Class SpnegoAuthenticator
java.lang.Object
org.apache.catalina.util.LifecycleBase
org.apache.catalina.util.LifecycleMBeanBase
org.apache.catalina.valves.ValveBase
org.apache.catalina.authenticator.AuthenticatorBase
org.apache.catalina.authenticator.SpnegoAuthenticator
- All Implemented Interfaces:
- RegistrationListener,- MBeanRegistration,- Authenticator,- Contained,- JmxEnabled,- Lifecycle,- Valve
A SPNEGO authenticator that uses the SPNEGO/Kerberos support built in to Java 6. Successful Kerberos authentication
 depends on the correct configuration of multiple components. If the configuration is invalid, the error messages are
 often cryptic although a Google search will usually point you in the right direction.
- 
Nested Class SummaryNested ClassesModifier and TypeClassDescriptionstatic classThis class gets a gss credential via a privileged action.static classstatic classThis class implements a hack around an incompatibility between the SPNEGO implementation in Windows and the SPNEGO implementation in Java 8 update 40 onwards.Nested classes/interfaces inherited from class org.apache.catalina.authenticator.AuthenticatorBaseAuthenticatorBase.AllowCorsPreflightNested classes/interfaces inherited from interface org.apache.catalina.LifecycleLifecycle.SingleUse
- 
Field SummaryFields inherited from class org.apache.catalina.authenticator.AuthenticatorBasealwaysUseSession, AUTH_HEADER_NAME, cache, changeSessionIdOnAuthentication, context, disableProxyCaching, jaspicCallbackHandlerClass, REALM_NAME, securePagesWithPragma, secureRandomAlgorithm, secureRandomClass, secureRandomProvider, sendAuthInfoResponseHeaders, sessionIdGenerator, sm, ssoFields inherited from class org.apache.catalina.valves.ValveBaseasyncSupported, container, containerLog, nextFields inherited from interface org.apache.catalina.LifecycleAFTER_DESTROY_EVENT, AFTER_INIT_EVENT, AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_DESTROY_EVENT, BEFORE_INIT_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, CONFIGURE_START_EVENT, CONFIGURE_STOP_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT
- 
Constructor SummaryConstructors
- 
Method SummaryModifier and TypeMethodDescriptionprotected booleandoAuthenticate(Request request, HttpServletResponse response) Provided for sub-classes to implement their specific authentication mechanism.booleanprotected StringReturn the authentication method, which is vendor-specific and not defined by HttpServletRequest.protected voidSub-classes wishing to perform additional initialization should override this method, ensuring that super.initInternal() is the first call in the overriding method.protected booleanisPreemptiveAuthPossible(Request request) Can the authenticator perform preemptive authentication for the given request?booleanvoidsetApplyJava8u40Fix(boolean applyJava8u40Fix) voidsetLoginConfigName(String loginConfigName) voidsetNoKeepAliveUserAgents(String noKeepAliveUserAgents) voidsetStoreDelegatedCredential(boolean storeDelegatedCredential) Methods inherited from class org.apache.catalina.authenticator.AuthenticatorBaseallowCorsPreflightBypass, associate, authenticate, changeSessionID, checkForCachedAuthentication, doLogin, getAllowCorsPreflight, getAlwaysUseSession, getCache, getChangeSessionIdOnAuthentication, getContainer, getDisableProxyCaching, getJaspicCallbackHandlerClass, getRealmName, getSecurePagesWithPragma, getSecureRandomAlgorithm, getSecureRandomClass, getSecureRandomProvider, invoke, isContinuationRequired, isSendAuthInfoResponseHeaders, login, logout, notify, reauthenticateFromSSO, register, register, setAllowCorsPreflight, setAlwaysUseSession, setCache, setChangeSessionIdOnAuthentication, setContainer, setDisableProxyCaching, setJaspicCallbackHandlerClass, setSecurePagesWithPragma, setSecureRandomAlgorithm, setSecureRandomClass, setSecureRandomProvider, setSendAuthInfoResponseHeaders, startInternal, stopInternalMethods inherited from class org.apache.catalina.valves.ValveBasebackgroundProcess, getDomainInternal, getNext, getObjectNameKeyProperties, isAsyncSupported, setAsyncSupported, setNext, toStringMethods inherited from class org.apache.catalina.util.LifecycleMBeanBasedestroyInternal, getDomain, getObjectName, postDeregister, postRegister, preDeregister, preRegister, register, setDomain, unregister, unregisterMethods inherited from class org.apache.catalina.util.LifecycleBaseaddLifecycleListener, destroy, findLifecycleListeners, fireLifecycleEvent, getState, getStateName, getThrowOnFailure, init, removeLifecycleListener, setState, setState, setThrowOnFailure, start, stop
- 
Constructor Details- 
SpnegoAuthenticatorpublic SpnegoAuthenticator()
 
- 
- 
Method Details- 
getLoginConfigName
- 
setLoginConfigName
- 
isStoreDelegatedCredentialpublic boolean isStoreDelegatedCredential()
- 
setStoreDelegatedCredentialpublic void setStoreDelegatedCredential(boolean storeDelegatedCredential) 
- 
getNoKeepAliveUserAgents
- 
setNoKeepAliveUserAgents
- 
getApplyJava8u40Fixpublic boolean getApplyJava8u40Fix()
- 
setApplyJava8u40Fixpublic void setApplyJava8u40Fix(boolean applyJava8u40Fix) 
- 
getAuthMethodDescription copied from class:AuthenticatorBaseReturn the authentication method, which is vendor-specific and not defined by HttpServletRequest.- Specified by:
- getAuthMethodin class- AuthenticatorBase
- Returns:
- the authentication method, which is vendor-specific and not defined by HttpServletRequest.
 
- 
initInternalDescription copied from class:LifecycleMBeanBaseSub-classes wishing to perform additional initialization should override this method, ensuring that super.initInternal() is the first call in the overriding method.- Overrides:
- initInternalin class- ValveBase
- Throws:
- LifecycleException- If the initialisation fails
 
- 
doAuthenticateDescription copied from class:AuthenticatorBaseProvided for sub-classes to implement their specific authentication mechanism.- Specified by:
- doAuthenticatein class- AuthenticatorBase
- Parameters:
- request- The request that triggered the authentication
- response- The response associated with the request
- Returns:
- trueif the the user was authenticated, otherwise- false, in which case an authentication challenge will have been written to the response
- Throws:
- IOException- If an I/O problem occurred during the authentication process
 
- 
isPreemptiveAuthPossibleDescription copied from class:AuthenticatorBaseCan the authenticator perform preemptive authentication for the given request?- Overrides:
- isPreemptiveAuthPossiblein class- AuthenticatorBase
- Parameters:
- request- The request to check for credentials
- Returns:
- trueif preemptive authentication is possible, otherwise- false
 
 
-