Package net.sf.michaelo.tomcat.authenticator

Class SpnegoAuthenticator

java.lang.Object

org.apache.catalina.util.LifecycleBase

org.apache.catalina.util.LifecycleMBeanBase

org.apache.catalina.valves.ValveBase

org.apache.catalina.authenticator.AuthenticatorBase

net.sf.michaelo.tomcat.authenticator.SpnegoAuthenticator

All Implemented Interfaces:

MBeanRegistration, RegistrationListener, Authenticator, Contained, JmxEnabled, Lifecycle, Valve

public class SpnegoAuthenticator
extends AuthenticatorBase

A SPNEGO Authenticator which utilizes GSS-API to authenticate a client.

Nested Class Summary

Nested classes/interfaces inherited from class org.apache.catalina.authenticator.AuthenticatorBase

AuthenticatorBase.AllowCorsPreflight

Nested classes/interfaces inherited from interface org.apache.catalina.Lifecycle

Lifecycle.SingleUse

Field Summary

Fields

Modifier and Type	Field	Description
protected static Oid	KRB5_MECHANISM
protected Log	logger
protected StringManager	sm
protected static String	SPNEGO_AUTH_SCHEME
protected static Oid	SPNEGO_MECHANISM
protected static String	SPNEGO_METHOD

Fields inherited from class org.apache.catalina.authenticator.AuthenticatorBase

alwaysUseSession, AUTH_HEADER_NAME, cache, changeSessionIdOnAuthentication, context, disableProxyCaching, jaspicCallbackHandlerClass, REALM_NAME, securePagesWithPragma, secureRandomAlgorithm, secureRandomClass, secureRandomProvider, sendAuthInfoResponseHeaders, sessionIdGenerator, sso

Fields inherited from class org.apache.catalina.valves.ValveBase

asyncSupported, container, containerLog, next

Fields inherited from class org.apache.catalina.util.LifecycleMBeanBase

mserver

Fields inherited from interface org.apache.catalina.Lifecycle

AFTER_DESTROY_EVENT, AFTER_INIT_EVENT, AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_DESTROY_EVENT, BEFORE_INIT_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, CONFIGURE_START_EVENT, CONFIGURE_STOP_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT

Constructor Summary

Constructors

Constructor	Description
SpnegoAuthenticator()

Method Summary

Modifier and Type	Method	Description
protected boolean	doAuthenticate(Request request, HttpServletResponse response)
protected String	getAuthMethod()
String	getLoginEntryName()	Returns the configured login entry name.
boolean	isErrorMessagesAsHeaders()	Indicates whether error messages will be responded as headers.
boolean	isOmitErrorMessages()	Indicates whether error messages are responded to the client.
protected boolean	isPreemptiveAuthPossible(Request request)
boolean	isStoreDelegatedCredential()	Indicates whether client's (initiator's) delegated credential is stored in the user principal.
protected void	respondErrorMessage(Request request, HttpServletResponse response, int statusCode, String messageKey, Object... params)
protected void	sendInternalServerError(Request request, HttpServletResponse response, String messageKey, Object... params)
protected void	sendUnauthorized(Request request, HttpServletResponse response, String scheme)
protected void	sendUnauthorized(Request request, HttpServletResponse response, String scheme, String messageKey, Object... params)
void	setErrorMessagesAsHeaders(boolean errorMessagesAsHeaders)	Sets whether error messages will be returned as headers.
void	setLoginEntryName(String loginEntryName)	Sets the login entry name which establishes the security context.
void	setOmitErrorMessages(boolean omitErrorMessages)	Sets whether error messages are responded to the client.
void	setStoreDelegatedCredential(boolean storeDelegatedCredential)	Sets whether client's (initiator's) delegated credential is stored in the user principal.

Methods inherited from class org.apache.catalina.authenticator.AuthenticatorBase

allowCorsPreflightBypass, associate, authenticate, changeSessionID, checkForCachedAuthentication, doLogin, getAllowCorsPreflight, getAlwaysUseSession, getCache, getChangeSessionIdOnAuthentication, getContainer, getDisableProxyCaching, getJaspicCallbackHandlerClass, getRealmName, getSecurePagesWithPragma, getSecureRandomAlgorithm, getSecureRandomClass, getSecureRandomProvider, invoke, isContinuationRequired, isSendAuthInfoResponseHeaders, login, logout, notify, reauthenticateFromSSO, register, register, setAllowCorsPreflight, setAlwaysUseSession, setCache, setChangeSessionIdOnAuthentication, setContainer, setDisableProxyCaching, setJaspicCallbackHandlerClass, setSecurePagesWithPragma, setSecureRandomAlgorithm, setSecureRandomClass, setSecureRandomProvider, setSendAuthInfoResponseHeaders, startInternal, stopInternal

