public class KerberosAuthenticationHandler extends Object implements AuthenticationHandler
KerberosAuthenticationHandler implements the Kerberos SPNEGO
 authentication mechanism for HTTP.
 The supported configuration properties are:
HTTP/${HOSTNAME}@{REALM}. The realm can be omitted from the
 principal as the JDK GSS libraries will use the realm name of the configured
 default realm.
 It does not have a default value.KerberosName.setRules(String)| Modifier and Type | Field and Description | 
|---|---|
| static String | KEYTABConstant for the configuration property that indicates the keytab
 file path. | 
| static org.slf4j.Logger | LOG | 
| static String | NAME_RULESConstant for the configuration property that indicates the Kerberos name
 rules for the Kerberos principals. | 
| static String | PRINCIPALConstant for the configuration property that indicates the kerberos
 principal. | 
| static String | RULE_MECHANISMConstant for the configuration property that indicates how auth_to_local
 rules are evaluated. | 
| static String | TYPEConstant that identifies the authentication mechanism. | 
WWW_AUTHENTICATE| Constructor and Description | 
|---|
| KerberosAuthenticationHandler()Creates a Kerberos SPNEGO authentication handler with the default
 auth-token type,  kerberos. | 
| KerberosAuthenticationHandler(String type)Creates a Kerberos SPNEGO authentication handler with a custom auth-token
 type. | 
| Modifier and Type | Method and Description | 
|---|---|
| AuthenticationToken | authenticate(javax.servlet.http.HttpServletRequest request,
            javax.servlet.http.HttpServletResponse response)It enforces the the Kerberos SPNEGO authentication sequence returning an
  AuthenticationTokenonly after the Kerberos SPNEGO sequence has
 completed successfully. | 
| void | destroy()Releases any resources initialized by the authentication handler. | 
| protected String | getKeytab()Returns the keytab used by the authentication handler. | 
| protected Set<KerberosPrincipal> | getPrincipals()Returns the Kerberos principals used by the authentication handler. | 
| String | getType()Returns the authentication type of the authentication handler, 'kerberos'. | 
| void | init(Properties config)Initializes the authentication handler instance. | 
| boolean | managementOperation(AuthenticationToken token,
                   javax.servlet.http.HttpServletRequest request,
                   javax.servlet.http.HttpServletResponse response)This is an empty implementation, it always returns  TRUE. | 
public static final org.slf4j.Logger LOG
public static final String TYPE
public static final String PRINCIPAL
public static final String KEYTAB
public static final String NAME_RULES
public static final String RULE_MECHANISM
public KerberosAuthenticationHandler()
kerberos.public KerberosAuthenticationHandler(String type)
type - auth-token type.public void init(Properties config) throws javax.servlet.ServletException
It creates a Kerberos context using the principal and keytab specified in the configuration.
 This method is invoked by the AuthenticationFilter.init(javax.servlet.FilterConfig) method.
init in interface AuthenticationHandlerconfig - configuration properties to initialize the handler.javax.servlet.ServletException - thrown if the handler could not be initialized.public void destroy()
It destroys the Kerberos context.
destroy in interface AuthenticationHandlerpublic String getType()
getType in interface AuthenticationHandlerprotected Set<KerberosPrincipal> getPrincipals()
protected String getKeytab()
public boolean managementOperation(AuthenticationToken token, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws IOException, AuthenticationException
TRUE.managementOperation in interface AuthenticationHandlertoken - the authentication token if any, otherwise NULL.request - the HTTP client request.response - the HTTP client response.TRUEIOException - it is never thrown.AuthenticationException - it is never thrown.public AuthenticationToken authenticate(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) throws IOException, AuthenticationException
AuthenticationToken only after the Kerberos SPNEGO sequence has
 completed successfully.authenticate in interface AuthenticationHandlerrequest - the HTTP client request.response - the HTTP client response.null if it is in progress (in this case the handler
 handles the response to the client).IOException - thrown if an IO error occurred.AuthenticationException - thrown if Kerberos SPNEGO sequence failed.Copyright © 2008–2023 Apache Software Foundation. All rights reserved.