net.sourceforge.spnego

Class SpnegoFilterConfig

java.lang.Object

net.sourceforge.spnego.SpnegoFilterConfig

public final class SpnegoFilterConfig
extends Object

Class that applies/enforces web.xml init params.

These properties are set in the servlet's init params in the web.xml file.

This class also validates if a keyTab should be used and if all of the LoginModule options have been set.

To see a working example and instructions on how to use a keytab, take a look at the creating a server keytab example.

The class should be used as a Singleton:
SpnegoFilterConfig config = SpnegoFilterConfig.getInstance(filter);

See an example web.xml configuration in the installing on tomcat documentation.

Author:

Darwin V. Felix

Field Summary

Fields

Modifier and Type	Field and Description
private boolean	allowBasic true if Basic auth should be offered.
private boolean	allowDelegation true if server should support credential delegation requests.
private boolean	allowLocalhost true if request from localhost should not be authenticated.
private boolean	allowUnsecure true if non-ssl for basic auth is allowed.
private boolean	canUseKeyTab true if all req.
private String	clientLoginModule name of the client login module.
private String	excludeDirs url directory path(s) that should NOT undergo authentication.
private static SpnegoFilterConfig	instance
private static Logger	LOGGER
private static String	MISSING_PROPERTY
private String	password password to domain account.
private boolean	promptNtlm true if instead of err on ntlm token, prompt for username/pass.
private String	serverLoginModule name of the server login module.
private String	username domain account to use for pre-authentication.

Constructor Summary

Constructors

Modifier	Constructor and Description
private	SpnegoFilterConfig()
private	SpnegoFilterConfig(javax.servlet.FilterConfig config) Class is a Singleton.

Method Summary

Modifier and Type	Method and Description
private static String	clean(String path)
private void	doClientModule(String moduleName)
private void	doServerModule(String moduleName) Set the canUseKeyTab flag by determining if all LoginModule options have been set.
(package private) boolean	downgradeNtlm() Returns true if a client sends an NTLM token and the filter should ask client for a Basic Auth token instead.
(package private) String	getClientLoginModule() Return the value defined in the servlet's init params in the web.xml file.
(package private) List<String>	getExcludeDirs() Return the value defined in the servlet's init params in the web.xml file as a List object.
static SpnegoFilterConfig	getInstance(javax.servlet.FilterConfig config) Returns the instance of the servlet's config parameters.
(package private) String	getPreauthPassword() Return the password to the pre-authentication domain account.
(package private) String	getPreauthUsername() Return the name of the pre-authentication domain account.
(package private) String	getServerLoginModule() Return the value defined in the servlet's init params in the web.xml file.
(package private) boolean	isBasicAllowed() Returns true if Basic Authentication is allowed.
(package private) boolean	isDelegationAllowed() Returns true if the server should support credential delegation requests.
(package private) boolean	isLocalhostAllowed() Returns true if requests from localhost are allowed.
(package private) boolean	isUnsecureAllowed() Returns true if SSL/TLS is required.
private boolean	loginConfExists(String loginconf)
private boolean	moduleExists(String side, String moduleName)
private void	setBasicSupport(String basic, String unsecure) Specify if Basic authentication is allowed and if un-secure/non-ssl Basic should be allowed.
private void	setLogLevel(String level) Specify the logging level.
private void	setNtlmSupport(String ntlm) If request contains NTLM token, specify if a 401 should be sent back to client with Basic Auth as the only available authentication scheme.
private void	setUsernamePassword(String usr, String psswrd) Set the username and password if specified in web.xml's init params.
private static List<String>	split(String dirs)
String	toString()
(package private) boolean	useKeyTab() Returns true if LoginContext should use keyTab.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

LOGGER

private static final Logger LOGGER

MISSING_PROPERTY

private static final String MISSING_PROPERTY

See Also:

Constant Field Values

instance

private static transient SpnegoFilterConfig instance

allowBasic

private transient boolean allowBasic

true if Basic auth should be offered.

allowDelegation

private transient boolean allowDelegation

true if server should support credential delegation requests.

allowLocalhost

private transient boolean allowLocalhost

true if request from localhost should not be authenticated.

allowUnsecure

private transient boolean allowUnsecure

true if non-ssl for basic auth is allowed.

canUseKeyTab

private transient boolean canUseKeyTab

true if all req. login module options set.

clientLoginModule

private transient String clientLoginModule

name of the client login module.

excludeDirs

private transient String excludeDirs

url directory path(s) that should NOT undergo authentication.

password

private transient String password

password to domain account.

promptNtlm

private transient boolean promptNtlm

true if instead of err on ntlm token, prompt for username/pass.

serverLoginModule

private transient String serverLoginModule

name of the server login module.

username

private transient String username

domain account to use for pre-authentication.

