Two Laptop Bag*
The moose likes Security and the fly likes Java client imitating IE6 behavior: obtaining a Kerberos ticket, and sending it through SPNEGO Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Java client imitating IE6 behavior: obtaining a Kerberos ticket, and sending it through SPNEGO" Watch "Java client imitating IE6 behavior: obtaining a Kerberos ticket, and sending it through SPNEGO" New topic
Author

Java client imitating IE6 behavior: obtaining a Kerberos ticket, and sending it through SPNEGO

pinkie pink
Greenhorn

Joined: Feb 16, 2009
Posts: 1
Hi,

Our ogranization has a working Microsoft IIS server with Kerberos authentication.
Usually, it serves web pages to IE6 clients, which naturally know how to obtain a kerberos ticket - based on windows logon - and send them to IIS using the SPNEGO protocol.

Now, I need to write my own Java client, which behaves like IE6.
This is a thick java client, required to run on *Windows*, and act like a browser:
- Open an HTTP connection to IIS (with Kerberos authentication)
- Send a GET request, obtain the result HTML page, and show it in a Swing text area.

Could anyone please direct me to a working example of such a "Java HTTP client with Kerberos authentication"?
The client needs 2 functions:

1. Assuming client runs on a Windows machine, it should be able to obtain Kerberos tickets,
based on *Windows logon* (so that user doesn't need to type user/password!)

2. Open an HTTP connection using the SPNEGO protocol.

Is there any product/example that supports both those features?
I've seen various mentions of JAAS, "com.sun.security.auth.module.Krb5LoginModule", but never a simple working example which puts it all together.
Such an example would be very-very appreciated

Thanks very much.
Carey Evans
Ranch Hand

Joined: May 27, 2008
Posts: 225

Sun Java 6, on Windows, using the java.net.URL class, should automatically use the integrated Windows authentication to talk to IIS as the logged in user. In theory you should be able to use JAAS, but I've never seen it working either.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Java client imitating IE6 behavior: obtaining a Kerberos ticket, and sending it through SPNEGO
 
Similar Threads
kerberos/spnego authentication without keytab file
SPNEGO to JBoss 4.3.2 (with username different from hostname)
single signon with java GSS-API kerberos/SPNEGO
SSO using SPNego on Kerberos in JBoss 4.2.2
Tomcat: Valve with SPNEGO-Authentication