Combining a custom authentication filter with spring-security-kerberos
I am using spring-security-kerberos to authenticate remote users - this works well. The problem I have is that sometimes users don't have a keberox ticket in place and I need to use a different form of authentication. I wrote my own authentication provider ( myCusomAuthenticationProvider
) for this purpose . This custom provider should ask the user for BASIC authentication and use multiple LDAP servers to authenticate the user based on username and password.
The problem I see is that my custom authentication manager always gets the KerberosServiceRequestToken as the authentication token and I am unable to get the UsernamePasswordAuthenticationToken. How do I get the server to return Negotiate and Basic methods to the browser and my own ISP handles Basic Authentication?
I found a way to do this with some tweaks to the spring-security-kerberos code, but I am trying to find the best way to do it.
web.xml: http://pastebin.com/embed.php?i=ZidnBMwZ
root-context-with-krb.xml: http://pastebin.com/c8vfUZfV
source to share
This answer will help you Optional Kerberos Authentication
And if you need more customization, it extends KerberosAuthenticationProvider with your MyCustomAuthenticationProvider class and inserts it into the class attribute:
<bean id="kerberosAuthenticationProvider" class="com.test.MyCustomAuthenticationProvider">
<property name="kerberosClient">
<bean class="org.springframework.security.extensions.kerberos.SunJaasKerberosClient">
<property name="debug" value="${krb.debug}"/>
</bean>
</property>
<property name="userDetailsService" ref="dummyUserDetailsService"/>
</bean>
source to share