Kerberos/Spnego/Tomcat/Jira Rest Api

Hello

Following the ticket (Kerberos/Spnego/Tomcat/Jira 7 Integration : how to bypass login process?), I wanted to write a test client to access JIRA Rest API with Kerberos authentication, more specifically with cached Kerberos ticket.

No succcess with Spring and KerberosRestTemplate.
Some success with HttpComponents (httpclient-win) but complex code.
Great success with Waffle and Atlassian Jira Rest Java Client.

Here’s the method to get a cached Kerberos ticket :

	public static String getKrbToken(String aTargetSPName) {
		if (StringUtils.isEmpty(StringUtils.trim(aTargetSPName))) {
			return null;
		}
		return BaseEncoding.base64()
				.encode(WindowsSecurityContextImpl.getCurrent(securityPackage, aTargetSPName).getToken());
	}

Then, the call for the Rest API :

		WebResource webResource = Client.create().resource(restURL);
		ClientResponse clientResponse = webResource
				.header("Authorization", "Negotiate " + WindowsAuthenticator.getKrbToken(JiraRestClient.SPN))
				.type(MediaType.APPLICATION_JSON).accept(MediaType.APPLICATION_JSON).get(ClientResponse.class);

where restURL is the full url for the rest service you want to access.

or

		WebResource webResource = Client.create().resource(restURL);
		ClientResponse clientResponse = webResource
				.header("Authorization", "Negotiate " + WindowsAuthenticator.getKrbToken(JiraRestClient.SPN))
				.type(MediaType.APPLICATION_JSON).accept(MediaType.APPLICATION_JSON)
				.post(ClientResponse.class, jsonReq);

where jsonReq is your String variable containing the input json stream, and JiraRestClient.SPN, the final variable containing the SPN matching the keytab file on the server side.

or

		WebResource webResource = Client.create().resource(restURL);
		ClientResponse clientResponse = webResource
				.header("Authorization", "Negotiate " + WindowsAuthenticator.getKrbToken(JiraRestClient.SPN))
				.type(MediaType.APPLICATION_JSON).accept(MediaType.APPLICATION_JSON).put(ClientResponse.class, jsonReq);

Then the code to get the response :

String jsonResp = new String(IOUtils.toString(clientResponse.getEntityInputStream()).getBytes(), "UTF-8");

Good luck !

It works fine. I achieved a JUnit test that creates a ticket in Jira in a named project and makes the ticket go through the workflow.