Class SpnegoAuthenticator
- java.lang.Object
-
- org.apache.catalina.util.LifecycleBase
-
- org.apache.catalina.util.LifecycleMBeanBase
-
- org.apache.catalina.valves.ValveBase
-
- org.apache.catalina.authenticator.AuthenticatorBase
-
- net.sf.michaelo.tomcat.authenticator.SpnegoAuthenticator
-
- All Implemented Interfaces:
MBeanRegistration
,RegistrationListener
,Authenticator
,Contained
,JmxEnabled
,Lifecycle
,Valve
public class SpnegoAuthenticator extends AuthenticatorBase
A SPNEGO Authenticator which utilizes GSS-API to authenticate a client.
-
-
Nested Class Summary
-
Nested classes/interfaces inherited from class org.apache.catalina.authenticator.AuthenticatorBase
AuthenticatorBase.AllowCorsPreflight
-
Nested classes/interfaces inherited from interface org.apache.catalina.Lifecycle
Lifecycle.SingleUse
-
-
Field Summary
Fields Modifier and Type Field Description protected static Oid
KRB5_MECHANISM
protected Log
logger
protected StringManager
sm
protected static String
SPNEGO_AUTH_SCHEME
protected static Oid
SPNEGO_MECHANISM
protected static String
SPNEGO_METHOD
-
Fields inherited from class org.apache.catalina.authenticator.AuthenticatorBase
alwaysUseSession, AUTH_HEADER_NAME, cache, changeSessionIdOnAuthentication, context, disableProxyCaching, jaspicCallbackHandlerClass, REALM_NAME, securePagesWithPragma, secureRandomAlgorithm, secureRandomClass, secureRandomProvider, sendAuthInfoResponseHeaders, sessionIdGenerator, sso
-
Fields inherited from class org.apache.catalina.valves.ValveBase
asyncSupported, container, containerLog, next
-
Fields inherited from class org.apache.catalina.util.LifecycleMBeanBase
mserver
-
Fields inherited from interface org.apache.catalina.Lifecycle
AFTER_DESTROY_EVENT, AFTER_INIT_EVENT, AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_DESTROY_EVENT, BEFORE_INIT_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, CONFIGURE_START_EVENT, CONFIGURE_STOP_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT
-
-
Constructor Summary
Constructors Constructor Description SpnegoAuthenticator()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description protected boolean
doAuthenticate(Request request, HttpServletResponse response)
protected String
getAuthMethod()
String
getLoginEntryName()
Returns the configured login entry name.boolean
isErrorMessagesAsHeaders()
Indicates whether error messages will be responded as headers.boolean
isOmitErrorMessages()
Indicates whether error messages are responded to the client.protected boolean
isPreemptiveAuthPossible(Request request)
boolean
isStoreDelegatedCredential()
Indicates whether client's (initiator's) delegated credential is stored in the user principal.protected void
respondErrorMessage(Request request, HttpServletResponse response, int statusCode, String messageKey, Object... params)
protected void
sendInternalServerError(Request request, HttpServletResponse response, String messageKey, Object... params)
protected void
sendUnauthorized(Request request, HttpServletResponse response, String scheme)
protected void
sendUnauthorized(Request request, HttpServletResponse response, String scheme, String messageKey, Object... params)
void
setErrorMessagesAsHeaders(boolean errorMessagesAsHeaders)
Sets whether error messages will be returned as headers.void
setLoginEntryName(String loginEntryName)
Sets the login entry name which establishes the security context.void
setOmitErrorMessages(boolean omitErrorMessages)
Sets whether error messages are responded to the client.void
setStoreDelegatedCredential(boolean storeDelegatedCredential)
Sets whether client's (initiator's) delegated credential is stored in the user principal.-
Methods inherited from class org.apache.catalina.authenticator.AuthenticatorBase
allowCorsPreflightBypass, associate, authenticate, changeSessionID, checkForCachedAuthentication, doLogin, getAllowCorsPreflight, getAlwaysUseSession, getCache, getChangeSessionIdOnAuthentication, getContainer, getDisableProxyCaching, getJaspicCallbackHandlerClass, getRealmName, getSecurePagesWithPragma, getSecureRandomAlgorithm, getSecureRandomClass, getSecureRandomProvider, invoke, isContinuationRequired, isSendAuthInfoResponseHeaders, login, logout, notify, reauthenticateFromSSO, register, register, setAllowCorsPreflight, setAlwaysUseSession, setCache, setChangeSessionIdOnAuthentication, setContainer, setDisableProxyCaching, setJaspicCallbackHandlerClass, setSecurePagesWithPragma, setSecureRandomAlgorithm, setSecureRandomClass, setSecureRandomProvider, setSendAuthInfoResponseHeaders, startInternal, stopInternal
