|
|||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Objectnet.sourceforge.spnego.SpnegoAuthenticator
public final class SpnegoAuthenticator
Handles SPNEGO or Basic authentication.
Package scope is deliberate; this Class MUST NOT be used/referenced directly
outside of this package. Be cautious about who you give a reference to.
Basic Authentication must be enabled through the filter configuration. See
an example web.xml configuration in the installing on tomcat documentation or the
SpnegoHttpFilter
javadoc.
Localhost is supported but must be enabled through the filter configuration. Allowing
requests to come from the DNS http://localhost will obviate the requirement that a
service must have an SPN. Note that Kerberos authentication (if localhost) does
not occur but instead simply returns the System.getProperty("user.name")
or the Server's pre-authentication username.
NTLM tokens are NOT supported. However it is still possible to avoid an error being returned by downgrading the authentication from Negotiate NTLM to Basic Auth.
See the reference docs on how to configure the web.xml to prompt when if a request is being made using NTLM.
Finally, to see a working example and instructions on how to use a keytab, take a look at the creating a server keytab example.
Field Summary | |
---|---|
private boolean |
allowBasic
Flag to indicate if BASIC Auth is allowed. |
private boolean |
allowDelegation
Flag to indicate if credential delegation is allowed. |
private boolean |
allowLocalhost
Flag to skip auth if localhost. |
private boolean |
allowUnsecure
Flag to indicate if non-SSL BASIC Auth allowed. |
private String |
clientModuleName
Login Context module name for client auth. |
private static Lock |
LOCK
GSSContext is not thread-safe. |
private static Logger |
LOGGER
|
private LoginContext |
loginContext
Login Context server uses for pre-authentication. |
private static GSSManager |
MANAGER
Default GSSManager. |
private boolean |
promptIfNtlm
Flag to indicate if NTLM is accepted. |
private GSSCredential |
serverCredentials
Credentials server uses for authenticating requests. |
private KerberosPrincipal |
serverPrincipal
Server Principal used for pre-authentication. |
Constructor Summary | |
---|---|
SpnegoAuthenticator(Map<String,String> config)
Create an authenticator for SPNEGO and/or BASIC authentication. |
|
SpnegoAuthenticator(SpnegoFilterConfig config)
Create an authenticator for SPNEGO and/or BASIC authentication. |
Method Summary | |
---|---|
SpnegoPrincipal |
authenticate(javax.servlet.http.HttpServletRequest req,
SpnegoHttpServletResponse resp)
Returns the KerberosPrincipal of the user/client making the HTTP request. |
void |
dispose()
Logout. |
private SpnegoPrincipal |
doBasicAuth(SpnegoAuthScheme scheme,
SpnegoHttpServletResponse resp)
Performs authentication using the BASIC Auth mechanism. |
private SpnegoPrincipal |
doLocalhost()
|
private SpnegoPrincipal |
doSpnegoAuth(SpnegoAuthScheme scheme,
SpnegoHttpServletResponse resp)
Performs authentication using the SPNEGO mechanism. |
private boolean |
isLocalhost(javax.servlet.http.HttpServletRequest req)
Returns true if HTTP request is from the same host (localhost). |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait |
Field Detail |
---|
private static final Logger LOGGER
private static final Lock LOCK
private static final GSSManager MANAGER
private final transient boolean allowBasic
private final transient boolean allowDelegation
private final transient boolean allowLocalhost
private final transient boolean allowUnsecure
private final transient boolean promptIfNtlm
private final transient String clientModuleName
private final transient LoginContext loginContext
private final transient GSSCredential serverCredentials
private final transient KerberosPrincipal serverPrincipal
Constructor Detail |
---|
public SpnegoAuthenticator(SpnegoFilterConfig config) throws LoginException, GSSException, PrivilegedActionException
config
- servlet filter initialization parameters
LoginException
GSSException
PrivilegedActionException
public SpnegoAuthenticator(Map<String,String> config) throws LoginException, GSSException, PrivilegedActionException, FileNotFoundException, URISyntaxException
The ExampleSpnegoAuthenticatorValve.java demonstrates a working example of how to use this constructor.
Example of some Map keys and values:
Map map = new HashMap(); map.put("spnego.krb5.conf", "krb5.conf"); map.put("spnego.allow.basic", "true"); map.put("spnego.preauth.username", "dfelix"); map.put("spnego.preauth.password", "myp@s5"); ... SpnegoAuthenticator authenticator = new SpnegoAuthenticator(map); ...
config
-
LoginException
GSSException
PrivilegedActionException
FileNotFoundException
URISyntaxException
Method Detail |
---|
public SpnegoPrincipal authenticate(javax.servlet.http.HttpServletRequest req, SpnegoHttpServletResponse resp) throws GSSException, IOException
Null may be returned if client did not provide auth info.
Method will throw UnsupportedOperationException if client authz request is NOT "Negotiate" or "Basic".
req
- servlet requestresp
- servlet response
GSSException
IOException
public void dispose()
Generally, instantiators of this class should be the only to call dispose() as it indicates that this class will no longer be used.
private SpnegoPrincipal doBasicAuth(SpnegoAuthScheme scheme, SpnegoHttpServletResponse resp) throws IOException
Returns null if authentication failed or if the provided the auth scheme did not contain BASIC Auth data/token.
IOException
private SpnegoPrincipal doLocalhost()
private SpnegoPrincipal doSpnegoAuth(SpnegoAuthScheme scheme, SpnegoHttpServletResponse resp) throws GSSException, IOException
Returns null if authentication failed or if the provided the auth scheme did not contain the SPNEGO/GSS token.
GSSException
IOException
private boolean isLocalhost(javax.servlet.http.HttpServletRequest req)
req
- servlet request
|
|||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |