java.lang.Object
- org.silverpeas.sso.kerberos.spnego.KerberosSpnegoFilter.Constants

Enclosing class:

KerberosSpnegoFilter
```
public static final class KerberosSpnegoFilter.Constants
extends Object
```
Defines constants and parameter names that are used in the web.xml file, and HTTP request headers, etc.

This class is primarily used internally or by implementers of custom http clients and by SpnegoFilterConfig.

Field Summary

Fields
Modifier and Type	Field	Description
`static String`	`ALLOW_BASIC`	Servlet init param name in web.xml spnego.allow.basic.
`static String`	`ALLOW_DELEGATION`	Servlet init param name in web.xml spnego.allow.delegation.
`static String`	`ALLOW_LOCALHOST`	Servlet init param name in web.xml spnego.allow.localhost.
`static String`	`ALLOW_UNSEC_BASIC`	Servlet init param name in web.xml spnego.allow.unsecure.basic.
`static String`	`AUTHN_HEADER`	HTTP Response Header WWW-Authenticate.
`static String`	`AUTHZ_HEADER`	HTTP Request Header Authorization.
`static String`	`BASIC_HEADER`	HTTP Response Header Basic.
`static String`	`CLIENT_MODULE`	Servlet init param name in web.xml spnego.login.client.module.
`static String`	`KRB5_CONF`	Servlet init param name in web.xml spnego.krb5.conf.
`static String`	`LOGIN_CONF`	Servlet init param name in web.xml spnego.login.conf.
`static String`	`NEGOTIATE_HEADER`	HTTP Response Header Negotiate.
`static String`	`PREAUTH_PASSWORD`	Servlet init param name in web.xml spnego.preauth.password.
`static String`	`PREAUTH_USERNAME`	Servlet init param name in web.xml spnego.preauth.username.
`static String`	`PROMPT_NTLM`	If server receives an NTLM token, the filter will return with a 401 and with Basic as the only option (no Negotiate) spnego.prompt.ntlm.
`static String`	`SERVER_MODULE`	Servlet init param name in web.xml spnego.login.server.module.
`static String`	`THROW_TYPED_RUNTIME_EXCEPTION`	Servlet init param name in web.xml spnego.throw.typedRuntimeException.

Method Summary
- Methods inherited from class java.lang.Object
  clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Field Detail
  - THROW_TYPED_RUNTIME_EXCEPTION
```
public static final String THROW_TYPED_RUNTIME_EXCEPTION
```
    Servlet init param name in web.xml spnego.throw.typedRuntimeException.
    
    Set this value to true in web.xml if the filter should throw typed runtime exception instead of ServletException.
    
    If exception have to be handled in the server application it is recommended to set this parameter to true.
    
    See Also:
    
    Constant Field Values
  - ALLOW_BASIC
```
public static final String ALLOW_BASIC
```
    Servlet init param name in web.xml spnego.allow.basic.
    
    Set this value to true in web.xml if the filter should allow Basic Authentication.
    
    It is recommended that you only allow Basic Authentication if you have clients that cannot perform Kerberos authentication. Also, you should consider requiring SSL/TLS by setting spnego.allow.unsecure.basic to false.
    
    See Also:
    
    Constant Field Values
  - ALLOW_DELEGATION
```
public static final String ALLOW_DELEGATION
```
    Servlet init param name in web.xml spnego.allow.delegation.
    
    Set this value to true if server should support credential delegation requests.
    
    Take a look at the DelegateServletRequest for more information about other pre-requisites.
    
    See Also:
    
    Constant Field Values
  - ALLOW_LOCALHOST
```
public static final String ALLOW_LOCALHOST
```
    Servlet init param name in web.xml spnego.allow.localhost.
    
    Flag to indicate if requests coming from http://localhost or http://127.0.0.1 should not be authenticated using Kerberos.
    
    This feature helps to obviate the requirement of creating an SPN for developer machines.
    
