This week's book giveaway is in the OCAJP 8 forum.
We're giving away four copies of OCA Java SE 8 Programmer I Study Guide and have Edward Finegan & Robert Liguori on-line!
See this thread for details.
The moose likes Servlets and the fly likes Question about SPNEGO security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of OCA Java SE 8 Programmer I Study Guide this week in the OCAJP 8 forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Question about SPNEGO security" Watch "Question about SPNEGO security" New topic

Question about SPNEGO security

Jim Barkley

Joined: Jun 23, 2011
Posts: 12

I've recently implemented this for auth against company's Active Directory.

None of the webapp contents is behind SSL though; when you enter the webapp address, a login dialog just pops up.

Is SPNEGO, and any other single sign-on stuff(like WAFFLE, for example) secure? Or the https implementation has to be done on Tomcat separately to ensure secure connection?

Thanks in advance.
I agree. Here's the link:
subject: Question about SPNEGO security
It's not a secret anymore!