Package org.springframework.security.kerberos.web.authentication

Class SpnegoEntryPoint

java.lang.Object

org.springframework.security.kerberos.web.authentication.SpnegoEntryPoint

All Implemented Interfaces:

AuthenticationEntryPoint

public class SpnegoEntryPoint
extends Object
implements AuthenticationEntryPoint

Sends back a request for a Negotiate Authentication to the browser.

With optional configured forwardUrl it is possible to use form login as fallback authentication.

This approach enables security configuration to use SPNEGO in combination with login form as fallback for clients that do not support this kind of authentication. Set Response Code 401 - unauthorized and forward to login page. A useful scenario might be an environment where windows domain is present but it is required to access the application also from non domain client devices. One could use a combination with form based LDAP login.

See spnego-with-form-login.xml in spring-security-kerberos-sample for details

Since:

1.0

See Also:

• SpnegoAuthenticationProcessingFilter

Constructor Summary

Constructors

Constructor	Description
SpnegoEntryPoint()	Instantiates a new spnego entry point.
SpnegoEntryPoint(String forwardUrl)	Instantiates a new spnego entry point.
SpnegoEntryPoint(String forwardUrl, org.springframework.http.HttpMethod forwardMethod)	Instantiates a new spnego entry point.

Method Summary

Modifier and Type	Method	Description
void	commence(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, AuthenticationException ex)	Commences an authentication scheme.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

SpnegoEntryPoint

public SpnegoEntryPoint()

Instantiates a new spnego entry point. Using this constructor the EntryPoint will Sends back a request for a Negotiate Authentication to the browser without providing a fallback mechanism for login, Use constructor with forwardUrl to provide form based login.

SpnegoEntryPoint

public SpnegoEntryPoint(String forwardUrl)

Instantiates a new spnego entry point. This constructor enables security configuration to use SPNEGO in combination with a fallback page (login form, custom 401 page ...). The forward method will be the same as the original request.

Parameters:

forwardUrl - URL where the login page can be found. Should be relative to the web-app context path (include a leading /) and can't be absolute URL.

SpnegoEntryPoint

public SpnegoEntryPoint(String forwardUrl,
 org.springframework.http.HttpMethod forwardMethod)

Instantiates a new spnego entry point. This constructor enables security configuration to use SPNEGO in combination a fallback page (login form, custom 401 page ...). The forward URL will be accessed via provided HTTP method.

Parameters:

forwardUrl - URL where the login page can be found. Should be relative to the web-app context path (include a leading /) and can't be absolute URL.

forwardMethod - HTTP method to use when accessing the forward URL

Method Details

commence

public void commence(jakarta.servlet.http.HttpServletRequest request,
 jakarta.servlet.http.HttpServletResponse response,
 AuthenticationException ex)
              throws IOException,
jakarta.servlet.ServletException

Description copied from interface: AuthenticationEntryPoint

Commences an authentication scheme.

ExceptionTranslationFilter will populate the HttpSession attribute named AbstractAuthenticationProcessingFilter.SPRING_SECURITY_SAVED_REQUEST_KEY with the requested target URL before calling this method.

Implementations should modify the headers on the ServletResponse as necessary to commence the authentication process.

Specified by:

commence in interface AuthenticationEntryPoint

Parameters:

request - that resulted in an AuthenticationException

response - so that the user agent can begin authentication

ex - that caused the invocation

Throws:

IOException

jakarta.servlet.ServletException