*
The moose likes Security and the fly likes Java client imitating IE6 behavior: obtaining a Kerberos ticket, and sending it through SPNEGO Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Java client imitating IE6 behavior: obtaining a Kerberos ticket, and sending it through SPNEGO" Watch "Java client imitating IE6 behavior: obtaining a Kerberos ticket, and sending it through SPNEGO" New topic
Author

Java client imitating IE6 behavior: obtaining a Kerberos ticket, and sending it through SPNEGO

pinkie pink
Greenhorn

Joined: Feb 16, 2009
Posts: 1
Hi,

Our ogranization has a working Microsoft IIS server with Kerberos authentication.
Usually, it serves web pages to IE6 clients, which naturally know how to obtain a kerberos ticket - based on windows logon - and send them to IIS using the SPNEGO protocol.

Now, I need to write my own Java client, which behaves like IE6.
This is a thick java client, required to run on *Windows*, and act like a browser:
- Open an HTTP connection to IIS (with Kerberos authentication)
- Send a GET request, obtain the result HTML page, and show it in a Swing text area.

Could anyone please direct me to a working example of such a "Java HTTP client with Kerberos authentication"?
The client needs 2 functions:

1. Assuming client runs on a Windows machine, it should be able to obtain Kerberos tickets,
based on *Windows logon* (so that user doesn't need to type user/password!)

2. Open an HTTP connection using the SPNEGO protocol.

Is there any product/example that supports both those features?
I've seen various mentions of JAAS, "com.sun.security.auth.module.Krb5LoginModule", but never a simple working example which puts it all together.
Such an example would be very-very appreciated

Thanks very much.
Carey Evans
Ranch Hand

Joined: May 27, 2008
Posts: 225

Sun Java 6, on Windows, using the java.net.URL class, should automatically use the integrated Windows authentication to talk to IIS as the logged in user. In theory you should be able to use JAAS, but I've never seen it working either.
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: Java client imitating IE6 behavior: obtaining a Kerberos ticket, and sending it through SPNEGO