Package org.springframework.security.kerberos.web.authentication

Class SpnegoEntryPoint

java.lang.Object
org.springframework.security.kerberos.web.authentication.SpnegoEntryPoint
All Implemented Interfaces:
org.springframework.security.web.AuthenticationEntryPoint
public class SpnegoEntryPoint extends Object implements org.springframework.security.web.AuthenticationEntryPoint
Sends back a request for a Negotiate Authentication to the browser.

With optional configured forwardUrl it is possible to use form login as fallback authentication.

This approach enables security configuration to use SPNEGO in combination with login form as fallback for clients that do not support this kind of authentication. Set Response Code 401 - unauthorized and forward to login page. A useful scenario might be an environment where windows domain is present but it is required to access the application also from non domain client devices. One could use a combination with form based LDAP login.

See spnego-with-form-login.xml in spring-security-kerberos-sample for details

Since:
1.0
See Also:

  • Constructor Summary

    Constructors
    Constructor
    Description
    SpnegoEntryPoint()
    Instantiates a new spnego entry point.
    SpnegoEntryPoint(String forwardUrl)
    Instantiates a new spnego entry point.
    SpnegoEntryPoint(String forwardUrl, org.springframework.http.HttpMethod forwardMethod)
    Instantiates a new spnego entry point.

  • Method Summary

    Modifier and Type
    Method
    Description
    void
    commence(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, org.springframework.security.core.AuthenticationException ex)
     

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • SpnegoEntryPoint

      public SpnegoEntryPoint()
      Instantiates a new spnego entry point. Using this constructor the EntryPoint will Sends back a request for a Negotiate Authentication to the browser without providing a fallback mechanism for login, Use constructor with forwardUrl to provide form based login.

    • SpnegoEntryPoint

      public SpnegoEntryPoint(String forwardUrl)
      Instantiates a new spnego entry point. This constructor enables security configuration to use SPNEGO in combination with a fallback page (login form, custom 401 page ...). The forward method will be the same as the original request.
      Parameters:
      forwardUrl - URL where the login page can be found. Should be relative to the web-app context path (include a leading /) and can't be absolute URL.

    • SpnegoEntryPoint

      public SpnegoEntryPoint(String forwardUrl, org.springframework.http.HttpMethod forwardMethod)
      Instantiates a new spnego entry point. This constructor enables security configuration to use SPNEGO in combination a fallback page (login form, custom 401 page ...). The forward URL will be accessed via provided HTTP method.
      Parameters:
      forwardUrl - URL where the login page can be found. Should be relative to the web-app context path (include a leading /) and can't be absolute URL.
      forwardMethod - HTTP method to use when accessing the forward URL

  • Method Details

    • commence

      public void commence(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, org.springframework.security.core.AuthenticationException ex) throws IOException, jakarta.servlet.ServletException
      Specified by:
      commence in interface org.springframework.security.web.AuthenticationEntryPoint
      Throws:
      IOException
      jakarta.servlet.ServletException