问题
I'm using spring-security-kerberos to authenticate the remote users - this works well. The problem that I have is that sometimes users do not have the kerberos ticket in place and I need to use another form of authentication. I've wrote my own Authentication Provider (myCusomAuthenticationProvider) for this purpose. This custom provider should ask the user for BASIC authentication and uses several LDAP servers to authenticate the user based on username and password.
The problem that I see is that my custom authentication manager always gets KerberosServiceRequestToken as the authentication token and I don't manage to get UsernamePasswordAuthenticationToken. How can I make the server return both "Negotiate" and "Basic" methods to the browser and have my own provider handle the basic authentication?
I've found a way to do it with some tweaks to the spring-security-kerberos code but I'm trying to find a better way to do this.
web.xml: http://pastebin.com/embed.php?i=ZidnBMwZ
root-context-with-krb.xml: http://pastebin.com/c8vfUZfV
回答1:
This answer will help you Optional kerberos authentication
And if you're need more custom, then extends KerberosAuthenticationProvider by your class MyCustomAuthenticationProvider and paste it to class attribute:
<bean id="kerberosAuthenticationProvider" class="com.test.MyCustomAuthenticationProvider">
<property name="kerberosClient">
<bean class="org.springframework.security.extensions.kerberos.SunJaasKerberosClient">
<property name="debug" value="${krb.debug}"/>
</bean>
</property>
<property name="userDetailsService" ref="dummyUserDetailsService"/>
</bean>
来源:https://stackoverflow.com/questions/21093480/combine-custom-authentication-filter-with-spring-security-kerberos