Java client imitating IE6 behavior: obtaining a Kerberos ticket, and sending it through SPNEGO
posted 6 years ago
Our ogranization has a working Microsoft IIS server with Kerberos authentication.
Usually, it serves web pages to IE6 clients, which naturally know how to obtain a kerberos ticket - based on windows logon - and send them to IIS using the SPNEGO protocol.
Now, I need to write my own Java client, which behaves like IE6.
This is a thick java client, required to run on *Windows*, and act like a browser:
- Open an HTTP connection to IIS (with Kerberos authentication)
- Send a GET request, obtain the result HTML page, and show it in a Swing text area.
Could anyone please direct me to a working example of such a "Java HTTP client with Kerberos authentication"?
The client needs 2 functions:
1. Assuming client runs on a Windows machine, it should be able to obtain Kerberos tickets,
based on *Windows logon* (so that user doesn't need to type user/password!)
2. Open an HTTP connection using the SPNEGO protocol.
Is there any product/example that supports both those features?
I've seen various mentions of JAAS, "com.sun.security.auth.module.Krb5LoginModule", but never a simple working example which puts it all together.
Such an example would be very-very appreciated
Sun Java 6, on Windows, using the java.net.URL class, should automatically use the integrated Windows authentication to talk to IIS as the logged in user. In theory you should be able to use JAAS, but I've never seen it working either.