    See Also:
    
    Constant Field Values
  - ALLOW_UNSEC_BASIC
```
public static final String ALLOW_UNSEC_BASIC
```
    Servlet init param name in web.xml spnego.allow.unsecure.basic.
    
    Set this value to false in web.xml if the filter should reject connections that do not use SSL/TLS.
    
    See Also:
    
    Constant Field Values
  - AUTHN_HEADER
```
public static final String AUTHN_HEADER
```
    HTTP Response Header WWW-Authenticate.
    
    The filter will respond with this header with a value of "Basic" and/or "Negotiate" (based on web.xml file).
    
    See Also:
    
    Constant Field Values
  - AUTHZ_HEADER
```
public static final String AUTHZ_HEADER
```
    HTTP Request Header Authorization.
    
    Clients should send this header where the value is the authentication token(s).
    
    See Also:
    
    Constant Field Values
  - BASIC_HEADER
```
public static final String BASIC_HEADER
```
    HTTP Response Header Basic.
    
    The filter will set this as the value for the "WWW-Authenticate" header if "Basic" auth is allowed (based on web.xml file).
    
    See Also:
    
    Constant Field Values
  - CLIENT_MODULE
```
public static final String CLIENT_MODULE
```
    Servlet init param name in web.xml spnego.login.client.module.
    
    The LoginModule name that exists in the login.conf file.
    
    See Also:
    
    Constant Field Values
  - KRB5_CONF
```
public static final String KRB5_CONF
```
    Servlet init param name in web.xml spnego.krb5.conf.
    
    The location of the krb5.conf file. On Windows, this file will sometimes be named krb5.ini and reside %WINDOWS_ROOT%/krb5.ini here.
    
    By default, Java looks for the file in these locations and order:
  - System Property (java.security.krb5.conf)
  - %JAVA_HOME%/lib/security/krb5.conf
  - %WINDOWS_ROOT%/krb5.ini

See Also:: Constant Field Values

LOGIN_CONF
```
public static final String LOGIN_CONF
```
Servlet init param name in web.xml spnego.login.conf.

The location of the login.conf file.

See Also:

Constant Field Values

NEGOTIATE_HEADER
```
public static final String NEGOTIATE_HEADER
```
HTTP Response Header Negotiate.

The filter will set this as the value for the "WWW-Authenticate" header. Note that the filter may also add another header with a value of "Basic" (if allowed by the web.xml file).

See Also:

Constant Field Values

PREAUTH_PASSWORD
```
public static final String PREAUTH_PASSWORD
```
Servlet init param name in web.xml spnego.preauth.password.

Network Domain password. For Windows, this is sometimes known as the Windows NT password.

See Also:

Constant Field Values

PREAUTH_USERNAME
```
public static final String PREAUTH_USERNAME
```
Servlet init param name in web.xml spnego.preauth.username.

Network Domain username. For Windows, this is sometimes known as the Windows NT username.

See Also:

Constant Field Values

PROMPT_NTLM
```
public static final String PROMPT_NTLM
```
If server receives an NTLM token, the filter will return with a 401 and with Basic as the only option (no Negotiate) spnego.prompt.ntlm.

See Also:

Constant Field Values

SERVER_MODULE
```
public static final String SERVER_MODULE
```
Servlet init param name in web.xml spnego.login.server.module.

The LoginModule name that exists in the login.conf file.

See Also:

Constant Field Values

Class KerberosSpnegoFilter.Constants

Field Summary

Method Summary

Methods inherited from class java.lang.Object

Field Detail

THROW_TYPED_RUNTIME_EXCEPTION

ALLOW_BASIC

ALLOW_DELEGATION

ALLOW_LOCALHOST

ALLOW_UNSEC_BASIC

AUTHN_HEADER

AUTHZ_HEADER

BASIC_HEADER

CLIENT_MODULE

KRB5_CONF

LOGIN_CONF

NEGOTIATE_HEADER

PREAUTH_PASSWORD

PREAUTH_USERNAME

PROMPT_NTLM

SERVER_MODULE