7 @@ public String generateToken(String host) throws SpnegoEngineException {
log.debug("Using Kerberos MECH {}", KERBEROS_OID);
negotiationOid = new Oid(KERBEROS_OID);
GSSManager manager = GSSManager.getInstance();
- GSSName serverName = manager.createName(spn, GSSName.NT_HOSTBASED_SERVICE);
+ GSSName serverName = getCompleteGSSName(host, manager);
gssContext = manager.createContext(serverName.canonicalize(negotiationOid), negotiationOid, null,
GSSContext.DEFAULT_LIFETIME);
gssContext.requestMutualAuth(true);
@@ -244,6 +243,16 @@ public String generateToken(String host) throws SpnegoEngineException {
}
}
+ GSSName getCompleteGSSName(String host, GSSManager manager) throws GSSException {
+ if (servicePrincipalName != null && servicePrincipalName.contains("@")) {
+ log.debug("Service Principal Name is {}", servicePrincipalName);
+ return manager.createName(servicePrincipalName, GSSName.NT_USER_NAME);
+ }
+
+ String spn = getCompleteServicePrincipalName(host);
+ return manager.createName(spn, GSSName.NT_HOSTBASED_SERVICE);
+ }
+
String getCompleteServicePrincipalName(String host) {
String name;
if (servicePrincipalName == null) {
diff --git a/client/src/test/java/org/asynchttpclient/DefaultAsyncHttpClientTest.java b/client/src/test/java/org/asynchttpclient/DefaultAsyncHttpClientTest.java
index fc7a1c2db..c39888494 100644
--- a/client/src/test/java/org/asynchttpclient/DefaultAsyncHttpClientTest.java
+++ b/client/src/test/java/org/asynchttpclient/DefaultAsyncHttpClientTest.java
@@ -23,6 +23,7 @@
import org.asynchttpclient.cookie.CookieEvictionTask;
import org.asynchttpclient.cookie.CookieStore;
import org.asynchttpclient.cookie.ThreadSafeCookieStore;
+import org.junit.jupiter.api.Disabled;
import org.junit.jupiter.api.condition.EnabledOnOs;
import org.junit.jupiter.api.condition.OS;
@@ -57,6 +58,7 @@ public void testNativeTransportWithEpollOnly() throws Exception {
@RepeatedIfExceptionsTest(repeats = 5)
@EnabledOnOs(OS.LINUX)
+ @Disabled // doesn't work on TeamCity Agent
public void testNativeTransportWithoutEpollOnly() throws Exception {
AsyncHttpClientConfig config = config().setUseNativeTransport(true).setUseOnlyEpollNativeTransport(false).build();
try (DefaultAsyncHttpClient client = (DefaultAsyncHttpClient) asyncHttpClient(config)) {
diff --git a/pom.xml b/pom.xml
index 9dfe832a7..a4385ea84 100644
--- a/pom.xml
+++ b/pom.xml
@@ -20,7 +20,7 @@
org.asynchttpclient
async-http-client-project
- 3.0.1
+ 3.0.1.Apica.1
pom
AHC/Project
@@ -71,15 +71,24 @@
+
+ apica-artifacts
+ a0pbpgwdghsu9-artifactory-primary-0-releases
+ https://apica.jfrog.io/artifactory/backend-services-releases
+
- sonatype-nexus-staging
- https://oss.sonatype.org/content/repositories/snapshots
+ snapshots
+ a0pbpgwdghsu9-artifactory-primary-0-snapshots
+ https://apica.jfrog.io/artifactory/backend-services-snapshots
+
+
+
- sonatype-nexus-staging
- https://oss.sonatype.org/service/local/staging/deploy/maven2/
+ backend-services-releases
+ https://apica.jfrog.io/artifactory/backend-services-releases/
-
+
github
@@ -391,7 +400,7 @@
-
+
+ <!– Prevent gpg from using pinentry programs –>
- --pinentry-mode
+ --pinentry-mode
loopback
+ -->