Package org.codelibs.spnego

Class SpnegoHttpFilter.Constants

  • Enclosing class:
    SpnegoHttpFilter
    public static final class SpnegoHttpFilter.Constants
extends Object
    Defines constants and parameter names that are used in the web.xml file, and HTTP request headers, etc.

    This class is primarily used internally or by implementers of custom http clients and by SpnegoFilterConfig.

    • Field Detail

      • ALLOW_BASIC

        public static final String ALLOW_BASIC
        Servlet init param name in web.xml spnego.allow.basic.

        Set this value to true in web.xml if the filter should allow Basic Authentication.

        It is recommended that you only allow Basic Authentication if you have clients that cannot perform Kerberos authentication. Also, you should consider requiring SSL/TLS by setting spnego.allow.unsecure.basic to false.

        See Also:
        Constant Field Values

      • ALLOW_DELEGATION

        public static final String ALLOW_DELEGATION
        Servlet init param name in web.xml spnego.allow.delegation.

        Set this value to true if server should support credential delegation requests.

        Take a look at the DelegateServletRequest for more information about other pre-requisites.

        See Also:
        Constant Field Values

      • ALLOW_LOCALHOST

        public static final String ALLOW_LOCALHOST
        Servlet init param name in web.xml spnego.allow.localhost.

        Flag to indicate if requests coming from http://localhost or http://127.0.0.1 should not be authenticated using Kerberos.

        This feature helps to obviate the requirement of creating an SPN for developer machines.

        See Also:
        Constant Field Values

      • ALLOW_UNSEC_BASIC

        public static final String ALLOW_UNSEC_BASIC
        Servlet init param name in web.xml spnego.allow.unsecure.basic.

        Set this value to false in web.xml if the filter should reject connections that do not use SSL/TLS.

        See Also:
        Constant Field Values

      • AUTHN_HEADER

        public static final String AUTHN_HEADER
        HTTP Response Header WWW-Authenticate.

        The filter will respond with this header with a value of "Basic" and/or "Negotiate" (based on web.xml file).

        See Also:
        Constant Field Values

      • AUTHZ_HEADER

        public static final String AUTHZ_HEADER
        HTTP Request Header Authorization.

        Clients should send this header where the value is the authentication token(s).

        See Also:
        Constant Field Values

      • BASIC_HEADER

        public static final String BASIC_HEADER
        HTTP Response Header Basic.

        The filter will set this as the value for the "WWW-Authenticate" header if "Basic" auth is allowed (based on web.xml file).

        See Also:
        Constant Field Values

      • CLIENT_MODULE

        public static final String CLIENT_MODULE
        Servlet init param name in web.xml spnego.login.client.module.

        The LoginModule name that exists in the login.conf file.

        See Also:
        Constant Field Values

      • EXCLUDE_DIRS

        public static final String EXCLUDE_DIRS
        Servlet init param name in web.xml spnego.exclude.dirs.

        A List of URL paths, starting at the context root, that should NOT undergo authentication (authN).

        See Also:
        Constant Field Values

      • KRB5_CONF

        public static final String KRB5_CONF
        Servlet init param name in web.xml spnego.krb5.conf.

        The location of the krb5.conf file. On Windows, this file will sometimes be named krb5.ini and reside %WINDOWS_ROOT%/krb5.ini here.

        By default, Java looks for the file in these locations and order:

        • System Property (java.security.krb5.conf)
        • %JAVA_HOME%/lib/security/krb5.conf
        • %WINDOWS_ROOT%/krb5.ini
        See Also:
        Constant Field Values

      • LOGGER_LEVEL

        public static final String LOGGER_LEVEL
        Specify logging level. 
         1 = FINEST
 2 = FINER
 3 = FINE
 4 = CONFIG
 5 = INFO
 6 = WARNING
 7 = SEVERE
        See Also:
        Constant Field Values

      • LOGGER_NAME

        public static final String LOGGER_NAME
        Name of Spnego Logger.

        Example: Logger.getLogger(Constants.LOGGER_NAME)

        See Also:
        Constant Field Values

      • LOGIN_CONF

        public static final String LOGIN_CONF
        Servlet init param name in web.xml spnego.login.conf.

        The location of the login.conf file.

        See Also:
        Constant Field Values

      • NEGOTIATE_HEADER

        public static final String NEGOTIATE_HEADER
        HTTP Response Header Negotiate.

        The filter will set this as the value for the "WWW-Authenticate" header. Note that the filter may also add another header with a value of "Basic" (if allowed by the web.xml file).

        See Also:
        Constant Field Values

      • PREAUTH_PASSWORD

        public static final String PREAUTH_PASSWORD
        Servlet init param name in web.xml spnego.preauth.password.

        Network Domain password. For Windows, this is sometimes known as the Windows NT password.

        See Also:
        Constant Field Values

      • PREAUTH_USERNAME

        public static final String PREAUTH_USERNAME
        Servlet init param name in web.xml spnego.preauth.username.

        Network Domain username. For Windows, this is sometimes known as the Windows NT username.

        See Also:
        Constant Field Values

      • PROMPT_NTLM

        public static final String PROMPT_NTLM
        If server receives an NTLM token, the filter will return with a 401 and with Basic as the only option (no Negotiate) spnego.prompt.ntlm.
        See Also:
        Constant Field Values

      • SERVER_MODULE

        public static final String SERVER_MODULE
        Servlet init param name in web.xml spnego.login.server.module.

        The LoginModule name that exists in the login.conf file.

        See Also:
        Constant Field Values