Methods inherited from class org.apache.catalina.valves.ValveBase

backgroundProcess, getDomainInternal, getNext, getObjectNameKeyProperties, initInternal, isAsyncSupported, setAsyncSupported, setNext, toString

Methods inherited from class org.apache.catalina.util.LifecycleMBeanBase

destroyInternal, getDomain, getObjectName, postDeregister, postRegister, preDeregister, preRegister, register, setDomain, unregister, unregister

Methods inherited from class org.apache.catalina.util.LifecycleBase

addLifecycleListener, destroy, findLifecycleListeners, fireLifecycleEvent, getState, getStateName, getThrowOnFailure, init, removeLifecycleListener, setState, setState, setThrowOnFailure, start, stop

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

SPNEGO_METHOD

protected static final String SPNEGO_METHOD

See Also:

Constant Field Values

SPNEGO_AUTH_SCHEME

protected static final String SPNEGO_AUTH_SCHEME

See Also:

Constant Field Values

logger

protected final Log logger

sm

protected final StringManager sm

KRB5_MECHANISM

protected static final Oid KRB5_MECHANISM

SPNEGO_MECHANISM

protected static final Oid SPNEGO_MECHANISM

Constructor Detail

SpnegoAuthenticator

public SpnegoAuthenticator()

Method Detail

doAuthenticate

protected boolean doAuthenticate(Request request,
                                 HttpServletResponse response)
                          throws IOException

Specified by:

doAuthenticate in class AuthenticatorBase

Throws:

IOException

isPreemptiveAuthPossible

protected boolean isPreemptiveAuthPossible(Request request)

Overrides:

isPreemptiveAuthPossible in class AuthenticatorBase

getAuthMethod

protected String getAuthMethod()

Specified by:

getAuthMethod in class AuthenticatorBase

setLoginEntryName

public void setLoginEntryName(String loginEntryName)

Sets the login entry name which establishes the security context.

Parameters:

loginEntryName - the login entry name

getLoginEntryName

public String getLoginEntryName()

Returns the configured login entry name.

Returns:

the login entry name

isOmitErrorMessages

public boolean isOmitErrorMessages()

Indicates whether error messages are responded to the client.

Returns:

indicator for error message omission

setOmitErrorMessages

public void setOmitErrorMessages(boolean omitErrorMessages)

Sets whether error messages are responded to the client.

Parameters:

omitErrorMessages - indicator to error omit messages

isErrorMessagesAsHeaders

public boolean isErrorMessagesAsHeaders()

Indicates whether error messages will be responded as headers.

Returns:

indicates whether error messages will be responded as headers

setErrorMessagesAsHeaders

public void setErrorMessagesAsHeaders(boolean errorMessagesAsHeaders)

Sets whether error messages will be returned as headers.

It is not always desired or necessary to produce an error page, e.g., non-interactive clients do not analyze it anyway, but have to consume the response (wasted time and resources). When a client issues a request, the server will write the error messages to either one header: Auth-Error or Server-Error.

Technically speaking, HttpServletResponse.setStatus(int) will be called instead of HttpServletResponse.sendError(int, String).

Parameters:

errorMessagesAsHeaders - indicates whether error messages will be responded as headers

isStoreDelegatedCredential

public boolean isStoreDelegatedCredential()

Indicates whether client's (initiator's) delegated credential is stored in the user principal.

Returns:

indicates whether client's (initiator's) delegated credential is stored in the user principal.

setStoreDelegatedCredential

public void setStoreDelegatedCredential(boolean storeDelegatedCredential)

Sets whether client's (initiator's) delegated credential is stored in the user principal.

Parameters:

storeDelegatedCredential - the store delegated credential indication

respondErrorMessage

protected void respondErrorMessage(Request request,
                                   HttpServletResponse response,
                                   int statusCode,
                                   String messageKey,
                                   Object... params)
                            throws IOException

Throws:

IOException

sendInternalServerError

protected void sendInternalServerError(Request request,
                                       HttpServletResponse response,
                                       String messageKey,
                                       Object... params)
                                throws IOException

Throws:

IOException

sendUnauthorized

protected void sendUnauthorized(Request request,
                                HttpServletResponse response,
                                String scheme)
                         throws IOException

Throws:

IOException

sendUnauthorized

protected void sendUnauthorized(Request request,
                                HttpServletResponse response,
                                String scheme,
                                String messageKey,
                                Object... params)
                         throws IOException

Throws:

IOException