|
|||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectnet.sourceforge.spnego.SpnegoFilterConfig
final class SpnegoFilterConfig
Class that applies/enforces web.xml init params.
These properties are set in the servlet's init params in the web.xml file.>
This class also validates if a keyTab should be used and if all of the LoginModule options have been set.
To see a working example and instructions on how to use a keytab, take a look at the creating a server keytab example.
The class should be used as a Singleton:
SpnegoFilterConfig config = SpnegoFilterConfig.getInstance(filter);
See an example web.xml configuration in the installing on tomcat documentation.
Field Summary | |
---|---|
private boolean |
allowBasic
true if Basic auth should be offered. |
private boolean |
allowDelegation
true if server should support credential delegation requests. |
private boolean |
allowLocalhost
true if request from localhost should not be authenticated. |
private boolean |
allowUnsecure
true if non-ssl for basic auth is allowed. |
private boolean |
canUseKeyTab
true if all req. |
private String |
clientLoginModule
name of the client login module. |
private static SpnegoFilterConfig |
instance
|
private static Logger |
LOGGER
|
private static String |
MISSING_PROPERTY
|
private String |
password
password to domain account. |
private boolean |
promptNtlm
true if instead of err on ntlm token, prompt for username/pass. |
private String |
serverLoginModule
name of the server login module. |
private String |
username
domain account to use for pre-authentication. |
Constructor Summary | |
---|---|
private |
SpnegoFilterConfig()
|
private |
SpnegoFilterConfig(javax.servlet.FilterConfig config)
Class is a Singleton. |
Method Summary | |
---|---|
private void |
doClientModule(String moduleName)
|
private void |
doServerModule(String moduleName)
Set the canUseKeyTab flag by determining if all LoginModule options have been set. |
(package private) boolean |
downgradeNtlm()
Returns true if a client sends an NTLM token and the filter should ask client for a Basic Auth token instead. |
(package private) String |
getClientLoginModule()
Return the value defined in the servlet's init params in the web.xml file. |
(package private) static SpnegoFilterConfig |
getInstance(javax.servlet.FilterConfig config)
Returns the instance of the servlet's config parameters. |
(package private) String |
getPreauthPassword()
Return the password to the pre-authentication domain account. |
(package private) String |
getPreauthUsername()
Return the name of the pre-authentication domain account. |
(package private) String |
getServerLoginModule()
Return the value defined in the servlet's init params in the web.xml file. |
(package private) boolean |
isBasicAllowed()
Returns true if Basic Authentication is allowed. |
(package private) boolean |
isDelegationAllowed()
Returns true if the server should support credential delegation requests. |
(package private) boolean |
isLocalhostAllowed()
Returns true if requests from localhost are allowed. |
(package private) boolean |
isUnsecureAllowed()
Returns true if SSL/TLS is required. |
private boolean |
loginConfExists(String loginconf)
|
private boolean |
moduleExists(String side,
String moduleName)
|
private void |
setBasicSupport(String basic,
String unsecure)
Specify if Basic authentication is allowed and if un-secure/non-ssl Basic should be allowed. |
private void |
setLogLevel(String level)
Specify the logging level. |
private void |
setNtlmSupport(String ntlm)
If request contains NTLM token, specify if a 401 should be sent back to client with Basic Auth as the only available authentication scheme. |
private void |
setUsernamePassword(String usr,
String psswrd)
Set the username and password if specified in web.xml's init params. |
String |
toString()
|
(package private) boolean |
useKeyTab()
Returns true if LoginContext should use keyTab. |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait |
Field Detail |
---|
private static final Logger LOGGER
private static final String MISSING_PROPERTY
private static transient SpnegoFilterConfig instance
private transient boolean allowBasic
private transient boolean allowDelegation
private transient boolean allowLocalhost
private transient boolean allowUnsecure
private transient boolean canUseKeyTab
private transient String clientLoginModule
private transient String password
private transient boolean promptNtlm
private transient String serverLoginModule
private transient String username
Constructor Detail |
---|
private SpnegoFilterConfig()
private SpnegoFilterConfig(javax.servlet.FilterConfig config) throws FileNotFoundException, URISyntaxException
FileNotFoundException
URISyntaxException
Method Detail |
---|
private void doClientModule(String moduleName)
private void doServerModule(String moduleName)
my-spnego-login-module { com.sun.security.auth.module.Krb5LoginModule required storeKey=true useKeyTab=true keyTab="file:///C:/my_path/my_file.keytab" principal="my_preauth_account"; };
moduleName
- boolean downgradeNtlm()
String getClientLoginModule()
String getPreauthPassword()
String getPreauthUsername()
String getServerLoginModule()
static SpnegoFilterConfig getInstance(javax.servlet.FilterConfig config) throws FileNotFoundException, URISyntaxException
config
- FilterConfi from servlet's init method
FileNotFoundException
- if login conf file not found
URISyntaxException
- if path to login conf is badboolean isBasicAllowed()
boolean isDelegationAllowed()
boolean isLocalhostAllowed()
boolean isUnsecureAllowed()
private boolean loginConfExists(String loginconf) throws FileNotFoundException, URISyntaxException
FileNotFoundException
URISyntaxException
private boolean moduleExists(String side, String moduleName)
private void setBasicSupport(String basic, String unsecure)
basic
- true if basic is allowedunsecure
- true if un-secure basic is allowedprivate void setLogLevel(String level)
level
- logging levelprivate void setNtlmSupport(String ntlm)
ntlm
- true/falseprivate void setUsernamePassword(String usr, String psswrd)
usr
- domain accountpsswrd
- the password to the domain account
IllegalArgumentException
- if user/pass AND keyTab setboolean useKeyTab()
public String toString()
toString
in class Object
|
|||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |