CurrentWindowsIdentityAuthenticator (SPNEGO/Kerberos Authenticator and Active Directory Realm for Apache Tomcat 3.5 API)

java.lang.Object
- org.apache.catalina.util.LifecycleBase
- - org.apache.catalina.util.LifecycleMBeanBase
  - - org.apache.catalina.valves.ValveBase
    - - org.apache.catalina.authenticator.AuthenticatorBase
      - net.sf.michaelo.tomcat.authenticator.CurrentWindowsIdentityAuthenticator

All Implemented Interfaces:

MBeanRegistration, javax.security.auth.message.config.RegistrationListener, Authenticator, Contained, JmxEnabled, Lifecycle, Valve
```
public class CurrentWindowsIdentityAuthenticator
extends AuthenticatorBase
```
A Windows Identity Authenticator which uses GSS-API to retrieve to currently logged in user. This authenticator requires a realm which implements the GSSRealm interface.

Version:

$Id: CurrentWindowsIdentityAuthenticator.java 347 2019-12-20 11:10:04Z michael-o $

Nested Class Summary
- Nested classes/interfaces inherited from class org.apache.catalina.authenticator.AuthenticatorBase
  AuthenticatorBase.AllowCorsPreflight
- Nested classes/interfaces inherited from interface org.apache.catalina.Lifecycle
  Lifecycle.SingleUse

Field Summary

Fields
Modifier and Type	Field and Description
`protected static String`	`CURRENT_WINDOWS_IDENTITY_AUTH_SCHEME`
`protected static String`	`CURRENT_WINDOWS_IDENTITY_METHOD`
`protected static Oid`	`KRB5_MECHANISM`
`protected Log`	`logger`
`protected StringManager`	`sm`
`protected static Oid`	`SPNEGO_MECHANISM`

Fields inherited from class org.apache.catalina.authenticator.AuthenticatorBase
alwaysUseSession, AUTH_HEADER_NAME, cache, changeSessionIdOnAuthentication, context, disableProxyCaching, jaspicCallbackHandlerClass, REALM_NAME, securePagesWithPragma, secureRandomAlgorithm, secureRandomClass, secureRandomProvider, sendAuthInfoResponseHeaders, sessionIdGenerator, sso

Fields inherited from class org.apache.catalina.valves.ValveBase
asyncSupported, container, containerLog, next

Fields inherited from class org.apache.catalina.util.LifecycleMBeanBase
mserver

Fields inherited from interface org.apache.catalina.Lifecycle
AFTER_DESTROY_EVENT, AFTER_INIT_EVENT, AFTER_START_EVENT, AFTER_STOP_EVENT, BEFORE_DESTROY_EVENT, BEFORE_INIT_EVENT, BEFORE_START_EVENT, BEFORE_STOP_EVENT, CONFIGURE_START_EVENT, CONFIGURE_STOP_EVENT, PERIODIC_EVENT, START_EVENT, STOP_EVENT

Constructor Summary

Constructors
Constructor and Description

CurrentWindowsIdentityAuthenticator()

Constructors
Constructor and Description
`CurrentWindowsIdentityAuthenticator()`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`protected boolean`	`doAuthenticate(Request request, javax.servlet.http.HttpServletResponse response)`
`protected String`	`getAuthMethod()`
`String`	`getLoginEntryName()` Returns the configured login entry name.
`boolean`	`isErrorMessagesAsHeaders()` Indicates whether error messages will be responded as headers.
`boolean`	`isOmitErrorMessages()` Indicates whether error messages are responded to the client.
`boolean`	`isStoreDelegatedCredential()` Indicates whether client's (initiator's) delegated credential is stored in the user principal.
`protected void`	`respondErrorMessage(Request request, javax.servlet.http.HttpServletResponse response, int statusCode, String messageKey, Object... params)`
`protected void`	`sendInternalServerError(Request request, javax.servlet.http.HttpServletResponse response, String messageKey, Object... params)`
`protected void`	`sendUnauthorized(Request request, javax.servlet.http.HttpServletResponse response, String scheme)`
`protected void`	`sendUnauthorized(Request request, javax.servlet.http.HttpServletResponse response, String scheme, String messageKey, Object... params)`
`void`	`setErrorMessagesAsHeaders(boolean errorMessagesAsHeaders)` Sets whether error messages will be returned as headers.
`void`	`setLoginEntryName(String loginEntryName)` Sets the login entry name which establishes the security context.
`void`	`setOmitErrorMessages(boolean omitErrorMessages)` Sets whether error messages are responded to the client.
`void`	`setStoreDelegatedCredential(boolean storeDelegatedCredential)` Sets whether client's (initiator's) delegated credential is stored in the user principal.