Constructor Detail

SpnegoFilterConfig

private SpnegoFilterConfig()

SpnegoFilterConfig

private SpnegoFilterConfig(javax.servlet.FilterConfig config)
                    throws FileNotFoundException,
                           URISyntaxException

Class is a Singleton. Use the static getInstance() method.

Throws:

FileNotFoundException

URISyntaxException

Method Detail

doClientModule

private void doClientModule(String moduleName)

doServerModule

private void doServerModule(String moduleName)

Set the canUseKeyTab flag by determining if all LoginModule options have been set.

 my-spnego-login-module {
      com.sun.security.auth.module.Krb5LoginModule
      required
      storeKey=true
      useKeyTab=true
      keyTab="file:///C:/my_path/my_file.keytab"
      principal="my_preauth_account";
 };
 

Parameters:

moduleName -

downgradeNtlm

boolean downgradeNtlm()

Returns true if a client sends an NTLM token and the filter should ask client for a Basic Auth token instead.

Returns:

true if client should be prompted for Basic Auth

getClientLoginModule

String getClientLoginModule()

Return the value defined in the servlet's init params in the web.xml file.

Returns:

the name of the login module for the client

getExcludeDirs

List<String> getExcludeDirs()

Return the value defined in the servlet's init params in the web.xml file as a List object.

Returns:

a List of directories to exclude

getPreauthPassword

String getPreauthPassword()

Return the password to the pre-authentication domain account.

Returns:

password of pre-auth domain account

getPreauthUsername

String getPreauthUsername()

Return the name of the pre-authentication domain account.

Returns:

name of pre-auth domain account

getServerLoginModule

String getServerLoginModule()

Return the value defined in the servlet's init params in the web.xml file.

Returns:

the name of the login module for the server

getInstance

public static SpnegoFilterConfig getInstance(javax.servlet.FilterConfig config)
                                      throws FileNotFoundException,
                                             URISyntaxException

Returns the instance of the servlet's config parameters.

Parameters:

config - FilterConfi from servlet's init method

Returns:

the instance of that represent the init params

Throws:

FileNotFoundException - if login conf file not found

URISyntaxException - if path to login conf is bad

isBasicAllowed

boolean isBasicAllowed()

Returns true if Basic Authentication is allowed.

Returns:

true if Basic Auth is allowed

isDelegationAllowed

boolean isDelegationAllowed()

Returns true if the server should support credential delegation requests.

Returns:

true if server supports credential delegation

isLocalhostAllowed

boolean isLocalhostAllowed()

Returns true if requests from localhost are allowed.

Returns:

true if requests from localhost are allowed

isUnsecureAllowed

boolean isUnsecureAllowed()

Returns true if SSL/TLS is required.

Returns:

true if SSL/TLS is required

loginConfExists

private boolean loginConfExists(String loginconf)
                         throws FileNotFoundException,
                                URISyntaxException

Throws:

FileNotFoundException

URISyntaxException

moduleExists

private boolean moduleExists(String side,
                             String moduleName)

setBasicSupport

private void setBasicSupport(String basic,
                             String unsecure)

Specify if Basic authentication is allowed and if un-secure/non-ssl Basic should be allowed.

Parameters:

basic - true if basic is allowed

unsecure - true if un-secure basic is allowed

setLogLevel

private void setLogLevel(String level)

Specify the logging level.

Parameters:

level - logging level

setNtlmSupport

private void setNtlmSupport(String ntlm)

If request contains NTLM token, specify if a 401 should be sent back to client with Basic Auth as the only available authentication scheme.

Parameters:

ntlm - true/false

setUsernamePassword

private void setUsernamePassword(String usr,
                                 String psswrd)

Set the username and password if specified in web.xml's init params.

Parameters:

usr - domain account

psswrd - the password to the domain account

Throws:

IllegalArgumentException - if user/pass AND keyTab set

useKeyTab

boolean useKeyTab()

Returns true if LoginContext should use keyTab.

Returns:

true if LoginContext should use keyTab.

clean

private static String clean(String path)

split

private static List<String> split(String dirs)

toString

public String toString()

Overrides:

toString in class Object