net.sourceforge.spnego
Class SpnegoHttpFilter.Constants

java.lang.Object
  extended by net.sourceforge.spnego.SpnegoHttpFilter.Constants
Enclosing class:
SpnegoHttpFilter

public static final class SpnegoHttpFilter.Constants
extends Object

Defines constants and parameter names that are used in the web.xml file, and HTTP request headers, etc.

This class is primarily used internally or by implementers of custom http clients and by SpnegoFilterConfig.


Field Summary
static String ALLOW_BASIC
          Servlet init param name in web.xml spnego.allow.basic.
static String ALLOW_DELEGATION
          Servlet init param name in web.xml spnego.allow.delegation.
static String ALLOW_LOCALHOST
          Servlet init param name in web.xml spnego.allow.localhost.
static String ALLOW_UNSEC_BASIC
          Servlet init param name in web.xml spnego.allow.unsecure.basic.
static String AUTHN_HEADER
          HTTP Response Header WWW-Authenticate.
static String AUTHZ_HEADER
          HTTP Request Header Authorization.
static String BASIC_HEADER
          HTTP Response Header Basic.
static String CLIENT_MODULE
          Servlet init param name in web.xml spnego.login.client.module.
static String KRB5_CONF
          Servlet init param name in web.xml spnego.krb5.conf.
(package private) static String LOGGER_LEVEL
          Specify logging level.
(package private) static String LOGGER_NAME
          Name of Spnego Logger.
static String LOGIN_CONF
          Servlet init param name in web.xml spnego.login.conf.
static String NEGOTIATE_HEADER
          HTTP Response Header Negotiate.
(package private) static String NTLM_PROLOG
          NTLM base64-encoded token start value.
static String PREAUTH_PASSWORD
          Servlet init param name in web.xml spnego.preauth.password.
static String PREAUTH_USERNAME
          Servlet init param name in web.xml spnego.preauth.username.
static String PROMPT_NTLM
          If server receives an NTLM token, the filter will return with a 401 and with Basic as the only option (no Negotiate) spnego.prompt.ntlm.
static String SERVER_MODULE
          Servlet init param name in web.xml spnego.login.server.module.
 
Constructor Summary
private SpnegoHttpFilter.Constants()
           
 
Method Summary
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

ALLOW_BASIC

public static final String ALLOW_BASIC
Servlet init param name in web.xml spnego.allow.basic.

Set this value to true in web.xml if the filter should allow Basic Authentication.

It is recommended that you only allow Basic Authentication if you have clients that cannot perform Kerberos authentication. Also, you should consider requiring SSL/TLS by setting spnego.allow.unsecure.basic to false.

See Also:
Constant Field Values

ALLOW_DELEGATION

public static final String ALLOW_DELEGATION
Servlet init param name in web.xml spnego.allow.delegation.

Set this value to true if server should support credential delegation requests.

Take a look at the DelegateServletRequest for more information about other pre-requisites.

See Also:
Constant Field Values

ALLOW_LOCALHOST

public static final String ALLOW_LOCALHOST
Servlet init param name in web.xml spnego.allow.localhost.

Flag to indicate if requests coming from http://localhost or http://127.0.0.1 should not be authenticated using Kerberos.

This feature helps to obviate the requirement of creating an SPN for developer machines.

See Also:
Constant Field Values

ALLOW_UNSEC_BASIC

public static final String ALLOW_UNSEC_BASIC
Servlet init param name in web.xml spnego.allow.unsecure.basic.

Set this value to false in web.xml if the filter should reject connections that do not use SSL/TLS.

See Also:
Constant Field Values

AUTHN_HEADER

public static final String AUTHN_HEADER
HTTP Response Header WWW-Authenticate.

The filter will respond with this header with a value of "Basic" and/or "Negotiate" (based on web.xml file).

See Also:
Constant Field Values

AUTHZ_HEADER

public static final String AUTHZ_HEADER
HTTP Request Header Authorization.

Clients should send this header where the value is the authentication token(s).

See Also:
Constant Field Values

BASIC_HEADER

public static final String BASIC_HEADER
HTTP Response Header Basic.

The filter will set this as the value for the "WWW-Authenticate" header if "Basic" auth is allowed (based on web.xml file).

See Also:
Constant Field Values

CLIENT_MODULE

public static final String CLIENT_MODULE
Servlet init param name in web.xml spnego.login.client.module.

The LoginModule name that exists in the login.conf file.

See Also:
Constant Field Values

KRB5_CONF

public static final String KRB5_CONF
Servlet init param name in web.xml spnego.krb5.conf.

The location of the krb5.conf file. On Windows, this file will sometimes be named krb5.ini and reside %WINDOWS_ROOT%/krb5.ini here.

By default, Java looks for the file in these locations and order:

  • System Property (java.security.krb5.conf)
  • %JAVA_HOME%/lib/security/krb5.conf
  • %WINDOWS_ROOT%/krb5.ini
  • See Also:
    Constant Field Values

    LOGGER_LEVEL

    static final String LOGGER_LEVEL
    Specify logging level.
     1 = FINEST
     2 = FINER
     3 = FINE
     4 = CONFIG
     5 = INFO
     6 = WARNING
     7 = SEVERE
     

    See Also:
    Constant Field Values

    LOGGER_NAME

    static final String LOGGER_NAME
    Name of Spnego Logger.

    Example: Logger.getLogger(Constants.LOGGER_NAME)

    See Also:
    Constant Field Values

    LOGIN_CONF

    public static final String LOGIN_CONF
    Servlet init param name in web.xml spnego.login.conf.

    The location of the login.conf file.

    See Also:
    Constant Field Values

    NEGOTIATE_HEADER

    public static final String NEGOTIATE_HEADER
    HTTP Response Header Negotiate.

    The filter will set this as the value for the "WWW-Authenticate" header. Note that the filter may also add another header with a value of "Basic" (if allowed by the web.xml file).

    See Also:
    Constant Field Values

    NTLM_PROLOG

    static final String NTLM_PROLOG
    NTLM base64-encoded token start value.

    See Also:
    Constant Field Values

    PREAUTH_PASSWORD

    public static final String PREAUTH_PASSWORD
    Servlet init param name in web.xml spnego.preauth.password.

    Network Domain password. For Windows, this is sometimes known as the Windows NT password.

    See Also:
    Constant Field Values

    PREAUTH_USERNAME

    public static final String PREAUTH_USERNAME
    Servlet init param name in web.xml spnego.preauth.username.

    Network Domain username. For Windows, this is sometimes known as the Windows NT username.

    See Also:
    Constant Field Values

    PROMPT_NTLM

    public static final String PROMPT_NTLM
    If server receives an NTLM token, the filter will return with a 401 and with Basic as the only option (no Negotiate) spnego.prompt.ntlm.

    See Also:
    Constant Field Values

    SERVER_MODULE

    public static final String SERVER_MODULE
    Servlet init param name in web.xml spnego.login.server.module.

    The LoginModule name that exists in the login.conf file.

    See Also:
    Constant Field Values
    Constructor Detail

    SpnegoHttpFilter.Constants

    private SpnegoHttpFilter.Constants()