org.springframework.security.extensions.kerberos.web
Class SpnegoAuthenticationProcessingFilter

java.lang.Object
  extended by org.springframework.web.filter.GenericFilterBean
      extended by org.springframework.security.extensions.kerberos.web.SpnegoAuthenticationProcessingFilter
All Implemented Interfaces:
javax.servlet.Filter, BeanNameAware, DisposableBean, InitializingBean, ServletContextAware

public class SpnegoAuthenticationProcessingFilter
extends GenericFilterBean

Parses the SPNEGO authentication Header, which was generated by the browser and creates a KerberosServiceRequestToken out if it. It will then call the AuthenticationManager.

A typical Spring Security configuration might look like this:

 <beans xmlns="http://www.springframework.org/schema/beans"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:sec="http://www.springframework.org/schema/security"
        xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
                http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">

        <sec:http entry-point-ref="spnegoEntryPoint">
                <sec:intercept-url pattern="/secure/**" access="IS_AUTHENTICATED_FULLY" />
                <sec:custom-filter ref="spnegoAuthenticationProcessingFilter" position="BASIC_PROCESSING_FILTER" />
        </sec:http>

        <bean id="spnegoEntryPoint" class="org.springframework.security.extensions.kerberos.web.SpnegoEntryPoint" />

        <bean id="spnegoAuthenticationProcessingFilter"
                class="org.springframework.security.extensions.kerberos.web.SpnegoAuthenticationProcessingFilter">
                <property name="authenticationManager" ref="authenticationManager" />
        </bean>

        <sec:authentication-manager alias="authenticationManager">
                <sec:authentication-provider ref="kerberosServiceAuthenticationProvider" />
        </sec:authentication-manager>

        <bean id="kerberosServiceAuthenticationProvider"
                class="org.springframework.security.extensions.kerberos.KerberosServiceAuthenticationProvider">
                <property name="ticketValidator">
                        <bean class="org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator">
                                <property name="servicePrincipal" value="HTTP/web.springsource.com" />
                                <property name="keyTabLocation" value="classpath:http-java.keytab" />
                        </bean>
                </property>
                <property name="userDetailsService" ref="inMemoryUserDetailsService" />
        </bean>

        <bean id="inMemoryUserDetailsService"
                class="org.springframework.security.core.userdetails.memory.InMemoryDaoImpl">
                <property name="userProperties">
                        <value>
                                [email protected]=notUsed,ROLE_ADMIN
                        </value>
                </property>
        </bean>
 </beans>
 

Since:
1.0
Version:
$Id: SpnegoAuthenticationProcessingFilter.java 35 2009-09-03 18:15:03Z mwiesner $
Author:
Mike Wiesner
See Also:
KerberosServiceAuthenticationProvider, SpnegoEntryPoint

Field Summary
 
Fields inherited from class org.springframework.web.filter.GenericFilterBean
logger
 
Constructor Summary
SpnegoAuthenticationProcessingFilter()
           
 
Method Summary
 void afterPropertiesSet()
           
 void doFilter(javax.servlet.ServletRequest req, javax.servlet.ServletResponse res, javax.servlet.FilterChain chain)
           
 void setAuthenticationManager(AuthenticationManager authenticationManager)
          The authentication manager for validating the ticket.
 
Methods inherited from class org.springframework.web.filter.GenericFilterBean
addRequiredProperty, destroy, getFilterConfig, getFilterName, getServletContext, init, initBeanWrapper, initFilterBean, setBeanName, setServletContext
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

SpnegoAuthenticationProcessingFilter

public SpnegoAuthenticationProcessingFilter()
Method Detail

doFilter

public void doFilter(javax.servlet.ServletRequest req,
                     javax.servlet.ServletResponse res,
                     javax.servlet.FilterChain chain)
              throws IOException,
                     javax.servlet.ServletException
Throws:
IOException
javax.servlet.ServletException

setAuthenticationManager

public void setAuthenticationManager(AuthenticationManager authenticationManager)
The authentication manager for validating the ticket.

Parameters:
authenticationManager -

afterPropertiesSet

public void afterPropertiesSet()
                        throws javax.servlet.ServletException
Specified by:
afterPropertiesSet in interface InitializingBean
Overrides:
afterPropertiesSet in class GenericFilterBean
Throws:
javax.servlet.ServletException


Copyright © 2009 SpringSource, Inc. All Rights Reserved.