Welcome to the SPNEGO SourceForge projectIntegrated Windows Authentication in Java
The intent of this project is to provide an alternative library (.jar file) that application servers (like Tomcat) can use as the means for authenticating clients (like web browsers).
If your organization is running Active Directory (AD) and all of your web applications go through Microsoft's Internet Information Services (IIS), and IIS has Integrated Windows Authentication enabled, and everyone in your organization is using Internet Explorer (IE), then this project may not be of any interest to you.
This project may also not be of any interest to you if your organization is using jCIFS as the means to achieve Single Sign-On (SSO); there are other 3rd party products as well as open-source projects that will silently authenticate (no username/password prompt) browser requests to a protected web page. Perhaps some of these are more suitable for your organization's needs.
However, if your organization uses java based web/application servers, and you prefer
Kerberos/SPNEGO instead of
NTLM as the authentication
protocol, and you would rather have a
Java Servlet Filter
(JSR-53) based implementation instead of a container specific
authentication module (JSR-196),
and you want SSO
The most effective way to get started is to first go through the pre-flight checklist. One of the goals of the checklist is to identify configuration parameter values necessary during installation and configuration of the SPNEGO HTTP Servlet Filter. There are really only two steps to the install: 1) copy jar file and 2) modify web.xml file.
Unfortunately, that's just the servlet filter install. You may also need to create two configuration files that your Java Runtime (JRE) will need as a part of Java's security technology framework. Specifically, creating configuration files for the Java Authentication and Authorization Service (JAAS) package/extension and for the Java Generic Security Services (Java GSS) API. The pre-flight has instructions for these as well.
Finally, there's nothing in the code base that is specific to AD. Theoretically, this code should also work with MIT Kerberos. There is also nothing in the code base that is specific to Tomcat or IE, or Windows or UNIX (but feel free to post messages in the Forum about any successes and/or failures).
© 2009 Darwin V. Felix. All rights reserved.