File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Servlets and the fly likes Question about SPNEGO security Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Question about SPNEGO security" Watch "Question about SPNEGO security" New topic

Question about SPNEGO security

Jim Barkley

Joined: Jun 23, 2011
Posts: 12

I've recently implemented this for auth against company's Active Directory.

None of the webapp contents is behind SSL though; when you enter the webapp address, a login dialog just pops up.

Is SPNEGO, and any other single sign-on stuff(like WAFFLE, for example) secure? Or the https implementation has to be done on Tomcat separately to ensure secure connection?

Thanks in advance.
It is sorta covered in the JavaRanch Style Guide.
subject: Question about SPNEGO security
It's not a secret anymore!