This week's book giveaway is in the OO, Patterns, UML and Refactoring forum.
We're giving away four copies of Refactoring for Software Design Smells: Managing Technical Debt and have Girish Suryanarayana, Ganesh Samarthyam & Tushar Sharma on-line!
See this thread for details.
The moose likes Other JSE/JEE APIs and the fly likes Tomcat: Valve with SPNEGO-Authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


JavaRanch » Java Forums » Java » Other JSE/JEE APIs
Bookmark "Tomcat: Valve with SPNEGO-Authentication" Watch "Tomcat: Valve with SPNEGO-Authentication" New topic
Author

Tomcat: Valve with SPNEGO-Authentication

Tobias Kalke
Greenhorn

Joined: Oct 15, 2008
Posts: 1
Hi,
I'm developing a Tomcat valve to authenticate users with SPNEGO/Kerberos in a Windows environment, using Java 6 and GSSAPI.

So far, I extended AuthenticatorBase and overwrote the authenticate-method. That allowed me to get the client to use SPNEGO, that is send a Kerberos ticket.

To check the ticket in the request, I first need a GSSContext, and that needs GSSCredentials for the valve:

Oid spnegoOid = null;
spnegoOid = new Oid("1.3.6.1.5.5.2");
GSSCredential myCreds = manager.createCredential(null, GSSCredential.DEFAULT_LIFETIME, spnegoOid, GSSCredential.ACCEPT_ONLY);

My problem: the last line fails: "No valid credentials provided"

I think it's because it doesn't access my config file and keytab file.

How can I tell the GSSAPI where the config files are? Or do I have to place them in a special folder?
I know how to tell JAAS where to get, but I have no idea how to do it for that.

In case anyone can come up with useful links for Tomcat & SPNEGO, I would be gladful, too!

Cheers,
Tobias
 
I’ve looked at a lot of different solutions, and in my humble opinion Aspose is the way to go. Here’s the link: http://aspose.com
 
subject: Tomcat: Valve with SPNEGO-Authentication
 
It's not a secret anymore!