Package org.silverpeas.sso.kerberos.spnego

Interface DelegateServletRequest

  • All Superinterfaces:
    javax.servlet.ServletRequest
    public interface DelegateServletRequest
extends javax.servlet.ServletRequest
    The default installation of Internet Explorer and Active Directory allow the user's/requester's credential to be delegated.

    By default, SpnegoHttpURLConnection has delegation set to false. To allow delegation, call the requestCredDeleg method on the SpnegoHttpURLConnection instance.

    Also, the server/service's pre-authentication account must be specified as "Account is trusted for delegation" in Active Directory.

    Finally, the server/service's spnego servlet init params must be specified to allow credential delegation by setting the property spnego.allow.delegation to true (false by default).

    Custom client programs may request their credential to be delegated by calling the requestCredDeleg on their instance of GSSContext.

    Java Application Servers can obtain the delegated credential by casting the HTTP request.

    Example usage: 

         if (request instanceof DelegateServletRequest) {
         DelegateServletRequest dsr = (DelegateServletRequest) request;
         GSSCredential creds = dsr.getDelegatedCredential();
         ...
     }

    To see a working example and instructions, take a look at the credential delegation example.

    Author:
    Darwin V. Felix

    • Method Summary

      All Methods Instance Methods Abstract Methods 
      Modifier and Type Method Description
      GSSCredential getDelegatedCredential()
      Returns the requester's delegated credential.

      • Methods inherited from interface javax.servlet.ServletRequest

        getAsyncContext, getAttribute, getAttributeNames, getCharacterEncoding, getContentLength, getContentLengthLong, getContentType, getDispatcherType, getInputStream, getLocalAddr, getLocale, getLocales, getLocalName, getLocalPort, getParameter, getParameterMap, getParameterNames, getParameterValues, getProtocol, getReader, getRealPath, getRemoteAddr, getRemoteHost, getRemotePort, getRequestDispatcher, getScheme, getServerName, getServerPort, getServletContext, isAsyncStarted, isAsyncSupported, isSecure, removeAttribute, setAttribute, setCharacterEncoding, startAsync, startAsync

    • Method Detail

      • getDelegatedCredential

        GSSCredential getDelegatedCredential()
        Returns the requester's delegated credential.

        Returns null if request has no delegated credential or if delegated credentials are not supported.

        Returns:
        delegated credential or null