[jboss-user] [Security & JAAS/JBoss] - Combining SPNEGO with custom made authentication?

chausberger do-not-reply at jboss.com
Tue Aug 5 07:51:25 EDT 2008


we want to integrate SPNEGO via JBoss Negotiation into our software.

Currently our systems works like this:
We set an apache in front of JBoss and use Basic authentication. If the users goes straight to the JBoss Webserver without going over Apache, a login formular is presentet.

To check this, the software checks the HTTP header if Basis authentification was done and if not presents the login formular.
This is all done in a Struts 1.3 action.

We now plan to to the same with SPNEGO. That is, if SPNEGO works, no login formular will be shown. If SPNEGO fails or is not available, the login formular should be shown.

Is there a way to check in the HTTP Header if SPNEGO was successful or done at all?

Another idea that came to my mind is to enable SPNEGO for our application and then try to get the Principal in the above mentioned Struts action. If it's not null, SPNEGO should have been successful. Not sure if this would work.


View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4168711#4168711

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4168711

More information about the jboss-user mailing list