[jboss-dev-forums] [Design of Security on JBoss] - Re: Negotiate with Kerberos
cdelashmutt
do-not-reply at jboss.com
Thu Aug 24 16:07:31 EDT 2006
At second glance, I think I realized why I didn't use Q13 in http://wiki.jboss.org/wiki/Wiki.jsp?page=AccessingServletRequestForAuthentication.
The issue is that SPNEGO is a multi-pass authentication. It is my understanding that it is the job of the callback handler to retrieve user credentials. That is why I put the phase 1 part of authentication into the callback handler. In this phase, I needed access not only to the request, but also the response so that the callback handler could send a proper response the to the browser to have it perform the next phase of the authentication. After the browser handles it's phase, I then can handle the final phase in the login module
Perhaps I'm interpreting the role of the callback handler improperly or too strictly?
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3967333#3967333
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3967333
More information about the jboss-dev-forums
mailing list