Skip to content

feat: add support for enterprise principal login in SpnegoClient with…#107

Merged
bedrin merged 2 commits into
masterfrom
feature/enterprise-principal
Jun 8, 2026
Merged

feat: add support for enterprise principal login in SpnegoClient with…#107
bedrin merged 2 commits into
masterfrom
feature/enterprise-principal

Conversation

@bedrin

@bedrin bedrin commented Jun 8, 2026

Copy link
Copy Markdown
Owner

… Kerby provider

@bedrin
feat: add support for enterprise principal login in SpnegoClient with…
f9c9970 
… Kerby provider

Signed-off-by: Dmitry Bedrin <dmitry.bedrin@gmail.com>
Copilot AI review requested due to automatic review settings June 8, 2026 10:37
Copilot AI reviewed Jun 8, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a new SpnegoClient login factory for enterprise principal usernames (e.g., AD UPNs like user@corp.example) backed by the Apache Kerby provider, enabling NT_ENTERPRISE-style AS-REQs while keeping the JDK provider behavior unchanged (explicitly unsupported).

Changes:

  • Added SpnegoClient.loginWithEnterprisePrincipal(...) with optional caching support, delegating to the selected SpnegoClientProvider.
  • Implemented enterprise-principal TGT acquisition in the Kerby provider and added coverage for both Kerby (supported) and JDK (unsupported) providers.
  • Updated documentation (README + CHANGES) to describe enterprise principal usage and provider limitations.

Reviewed changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
README.md Documents enterprise principal login usage and clarifies Kerby vs JDK provider behavior.
kerb4j-common/src/main/java/com/kerb4j/client/SpnegoClient.java Adds loginWithEnterprisePrincipal(...) factory and extends cache keying to distinguish auth types.
kerb4j-common/src/main/java/com/kerb4j/client/spi/SpnegoClientProvider.java Introduces a default loginWithEnterprisePrincipal(...) SPI method (unsupported by default).
kerb4j-client-kerby/src/main/java/com/kerb4j/client/kerby/KerbySpnegoClientProvider.java Implements enterprise-principal authentication using Kerby internal client request options.
kerb4j-client-kerby/src/test/java/com/kerb4j/client/kerby/KerbySpnegoClientProviderTest.java Adds an integration-style test verifying enterprise principal token creation/acceptance with Kerby.
kerb4j-client-jdk/src/main/java/com/kerb4j/client/jdk/JdkSpnegoClientProvider.java Explicitly rejects enterprise principal login with UnsupportedOperationException.
kerb4j-client-jdk/src/test/java/com/kerb4j/client/jdk/JdkSpnegoClientProviderTest.java Adds a test asserting enterprise principal login is unsupported on the JDK provider.
CHANGES.md Adds release notes entry for the new enterprise principal login factory.

Comment thread kerb4j-common/src/main/java/com/kerb4j/client/spi/SpnegoClientProvider.java
Comment thread kerb4j-common/src/main/java/com/kerb4j/client/SpnegoClient.java
Comment on lines 324 to 332
private static final class CacheKey extends AbstractMap.SimpleEntry<String, String> {
private final String type;
private final String provider;

private CacheKey(String provider, String key, String value) {
private CacheKey(String type, String provider, String key, String value) {
super(key, value);
this.type = type;
this.provider = provider;
}
@bedrin
Potential fix for pull request finding
ba0ddf7 
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
@bedrin bedrin merged commit 3ea8df5 into master Jun 8, 2026
11 checks passed
@bedrin bedrin deleted the feature/enterprise-principal branch June 8, 2026 13:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@bedrin