Combining a custom authentication filter with spring-security-kerberos
I am using spring-security-kerberos to authenticate remote users - this works well. The problem I have is that sometimes users don't have a keberox ticket in place and I need to use a different form of authentication. I wrote my own authentication provider ( myCusomAuthenticationProvider
) for this purpose . This custom provider should ask the user for BASIC authentication and use multiple LDAP servers to authenticate the user based on username and password.
The problem I see is that my custom authentication manager always gets the KerberosServiceRequestToken as the authentication token and I am unable to get the UsernamePasswordAuthenticationToken. How do I get the server to return Negotiate and Basic methods to the browser and my own ISP handles Basic Authentication?
I found a way to do this with some tweaks to the spring-security-kerberos code, but I am trying to find the best way to do it.
web.xml: http://pastebin.com/embed.php?i=ZidnBMwZ
root-context-with-krb.xml: http://pastebin.com/c8vfUZfV
This answer will help you Optional Kerberos Authentication
And if you need more customization, it extends KerberosAuthenticationProvider with your MyCustomAuthenticationProvider class and inserts it into the class attribute:
<bean id="kerberosAuthenticationProvider" class="com.test.MyCustomAuthenticationProvider">
<property name="kerberosClient">
<bean class="org.springframework.security.extensions.kerberos.SunJaasKerberosClient">
<property name="debug" value="${krb.debug}"/>
</bean>
</property>
<property name="userDetailsService" ref="dummyUserDetailsService"/>
</bean>