org.apache.catalina.authenticator

Class SpnegoAuthenticator

java.lang.Object

org.apache.catalina.util.LifecycleBase

org.apache.catalina.util.LifecycleMBeanBase

org.apache.catalina.valves.ValveBase

org.apache.catalina.authenticator.AuthenticatorBase

org.apache.catalina.authenticator.SpnegoAuthenticator

All Implemented Interfaces:

javax.management.MBeanRegistration, RegistrationListener, Authenticator, Contained, JmxEnabled, Lifecycle, Valve

public class SpnegoAuthenticator
extends AuthenticatorBase

A SPNEGO authenticator that uses the SPNEGO/Kerberos support built in to Java 6. Successful Kerberos authentication depends on the correct configuration of multiple components. If the configuration is invalid, the error messages are often cryptic although a Google search will usually point you in the right direction.

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	SpnegoAuthenticator.AcceptAction This class gets a gss credential via a privileged action.
static class	SpnegoAuthenticator.AuthenticateAction
static class	SpnegoAuthenticator.SpnegoTokenFixer This class implements a hack around an incompatibility between the SPNEGO implementation in Windows and the SPNEGO implementation in Java 8 update 40 onwards.

Nested classes/interfaces inherited from class org.apache.catalina.authenticator.AuthenticatorBase

AuthenticatorBase.AllowCorsPreflight

Nested classes/interfaces inherited from interface org.apache.catalina.Lifecycle

Lifecycle.SingleUse

Field Summary

Fields inherited from class org.apache.catalina.authenticator.AuthenticatorBase

alwaysUseSession, AUTH_HEADER_NAME, cache, changeSessionIdOnAuthentication, context, disableProxyCaching, jaspicCallbackHandlerClass, REALM_NAME, securePagesWithPragma, secureRandomAlgorithm, secureRandomClass, secureRandomProvider, sendAuthInfoResponseHeaders, sessionIdGenerator, sm, sso

Fields inherited from class org.apache.catalina.valves.ValveBase

asyncSupported, container, containerLog, next

Fields inherited from class org.apache.catalina.util.LifecycleMBeanBase

mserver

Fields inherited from interface org.apache.catalina.Lifecycle

AFTER_DESTROY_EVENT, AFTER_INIT_EVENT, AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_DESTROY_EVENT, BEFORE_INIT_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, CONFIGURE_START_EVENT, CONFIGURE_STOP_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT

Constructor Summary

Constructors

Constructor and Description
SpnegoAuthenticator()

Method Summary

Modifier and Type	Method and Description
protected boolean	doAuthenticate(Request request, HttpServletResponse response) Provided for sub-classes to implement their specific authentication mechanism.
boolean	getApplyJava8u40Fix()
protected java.lang.String	getAuthMethod() Return the authentication method, which is vendor-specific and not defined by HttpServletRequest.
java.lang.String	getLoginConfigName()
java.lang.String	getNoKeepAliveUserAgents()
protected void	initInternal() Sub-classes wishing to perform additional initialization should override this method, ensuring that super.initInternal() is the first call in the overriding method.
protected boolean	isPreemptiveAuthPossible(Request request) Can the authenticator perform preemptive authentication for the given request?
boolean	isStoreDelegatedCredential()
void	setApplyJava8u40Fix(boolean applyJava8u40Fix)
void	setLoginConfigName(java.lang.String loginConfigName)
void	setNoKeepAliveUserAgents(java.lang.String noKeepAliveUserAgents)
void	setStoreDelegatedCredential(boolean storeDelegatedCredential)

Methods inherited from class org.apache.catalina.authenticator.AuthenticatorBase

allowCorsPreflightBypass, associate, authenticate, changeSessionID, checkForCachedAuthentication, doLogin, getAllowCorsPreflight, getAlwaysUseSession, getCache, getChangeSessionIdOnAuthentication, getContainer, getDisableProxyCaching, getJaspicCallbackHandlerClass, getRealmName, getSecurePagesWithPragma, getSecureRandomAlgorithm, getSecureRandomClass, getSecureRandomProvider, invoke, isContinuationRequired, isSendAuthInfoResponseHeaders, login, logout, notify, reauthenticateFromSSO, register, register, setAllowCorsPreflight, setAlwaysUseSession, setCache, setChangeSessionIdOnAuthentication, setContainer, setDisableProxyCaching, setJaspicCallbackHandlerClass, setSecurePagesWithPragma, setSecureRandomAlgorithm, setSecureRandomClass, setSecureRandomProvider, setSendAuthInfoResponseHeaders, startInternal, stopInternal

Methods inherited from class org.apache.catalina.valves.ValveBase

backgroundProcess, getDomainInternal, getNext, getObjectNameKeyProperties, isAsyncSupported, setAsyncSupported, setNext, toString

Methods inherited from class org.apache.catalina.util.LifecycleMBeanBase

destroyInternal, getDomain, getObjectName, postDeregister, postRegister, preDeregister, preRegister, register, setDomain, unregister, unregister

Methods inherited from class org.apache.catalina.util.LifecycleBase

addLifecycleListener, destroy, findLifecycleListeners, fireLifecycleEvent, getState, getStateName, getThrowOnFailure, init, removeLifecycleListener, setState, setState, setThrowOnFailure, start, stop

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Detail

SpnegoAuthenticator

public SpnegoAuthenticator()

Method Detail

getLoginConfigName

public java.lang.String getLoginConfigName()

setLoginConfigName

public void setLoginConfigName(java.lang.String loginConfigName)

isStoreDelegatedCredential

public boolean isStoreDelegatedCredential()

setStoreDelegatedCredential

public void setStoreDelegatedCredential(boolean storeDelegatedCredential)

getNoKeepAliveUserAgents

public java.lang.String getNoKeepAliveUserAgents()

setNoKeepAliveUserAgents

public void setNoKeepAliveUserAgents(java.lang.String noKeepAliveUserAgents)

getApplyJava8u40Fix

public boolean getApplyJava8u40Fix()

setApplyJava8u40Fix

public void setApplyJava8u40Fix(boolean applyJava8u40Fix)

getAuthMethod

protected java.lang.String getAuthMethod()

Description copied from class: AuthenticatorBase

Return the authentication method, which is vendor-specific and not defined by HttpServletRequest.

Specified by:

getAuthMethod in class AuthenticatorBase

Returns:

the authentication method, which is vendor-specific and not defined by HttpServletRequest.

initInternal

protected void initInternal()
                     throws LifecycleException

Description copied from class: LifecycleMBeanBase

Sub-classes wishing to perform additional initialization should override this method, ensuring that super.initInternal() is the first call in the overriding method.

Overrides:

initInternal in class ValveBase

Throws:

LifecycleException - If the initialisation fails

doAuthenticate

protected boolean doAuthenticate(Request request,
                                 HttpServletResponse response)
                          throws java.io.IOException

Description copied from class: AuthenticatorBase

Provided for sub-classes to implement their specific authentication mechanism.

Specified by:

doAuthenticate in class AuthenticatorBase

Parameters:

request - The request that triggered the authentication

response - The response associated with the request

Returns:

true if the the user was authenticated, otherwise false, in which case an authentication challenge will have been written to the response

Throws:

java.io.IOException - If an I/O problem occurred during the authentication process

isPreemptiveAuthPossible

protected boolean isPreemptiveAuthPossible(Request request)

Description copied from class: AuthenticatorBase

Can the authenticator perform preemptive authentication for the given request?

Overrides:

isPreemptiveAuthPossible in class AuthenticatorBase

Parameters:

request - The request to check for credentials

Returns:

true if preemptive authentication is possible, otherwise false