public abstract class AltKerberosAuthenticationHandler extends KerberosAuthenticationHandler
AltKerberosAuthenticationHandler behaves exactly the same way as
 the KerberosAuthenticationHandler, except that it allows for an
 alternative form of authentication for browsers while still using Kerberos
 for Java access.  This is an abstract class that should be subclassed
 to allow a developer to implement their own custom authentication for browser
 access.  The alternateAuthenticate method will be called whenever a request
 comes from a browser.| Modifier and Type | Field and Description | 
|---|---|
| static String | NON_BROWSER_USER_AGENTSConstant for the configuration property that indicates which user agents
 are not considered browsers (comma separated) | 
| static String | TYPEConstant that identifies the authentication mechanism. | 
KEYTAB, LOG, NAME_RULES, PRINCIPAL, RULE_MECHANISMWWW_AUTHENTICATE| Constructor and Description | 
|---|
| AltKerberosAuthenticationHandler() | 
| Modifier and Type | Method and Description | 
|---|---|
| abstract AuthenticationToken | alternateAuthenticate(javax.servlet.http.HttpServletRequest request,
                     javax.servlet.http.HttpServletResponse response)Subclasses should implement this method to provide the custom
 authentication to be used for browsers. | 
| AuthenticationToken | authenticate(javax.servlet.http.HttpServletRequest request,
            javax.servlet.http.HttpServletResponse response)It enforces the the Kerberos SPNEGO authentication sequence returning an
  AuthenticationTokenonly after the Kerberos SPNEGO sequence has
 completed successfully (in the case of Java access) and only after the
 custom authentication implemented by the subclass in alternateAuthenticate
 has completed successfully (in the case of browser access). | 
| String | getType()Returns the authentication type of the authentication handler,
 'alt-kerberos'. | 
| void | init(Properties config)Initializes the authentication handler instance. | 
| protected boolean | isBrowser(String userAgent)This method parses the User-Agent String and returns whether or not it
 refers to a browser. | 
destroy, getKeytab, getPrincipals, managementOperationpublic static final String TYPE
public static final String NON_BROWSER_USER_AGENTS
public String getType()
getType in interface AuthenticationHandlergetType in class KerberosAuthenticationHandlerpublic void init(Properties config) throws javax.servlet.ServletException
KerberosAuthenticationHandlerIt creates a Kerberos context using the principal and keytab specified in the configuration.
 This method is invoked by the AuthenticationFilter.init(javax.servlet.FilterConfig) method.
init in interface AuthenticationHandlerinit in class KerberosAuthenticationHandlerconfig - configuration properties to initialize the handler.javax.servlet.ServletException - thrown if the handler could not be initialized.public AuthenticationToken authenticate(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws IOException, AuthenticationException
AuthenticationToken only after the Kerberos SPNEGO sequence has
 completed successfully (in the case of Java access) and only after the
 custom authentication implemented by the subclass in alternateAuthenticate
 has completed successfully (in the case of browser access).authenticate in interface AuthenticationHandlerauthenticate in class KerberosAuthenticationHandlerrequest - the HTTP client request.response - the HTTP client response.IOException - thrown if an IO error occurredAuthenticationException - thrown if an authentication error occurredprotected boolean isBrowser(String userAgent)
A User-Agent String is considered to be a browser if it does not contain any of the values from alt-kerberos.non-browser.user-agents; the default behavior is to consider everything a browser unless it contains one of: "java", "curl", "wget", or "perl". Subclasses can optionally override this method to use different behavior.
userAgent - The User-Agent String, or null if there isn't onepublic abstract AuthenticationToken alternateAuthenticate(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws IOException, AuthenticationException
request - the HTTP client request.response - the HTTP client response.IOException - thrown if an IO error occursAuthenticationException - thrown if an authentication error occursCopyright © 2008–2023 Apache Software Foundation. All rights reserved.