Interface DelegateServletRequest

All Superinterfaces:
All Known Implementing Classes:

public interface DelegateServletRequest
extends javax.servlet.ServletRequest

The default installation of Internet Explorer and Active Directory allow the user's/requester's credential to be delegated.

By default, SpnegoHttpURLConnection has delegation set to false. To allow delegation, call the requestCredDeleg method on the SpnegoHttpURLConnection instance.

Also, the server/service's pre-authentication account must be specified as "Account is trusted for delegation" in Active Directory.

Finally, the server/service's spnego servlet init params must be specified to allow credential delegation by setting the property spnego.allow.delegation to true (false by default).

Custom client programs may request their credential to be delegated by calling the requestCredDeleg on their instance of GSSContext.

Java Application Servers can obtain the delegated credential by casting the HTTP request.

Example usage:

     if (request instanceof DelegateServletRequest) {
         DelegateServletRequest dsr = (DelegateServletRequest) request;
         GSSCredential creds = dsr.getDelegatedCredential();

To see a working example and instructions, take a look at the credential delegation example.

Darwin V. Felix

Method Summary
 GSSCredential getDelegatedCredential()
          Returns the requester's delegated credential.
Methods inherited from interface javax.servlet.ServletRequest
getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentType, getInputStream, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getParameter, getParameterMap, getParameterNames, getParameterValues, getProtocol, getReader, getRealPath, getRemoteAddr, getRemoteHost, getRemotePort, getRequestDispatcher, getScheme, getServerName, getServerPort, isSecure, removeAttribute, setAttribute, setCharacterEncoding

Method Detail


GSSCredential getDelegatedCredential()
Returns the requester's delegated credential.

Returns null if request has no delegated credential or if delegated credentials are not supported.

delegated credential or null