P
polilop
If the web browser and SPN is setup correctly, is it enough :
int index = -1;
public void getAuthorization( HttpServletResponse rsp)
{
String authorization = req.getHeader("Authorization");
if (authorization == null || (index = authorization.indexOf(' ')) == -1
|| !authorization.substring(0, index).equals("Negotiate")) {
rsp.reset();
rsp.setHeader("WWW-Authenticate", "Negotiate");
rsp.setContentLength(0);
rsp.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
rsp.flushBuffer();
return null;
}
return authorization;
to get the Kerberos token from the requesting Browser
int index = -1;
public void getAuthorization( HttpServletResponse rsp)
{
String authorization = req.getHeader("Authorization");
if (authorization == null || (index = authorization.indexOf(' ')) == -1
|| !authorization.substring(0, index).equals("Negotiate")) {
rsp.reset();
rsp.setHeader("WWW-Authenticate", "Negotiate");
rsp.setContentLength(0);
rsp.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
rsp.flushBuffer();
return null;
}
return authorization;
to get the Kerberos token from the requesting Browser