Class SpnegoAuthenticator

java.lang.Object
org.apache.catalina.util.LifecycleBase
org.apache.catalina.util.LifecycleMBeanBase
org.apache.catalina.valves.ValveBase
org.apache.catalina.authenticator.AuthenticatorBase
org.apache.catalina.authenticator.SpnegoAuthenticator
All Implemented Interfaces:
RegistrationListener, MBeanRegistration, Authenticator, Contained, JmxEnabled, Lifecycle, Valve
public class SpnegoAuthenticator extends AuthenticatorBase
A SPNEGO authenticator that uses the SPNEGO/Kerberos support built in to Java 6. Successful Kerberos authentication depends on the correct configuration of multiple components. If the configuration is invalid, the error messages are often cryptic although a Google search will usually point you in the right direction.

  • Constructor Details

    • SpnegoAuthenticator

      public SpnegoAuthenticator()
      Default constructor.

  • Method Details

    • getLoginConfigName

      public String getLoginConfigName()
      Returns the JAAS login configuration name.
      Returns:
      the login configuration name

    • setLoginConfigName

      public void setLoginConfigName(String loginConfigName)
      Sets the JAAS login configuration name.
      Parameters:
      loginConfigName - the login configuration name

    • isStoreDelegatedCredential

      public boolean isStoreDelegatedCredential()
      Returns whether delegated credentials should be stored in the subject.
      Returns:
      true if delegated credentials are stored

    • setStoreDelegatedCredential

      public void setStoreDelegatedCredential(boolean storeDelegatedCredential)
      Sets whether delegated credentials should be stored in the subject.
      Parameters:
      storeDelegatedCredential - true to store delegated credentials

    • getNoKeepAliveUserAgents

      public String getNoKeepAliveUserAgents()
      Returns the regex pattern for user agents that should not use keep-alive connections.
      Returns:
      the regex pattern, or null if not configured

    • setNoKeepAliveUserAgents

      public void setNoKeepAliveUserAgents(String noKeepAliveUserAgents)
      Sets the regex pattern for user agents that should not use keep-alive connections.
      Parameters:
      noKeepAliveUserAgents - the regex pattern, or null to disable

    • getApplyJava8u40Fix

      @Deprecated public boolean getApplyJava8u40Fix()
      Deprecated.
      This method will be removed from Tomcat 12 onwards.
      This attribute is now hard-coded to false as the work-around this attribute enabled is no longer required.
      Returns:
      Always false

    • setApplyJava8u40Fix

      @Deprecated public void setApplyJava8u40Fix(boolean applyJava8u40Fix)
      Deprecated.
      This method will be removed from Tomcat 12 onwards.
      This method is now a NO-OP as the work-around this attribute enabled is no longer required.
      Parameters:
      applyJava8u40Fix - Ignored

    • getAuthMethod

      protected String getAuthMethod()
      Description copied from class: AuthenticatorBase
      Return the authentication method, which is vendor-specific and not defined by HttpServletRequest.
      Specified by:
      getAuthMethod in class AuthenticatorBase
      Returns:
      the authentication method, which is vendor-specific and not defined by HttpServletRequest.

    • initInternal

      protected void initInternal() throws LifecycleException
      Description copied from class: LifecycleBase
      Subclasses implement this method to perform any instance initialisation required.
      Overrides:
      initInternal in class ValveBase
      Throws:
      LifecycleException - If the initialisation fails

    • doAuthenticate

      protected boolean doAuthenticate(Request request, HttpServletResponse response) throws IOException
      Description copied from class: AuthenticatorBase
      Provided for subclasses to implement their specific authentication mechanism.
      Specified by:
      doAuthenticate in class AuthenticatorBase
      Parameters:
      request - The request that triggered the authentication
      response - The response associated with the request
      Returns:
      true if the user was authenticated, otherwise false, in which case an authentication challenge will have been written to the response
      Throws:
      IOException - If an I/O problem occurred during the authentication process

    • isPreemptiveAuthPossible

      protected boolean isPreemptiveAuthPossible(Request request)
      Description copied from class: AuthenticatorBase
      Can the authenticator perform preemptive authentication for the given request?
      Overrides:
      isPreemptiveAuthPossible in class AuthenticatorBase
      Parameters:
      request - The request to check for credentials
      Returns:
      true if preemptive authentication is possible, otherwise false