Class SpnegoAuthenticator
- java.lang.Object
-
- org.apache.catalina.util.LifecycleBase
-
- org.apache.catalina.util.LifecycleMBeanBase
-
- org.apache.catalina.valves.ValveBase
-
- org.apache.catalina.authenticator.AuthenticatorBase
-
- org.apache.catalina.authenticator.SpnegoAuthenticator
-
- All Implemented Interfaces:
RegistrationListener
,javax.management.MBeanRegistration
,Authenticator
,Contained
,JmxEnabled
,Lifecycle
,Valve
public class SpnegoAuthenticator extends AuthenticatorBase
A SPNEGO authenticator that uses the SPNEGO/Kerberos support built in to Java 6. Successful Kerberos authentication depends on the correct configuration of multiple components. If the configuration is invalid, the error messages are often cryptic although a Google search will usually point you in the right direction.
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description static class
SpnegoAuthenticator.AcceptAction
This class gets a gss credential via a privileged action.static class
SpnegoAuthenticator.AuthenticateAction
static class
SpnegoAuthenticator.SpnegoTokenFixer
This class implements a hack around an incompatibility between the SPNEGO implementation in Windows and the SPNEGO implementation in Java 8 update 40 onwards.-
Nested classes/interfaces inherited from class org.apache.catalina.authenticator.AuthenticatorBase
AuthenticatorBase.AllowCorsPreflight
-
Nested classes/interfaces inherited from interface org.apache.catalina.Lifecycle
Lifecycle.SingleUse
-
-
Field Summary
-
Fields inherited from class org.apache.catalina.authenticator.AuthenticatorBase
alwaysUseSession, AUTH_HEADER_NAME, cache, changeSessionIdOnAuthentication, context, disableProxyCaching, jaspicCallbackHandlerClass, REALM_NAME, securePagesWithPragma, secureRandomAlgorithm, secureRandomClass, secureRandomProvider, sendAuthInfoResponseHeaders, sessionIdGenerator, sm, sso
-
Fields inherited from class org.apache.catalina.valves.ValveBase
asyncSupported, container, containerLog, next
-
Fields inherited from interface org.apache.catalina.Lifecycle
AFTER_DESTROY_EVENT, AFTER_INIT_EVENT, AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_DESTROY_EVENT, BEFORE_INIT_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, CONFIGURE_START_EVENT, CONFIGURE_STOP_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT
-
-
Constructor Summary
Constructors Constructor Description SpnegoAuthenticator()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected boolean
doAuthenticate(Request request, HttpServletResponse response)
Provided for sub-classes to implement their specific authentication mechanism.boolean
getApplyJava8u40Fix()
protected java.lang.String
getAuthMethod()
java.lang.String
getLoginConfigName()
java.lang.String
getNoKeepAliveUserAgents()
protected void
initInternal()
Sub-classes wishing to perform additional initialization should override this method, ensuring that super.initInternal() is the first call in the overriding method.protected boolean
isPreemptiveAuthPossible(Request request)
Can the authenticator perform preemptive authentication for the given request?boolean
isStoreDelegatedCredential()
void
setApplyJava8u40Fix(boolean applyJava8u40Fix)
void
setLoginConfigName(java.lang.String loginConfigName)
void
setNoKeepAliveUserAgents(java.lang.String noKeepAliveUserAgents)
void
setStoreDelegatedCredential(boolean storeDelegatedCredential)
-
Methods inherited from class org.apache.catalina.authenticator.AuthenticatorBase
allowCorsPreflightBypass, associate, authenticate, changeSessionID, checkForCachedAuthentication, doLogin, getAllowCorsPreflight, getAlwaysUseSession, getCache, getChangeSessionIdOnAuthentication, getContainer, getDisableProxyCaching, getJaspicCallbackHandlerClass, getRealmName, getSecurePagesWithPragma, getSecureRandomAlgorithm, getSecureRandomClass, getSecureRandomProvider, invoke, isContinuationRequired, isSendAuthInfoResponseHeaders, login, logout, notify, reauthenticateFromSSO, register, register, setAllowCorsPreflight, setAlwaysUseSession, setCache, setChangeSessionIdOnAuthentication, setContainer, setDisableProxyCaching, setJaspicCallbackHandlerClass, setSecurePagesWithPragma, setSecureRandomAlgorithm, setSecureRandomClass, setSecureRandomProvider, setSendAuthInfoResponseHeaders, startInternal, stopInternal
-
Methods inherited from class org.apache.catalina.valves.ValveBase
backgroundProcess, getDomainInternal, getNext, getObjectNameKeyProperties, isAsyncSupported, setAsyncSupported, setNext, toString
-
Methods inherited from class org.apache.catalina.util.LifecycleMBeanBase
destroyInternal, getDomain, getObjectName, postDeregister, postRegister, preDeregister, preRegister, register, setDomain, unregister, unregister
-
Methods inherited from class org.apache.catalina.util.LifecycleBase
addLifecycleListener, destroy, findLifecycleListeners, fireLifecycleEvent, getState, getStateName, getThrowOnFailure, init, removeLifecycleListener, setState, setState, setThrowOnFailure, start, stop
-
-
-
-
Method Detail
-
getLoginConfigName
public java.lang.String getLoginConfigName()
-
setLoginConfigName
public void setLoginConfigName(java.lang.String loginConfigName)
-
isStoreDelegatedCredential
public boolean isStoreDelegatedCredential()
-
setStoreDelegatedCredential
public void setStoreDelegatedCredential(boolean storeDelegatedCredential)
-
getNoKeepAliveUserAgents
public java.lang.String getNoKeepAliveUserAgents()
-
setNoKeepAliveUserAgents
public void setNoKeepAliveUserAgents(java.lang.String noKeepAliveUserAgents)
-
getApplyJava8u40Fix
public boolean getApplyJava8u40Fix()
-
setApplyJava8u40Fix
public void setApplyJava8u40Fix(boolean applyJava8u40Fix)
-
getAuthMethod
protected java.lang.String getAuthMethod()
- Specified by:
getAuthMethod
in classAuthenticatorBase
-
initInternal
protected void initInternal() throws LifecycleException
Description copied from class:LifecycleMBeanBase
Sub-classes wishing to perform additional initialization should override this method, ensuring that super.initInternal() is the first call in the overriding method.- Overrides:
initInternal
in classValveBase
- Throws:
LifecycleException
- If the initialisation fails
-
doAuthenticate
protected boolean doAuthenticate(Request request, HttpServletResponse response) throws java.io.IOException
Description copied from class:AuthenticatorBase
Provided for sub-classes to implement their specific authentication mechanism.- Specified by:
doAuthenticate
in classAuthenticatorBase
- Parameters:
request
- The request that triggered the authenticationresponse
- The response associated with the request- Returns:
true
if the the user was authenticated, otherwisefalse
, in which case an authentication challenge will have been written to the response- Throws:
java.io.IOException
- If an I/O problem occurred during the authentication process
-
isPreemptiveAuthPossible
protected boolean isPreemptiveAuthPossible(Request request)
Description copied from class:AuthenticatorBase
Can the authenticator perform preemptive authentication for the given request?- Overrides:
isPreemptiveAuthPossible
in classAuthenticatorBase
- Parameters:
request
- The request to check for credentials- Returns:
true
if preemptive authentication is possible, otherwisefalse
-
-