Login issues with Spring Boot 3.3

[eu-rlarsen]

The artifact is working fine with latest Spring Boot 3.2.6 - but if we upgrade to Spring Boot 3.3.0, then it looks like the user / password is missing, and we get a 401.

Our code has been set up and used as in this sample: https://github.com/spring-projects/spring-security-kerberos/blob/main/spring-security-kerberos-samples/sec-client-rest-template/src/main/java/demo/app/Application.java

[Jeffrey-Hassan]

I'm thinking this might be related to Apache deprecating (soon dropping?) support for SPNEGO, Kerberos, and NTLM: https://github.com/apache/httpcomponents-client/commit/2176eb386104a8d8f7587bb6a7a732b5072c8bfa

There's currently a workaround we've implemented, essentially having to copy the buildHttpClient() out of KerberosRestTemplate and add the following line:

builder.setDefaultRequestConfig(
        RequestConfig.copy(RequestConfig.DEFAULT)
            .setTargetPreferredAuthSchemes(List.of(StandardAuthScheme.SPNEGO))
            .build());

This seems to work ... but given the deprecated status, I'm wondering if Spring Security team can look into alternatives to Apache HttpClient for this work?

[eu-rlarsen]

@Jeffrey-Hassan Thanks - I'll have a look at it, and see I can get it to work as well - as a workaround

[eu-rlarsen]

The workaround from @Jeffrey-Hassan is working fine in our code too, after a small reorganization, because we were setting some timeouts on the HttpClient too, and this set up and the buildHttpClient() are now combined - and yeah an alternatives to Apache HttpClient need to be found.

[rwinch]

I've pushed an update to main which will be in the next release

[jwanglof]

Do you have an ETA when will the next release be published? :)