File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Other JSE/JEE APIs and the fly likes Tomcat: Valve with SPNEGO-Authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Other JSE/JEE APIs
Bookmark "Tomcat: Valve with SPNEGO-Authentication" Watch "Tomcat: Valve with SPNEGO-Authentication" New topic

Tomcat: Valve with SPNEGO-Authentication

Tobias Kalke

Joined: Oct 15, 2008
Posts: 1
I'm developing a Tomcat valve to authenticate users with SPNEGO/Kerberos in a Windows environment, using Java 6 and GSSAPI.

So far, I extended AuthenticatorBase and overwrote the authenticate-method. That allowed me to get the client to use SPNEGO, that is send a Kerberos ticket.

To check the ticket in the request, I first need a GSSContext, and that needs GSSCredentials for the valve:

Oid spnegoOid = null;
spnegoOid = new Oid("");
GSSCredential myCreds = manager.createCredential(null, GSSCredential.DEFAULT_LIFETIME, spnegoOid, GSSCredential.ACCEPT_ONLY);

My problem: the last line fails: "No valid credentials provided"

I think it's because it doesn't access my config file and keytab file.

How can I tell the GSSAPI where the config files are? Or do I have to place them in a special folder?
I know how to tell JAAS where to get, but I have no idea how to do it for that.

In case anyone can come up with useful links for Tomcat & SPNEGO, I would be gladful, too!

I agree. Here's the link:
subject: Tomcat: Valve with SPNEGO-Authentication
It's not a secret anymore!