java.lang.Object
org.springframework.security.kerberos.web.authentication.SpnegoEntryPoint
All Implemented Interfaces:
AuthenticationEntryPoint

public class SpnegoEntryPoint extends Object implements AuthenticationEntryPoint
Sends back a request for a Negotiate Authentication to the browser.

With optional configured forwardUrl it is possible to use form login as fallback authentication.

This approach enables security configuration to use SPNEGO in combination with login form as fallback for clients that do not support this kind of authentication. Set Response Code 401 - unauthorized and forward to login page. A useful scenario might be an environment where windows domain is present but it is required to access the application also from non domain client devices. One could use a combination with form based LDAP login.

See spnego-with-form-login.xml in spring-security-kerberos-sample for details

Since:
1.0
See Also:
  • Constructor Details

    • SpnegoEntryPoint

      public SpnegoEntryPoint()
      Instantiates a new spnego entry point. Using this constructor the EntryPoint will Sends back a request for a Negotiate Authentication to the browser without providing a fallback mechanism for login, Use constructor with forwardUrl to provide form based login.
    • SpnegoEntryPoint

      public SpnegoEntryPoint(String forwardUrl)
      Instantiates a new spnego entry point. This constructor enables security configuration to use SPNEGO in combination with a fallback page (login form, custom 401 page ...). The forward method will be the same as the original request.
      Parameters:
      forwardUrl - URL where the login page can be found. Should be relative to the web-app context path (include a leading /) and can't be absolute URL.
    • SpnegoEntryPoint

      public SpnegoEntryPoint(String forwardUrl, org.springframework.http.HttpMethod forwardMethod)
      Instantiates a new spnego entry point. This constructor enables security configuration to use SPNEGO in combination a fallback page (login form, custom 401 page ...). The forward URL will be accessed via provided HTTP method.
      Parameters:
      forwardUrl - URL where the login page can be found. Should be relative to the web-app context path (include a leading /) and can't be absolute URL.
      forwardMethod - HTTP method to use when accessing the forward URL
  • Method Details

    • commence

      public void commence(jakarta.servlet.http.HttpServletRequest request, jakarta.servlet.http.HttpServletResponse response, AuthenticationException ex) throws IOException, jakarta.servlet.ServletException
      Description copied from interface: AuthenticationEntryPoint
      Commences an authentication scheme.

      ExceptionTranslationFilter will populate the HttpSession attribute named AbstractAuthenticationProcessingFilter.SPRING_SECURITY_SAVED_REQUEST_KEY with the requested target URL before calling this method.

      Implementations should modify the headers on the ServletResponse as necessary to commence the authentication process.

      Specified by:
      commence in interface AuthenticationEntryPoint
      Parameters:
      request - that resulted in an AuthenticationException
      response - so that the user agent can begin authentication
      ex - that caused the invocation
      Throws:
      IOException
      jakarta.servlet.ServletException