net.sourceforge.spnego
Class SpnegoProvider

java.lang.Object
  extended by net.sourceforge.spnego.SpnegoProvider

public final class SpnegoProvider
extends Object

This is a Utility Class that can be used for finer grained control over message integrity, confidentiality and mutual authentication.

This Class is exposed for developers who want to implement a custom HTTP client.

Take a look at the SpnegoHttpURLConnection class and the SpnegoHttpFilter class before attempting to implement your own HTTP client.

For more example usage, see the documentation at http://spnego.sourceforge.net

Author:
Darwin V. Felix

Field Summary
(package private) static Logger LOGGER
          Default LOGGER.
(package private) static GSSManager MANAGER
          Factory for GSS-API mechanism.
(package private) static Oid SPNEGO_OID
          GSS-API mechanism "1.3.6.1.5.5.2".
 
Constructor Summary
private SpnegoProvider()
           
 
Method Summary
static SpnegoAuthScheme getAuthScheme(String header)
          Returns the SpnegoAuthScheme or null if header is missing.
static GSSCredential getClientCredential(Subject subject)
          Returns the GSS-API interface for creating a security context.
static GSSContext getGSSContext(GSSCredential creds, URL url)
          Returns a GSSContext to be used by custom clients to set data integrity requirements, confidentiality and if mutual authentication is required.
private static Oid getOid()
          Returns the Universal Object Identifier representation of the SPNEGO mechanism.
(package private) static GSSCredential getServerCredential(Subject subject)
          Returns the GSSCredential the server uses for pre-authentication.
(package private) static GSSName getServerName(URL url)
          Returns the GSSName constructed out of the passed-in URL object.
static CallbackHandler getUsernamePasswordHandler(String username, String password)
          Used by the BASIC Auth mechanism for establishing a LoginContext to authenticate a client/caller/request.
(package private) static SpnegoAuthScheme negotiate(javax.servlet.http.HttpServletRequest req, SpnegoHttpServletResponse resp, boolean basicSupported, boolean promptIfNtlm, String realm)
          Returns the SpnegoAuthScheme mechanism used to authenticate the request.
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

LOGGER

static final Logger LOGGER
Default LOGGER.


MANAGER

static final GSSManager MANAGER
Factory for GSS-API mechanism.


SPNEGO_OID

static final Oid SPNEGO_OID
GSS-API mechanism "1.3.6.1.5.5.2".

Constructor Detail

SpnegoProvider

private SpnegoProvider()
Method Detail

negotiate

static SpnegoAuthScheme negotiate(javax.servlet.http.HttpServletRequest req,
                                  SpnegoHttpServletResponse resp,
                                  boolean basicSupported,
                                  boolean promptIfNtlm,
                                  String realm)
                           throws IOException
Returns the SpnegoAuthScheme mechanism used to authenticate the request.

This method may return null in which case you must check the HTTP Status Code to determine if additional processing is required.
For example, if req. did not contain the SpnegoConstants.AUTHZ_HEADER, the HTTP Status Code SC_UNAUTHORIZED will be set and the client must send authentication information on the next request.

Parameters:
req - servlet request
resp - servlet response
basicSupported - pass true to offer/allow BASIC Authentication
promptIfNtlm - pass true ntlm request should be downgraded
realm - should be the realm the server used to pre-authenticate
Returns:
null if negotiation needs to continue or failed
Throws:
IOException

getClientCredential

public static GSSCredential getClientCredential(Subject subject)
                                         throws PrivilegedActionException
Returns the GSS-API interface for creating a security context.

Parameters:
subject - the person to be authenticated
Returns:
GSSCredential to be used for creating a security context.
Throws:
PrivilegedActionException

getGSSContext

public static GSSContext getGSSContext(GSSCredential creds,
                                       URL url)
                                throws GSSException
Returns a GSSContext to be used by custom clients to set data integrity requirements, confidentiality and if mutual authentication is required.

Parameters:
creds - credentials of the person to be authenticated
url - HTTP address of server (used for constructing a GSSName).
Returns:
GSSContext
Throws:
GSSException
PrivilegedActionException

getAuthScheme

public static SpnegoAuthScheme getAuthScheme(String header)
Returns the SpnegoAuthScheme or null if header is missing.

Throws UnsupportedOperationException if header is NOT Negotiate or Basic.

Parameters:
header - ex. Negotiate or Basic
Returns:
null if header missing/null else the auth scheme

getOid

private static Oid getOid()
Returns the Universal Object Identifier representation of the SPNEGO mechanism.

Returns:
Object Identifier of the GSS-API mechanism

getServerCredential

static GSSCredential getServerCredential(Subject subject)
                                  throws PrivilegedActionException
Returns the GSSCredential the server uses for pre-authentication.

Parameters:
subject - account server uses for pre-authentication
Returns:
credential that allows server to authenticate clients
Throws:
PrivilegedActionException

getServerName

static GSSName getServerName(URL url)
                      throws GSSException
Returns the GSSName constructed out of the passed-in URL object.

Parameters:
url - HTTP address of server
Returns:
GSSName of URL.
Throws:
GSSException

getUsernamePasswordHandler

public static CallbackHandler getUsernamePasswordHandler(String username,
                                                         String password)
Used by the BASIC Auth mechanism for establishing a LoginContext to authenticate a client/caller/request.

Parameters:
username - client username
password - client password
Returns:
CallbackHandler to be used for establishing a LoginContext