Methods inherited from class org.apache.catalina.authenticator.AuthenticatorBase
allowCorsPreflightBypass, associate, authenticate, changeSessionID, checkForCachedAuthentication, doLogin, getAllowCorsPreflight, getAlwaysUseSession, getCache, getChangeSessionIdOnAuthentication, getContainer, getDisableProxyCaching, getJaspicCallbackHandlerClass, getRealmName, getRequestCertificates, getSecurePagesWithPragma, getSecureRandomAlgorithm, getSecureRandomClass, getSecureRandomProvider, invoke, isContinuationRequired, isSendAuthInfoResponseHeaders, login, logout, notify, reauthenticateFromSSO, register, register, setAllowCorsPreflight, setAlwaysUseSession, setCache, setChangeSessionIdOnAuthentication, setContainer, setDisableProxyCaching, setJaspicCallbackHandlerClass, setSecurePagesWithPragma, setSecureRandomAlgorithm, setSecureRandomClass, setSecureRandomProvider, setSendAuthInfoResponseHeaders, startInternal, stopInternal

Methods inherited from class org.apache.catalina.valves.ValveBase
backgroundProcess, getDomainInternal, getNext, getObjectNameKeyProperties, initInternal, isAsyncSupported, setAsyncSupported, setNext, toString

Methods inherited from class org.apache.catalina.util.LifecycleMBeanBase
destroyInternal, getDomain, getObjectName, postDeregister, postRegister, preDeregister, preRegister, register, setDomain, unregister

Methods inherited from class org.apache.catalina.util.LifecycleBase
addLifecycleListener, destroy, findLifecycleListeners, fireLifecycleEvent, getState, getStateName, getThrowOnFailure, init, removeLifecycleListener, setState, setState, setThrowOnFailure, start, stop

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

CURRENT_WINDOWS_IDENTITY_METHOD

protected static final String CURRENT_WINDOWS_IDENTITY_METHOD

See Also:: Constant Field Values

CURRENT_WINDOWS_IDENTITY_AUTH_SCHEME

protected static final String CURRENT_WINDOWS_IDENTITY_AUTH_SCHEME

See Also:: Constant Field Values

logger
```
protected final Log logger
```

sm
```
protected final StringManager sm
```

KRB5_MECHANISM

protected static final Oid KRB5_MECHANISM

SPNEGO_MECHANISM

protected static final Oid SPNEGO_MECHANISM

Constructor Detail
- CurrentWindowsIdentityAuthenticator
```
public CurrentWindowsIdentityAuthenticator()
```

Method Detail

doAuthenticate

protected boolean doAuthenticate(Request request,
                                 javax.servlet.http.HttpServletResponse response)
                          throws IOException

Specified by:: doAuthenticate in class AuthenticatorBase
Throws:: IOException

getAuthMethod
```
protected String getAuthMethod()
```
Specified by:

getAuthMethod in class AuthenticatorBase

setLoginEntryName
```
public void setLoginEntryName(String loginEntryName)
```
Sets the login entry name which establishes the security context.

Parameters:

loginEntryName - the login entry name

getLoginEntryName
```
public String getLoginEntryName()
```
Returns the configured login entry name.

Returns:

the login entry name

isOmitErrorMessages
```
public boolean isOmitErrorMessages()
```
Indicates whether error messages are responded to the client.