-
Methods inherited from class org.apache.catalina.valves.ValveBase
backgroundProcess, getDomainInternal, getNext, getObjectNameKeyProperties, initInternal, isAsyncSupported, setAsyncSupported, setNext, toString
-
Methods inherited from class org.apache.catalina.util.LifecycleMBeanBase
destroyInternal, getDomain, getObjectName, postDeregister, postRegister, preDeregister, preRegister, register, setDomain, unregister, unregister
-
Methods inherited from class org.apache.catalina.util.LifecycleBase
addLifecycleListener, destroy, findLifecycleListeners, fireLifecycleEvent, getState, getStateName, getThrowOnFailure, init, removeLifecycleListener, setState, setState, setThrowOnFailure, start, stop
-
-
-
-
Field Detail
-
SPNEGO_METHOD
protected static final String SPNEGO_METHOD
- See Also:
- Constant Field Values
-
SPNEGO_AUTH_SCHEME
protected static final String SPNEGO_AUTH_SCHEME
- See Also:
- Constant Field Values
-
logger
protected final Log logger
-
sm
protected final StringManager sm
-
KRB5_MECHANISM
protected static final Oid KRB5_MECHANISM
-
SPNEGO_MECHANISM
protected static final Oid SPNEGO_MECHANISM
-
-
Method Detail
-
doAuthenticate
protected boolean doAuthenticate(Request request, HttpServletResponse response) throws IOException
- Specified by:
doAuthenticate
in classAuthenticatorBase
- Throws:
IOException
-
isPreemptiveAuthPossible
protected boolean isPreemptiveAuthPossible(Request request)
- Overrides:
isPreemptiveAuthPossible
in classAuthenticatorBase
-
getAuthMethod
protected String getAuthMethod()
- Specified by:
getAuthMethod
in classAuthenticatorBase
-
setLoginEntryName
public void setLoginEntryName(String loginEntryName)
Sets the login entry name which establishes the security context.- Parameters:
loginEntryName
- the login entry name
-
getLoginEntryName
public String getLoginEntryName()
Returns the configured login entry name.- Returns:
- the login entry name
-
isOmitErrorMessages
public boolean isOmitErrorMessages()
Indicates whether error messages are responded to the client.- Returns:
- indicator for error message omission
-
setOmitErrorMessages
public void setOmitErrorMessages(boolean omitErrorMessages)
Sets whether error messages are responded to the client.- Parameters:
omitErrorMessages
- indicator to error omit messages
-
isErrorMessagesAsHeaders
public boolean isErrorMessagesAsHeaders()
Indicates whether error messages will be responded as headers.- Returns:
- indicates whether error messages will be responded as headers
-
setErrorMessagesAsHeaders
public void setErrorMessagesAsHeaders(boolean errorMessagesAsHeaders)
Sets whether error messages will be returned as headers.It is not always desired or necessary to produce an error page, e.g., non-interactive clients do not analyze it anyway, but have to consume the response (wasted time and resources). When a client issues a request, the server will write the error messages to either one header:
Auth-Error
orServer-Error
.Technically speaking,
HttpServletResponse.setStatus(int)
will be called instead ofHttpServletResponse.sendError(int, String)
.- Parameters:
errorMessagesAsHeaders
- indicates whether error messages will be responded as headers
-
isStoreDelegatedCredential
public boolean isStoreDelegatedCredential()
Indicates whether client's (initiator's) delegated credential is stored in the user principal.- Returns:
- indicates whether client's (initiator's) delegated credential is stored in the user principal.
-
setStoreDelegatedCredential
public void setStoreDelegatedCredential(boolean storeDelegatedCredential)
Sets whether client's (initiator's) delegated credential is stored in the user principal.- Parameters:
storeDelegatedCredential
- the store delegated credential indication
-
respondErrorMessage
protected void respondErrorMessage(Request request, HttpServletResponse response, int statusCode, String messageKey, Object... params) throws IOException
- Throws:
IOException
-
sendInternalServerError
protected void sendInternalServerError(Request request, HttpServletResponse response, String messageKey, Object... params) throws IOException
- Throws:
IOException
-
sendUnauthorized
protected void sendUnauthorized(Request request, HttpServletResponse response, String scheme) throws IOException
- Throws:
IOException
-
sendUnauthorized
protected void sendUnauthorized(Request request, HttpServletResponse response, String scheme, String messageKey, Object... params) throws IOException
- Throws:
IOException
-
-