Returns:

indicator for error message omission

setOmitErrorMessages
```
public void setOmitErrorMessages(boolean omitErrorMessages)
```
Sets whether error messages are responded to the client.

Parameters:

omitErrorMessages - indicator to error omit messages

isErrorMessagesAsHeaders
```
public boolean isErrorMessagesAsHeaders()
```
Indicates whether error messages will be responded as headers.

Returns:

indicates whether error messages will be responded as headers

setErrorMessagesAsHeaders
```
public void setErrorMessagesAsHeaders(boolean errorMessagesAsHeaders)
```
Sets whether error messages will be returned as headers.
It is not always desired or necessary to produce an error page, e.g., non-human clients do not analyze it anyway but have to consume the response (wasted time and resources). When a client issues a request, the server will write the error messages to either one header: Auth-Error or Server-Error.
Technically speaking, HttpServletResponse.setStatus(int) will be called instead of HttpServletResponse.sendError(int, String).

Parameters:

errorMessagesAsHeaders - indicates whether error messages will be responded as headers

isStoreDelegatedCredential
```
public boolean isStoreDelegatedCredential()
```
Indicates whether client's (initiator's) delegated credential is stored in the user principal.

Returns:

indicates whether client's (initiator's) delegated credential is stored in the user principal.

setStoreDelegatedCredential
```
public void setStoreDelegatedCredential(boolean storeDelegatedCredential)
```
Sets whether client's (initiator's) delegated credential is stored in the user principal.

Parameters:

storeDelegatedCredential - the store delegated credential indication

respondErrorMessage

protected void respondErrorMessage(Request request,
                                   javax.servlet.http.HttpServletResponse response,
                                   int statusCode,
                                   String messageKey,
                                   Object... params)
                            throws IOException

Throws:: IOException

sendInternalServerError

protected void sendInternalServerError(Request request,
                                       javax.servlet.http.HttpServletResponse response,
                                       String messageKey,
                                       Object... params)
                                throws IOException

Throws:: IOException

sendUnauthorized

protected void sendUnauthorized(Request request,
                                javax.servlet.http.HttpServletResponse response,
                                String scheme)
                         throws IOException

Throws:: IOException

sendUnauthorized

protected void sendUnauthorized(Request request,
                                javax.servlet.http.HttpServletResponse response,
                                String scheme,
                                String messageKey,
                                Object... params)
                         throws IOException

Throws:: IOException

Class CurrentWindowsIdentityAuthenticator

Nested Class Summary

Nested classes/interfaces inherited from class org.apache.catalina.authenticator.AuthenticatorBase

Nested classes/interfaces inherited from interface org.apache.catalina.Lifecycle

Field Summary

Fields inherited from class org.apache.catalina.authenticator.AuthenticatorBase

Fields inherited from class org.apache.catalina.valves.ValveBase

Fields inherited from class org.apache.catalina.util.LifecycleMBeanBase

Fields inherited from interface org.apache.catalina.Lifecycle

Constructor Summary

Method Summary

Methods inherited from class org.apache.catalina.authenticator.AuthenticatorBase

Methods inherited from class org.apache.catalina.valves.ValveBase

Methods inherited from class org.apache.catalina.util.LifecycleMBeanBase

Methods inherited from class org.apache.catalina.util.LifecycleBase

Methods inherited from class java.lang.Object

Field Detail

CURRENT_WINDOWS_IDENTITY_METHOD

CURRENT_WINDOWS_IDENTITY_AUTH_SCHEME

logger

sm

KRB5_MECHANISM

SPNEGO_MECHANISM

Constructor Detail

CurrentWindowsIdentityAuthenticator

Method Detail

doAuthenticate

getAuthMethod

setLoginEntryName

getLoginEntryName

isOmitErrorMessages

setOmitErrorMessages

isErrorMessagesAsHeaders

setErrorMessagesAsHeaders

isStoreDelegatedCredential

setStoreDelegatedCredential

respondErrorMessage

sendInternalServerError

sendUnauthorized

sendUnauthorized