SPNEGO设置

花了点时间在JBOSS,TOMCAT,WEBSPHERE上应用了SPNEGO open source project,有几点要注意的地方

1)tomcat下面的login.conf的正确格式如下:

spnego-client {
    com.sun.security.auth.module.Krb5LoginModule required;
};

spnego-server {
	com.sun.security.auth.module.Krb5LoginModule required
	isInitiator=false
	storeKey=true
	useKeyTab=true
	keyTab="tomcat.keytab"
	debug=true
	principal="HTTP/shadcdw83.bib.biz@BIB.BIZ";
};

SPNEGO 网站提供的格式太简单，无法工作的。

还要注意这个tomcat.keytab要在tomcat工作的当前目录.

2)Websphere无法使用SPNEGO open source project,不过它自身的支持已经很完备了。

下面是取得delegation token，并且访问另外的网站的代码:

	try{
		String delegatedToken = SpnegoTokenHelper.buildSpnegoAuthorizationFromCallerSubject(
						"HTTP/swapp83.bib.biz@BIB.BIZ",
						GSSCredential.INDEFINITE_LIFETIME, true);
		out.println("<pre>Retrieve delegated token"+delegatedToken+"</pre>");
		
		String testUrl = "http://swapp83.bib.biz:7080/sample/spnego.jsp";


		out.print("<br>Trying to visit <a href='"+testUrl+"'>" + testUrl +"</a>"); 


		HttpURLConnection connection = (HttpURLConnection) new URL(testUrl).openConnection();
		connection.setRequestProperty("Authorization", delegatedToken);
		connection.connect();
		InputStream in = connection.getInputStream();
		int resp = connection.getResponseCode();
		out.print("<br />HTTP Status Code: " + resp);
		out.print("<br />HTTP Status Message: " + connection.getResponseMessage());
		InputStreamReader isr = new InputStreamReader(in);
		int numCharsRead;
		char[] charArray = new char[1024];
		StringBuffer sb = new StringBuffer();
		while ((numCharsRead = isr.read(charArray)) > 0) {
			sb.append(charArray, 0, numCharsRead);
		}
		String result = sb.toString();


		out.println("<hr>*** BEGIN ***");
		out.println(result);
		isr.close();
		in.close();
		out.println("*** END ***");
	} catch (Exception e) {
		e.printStackTrace();
		out.println(e.getMessage() + "<br>");
	}

还要注意SPNEGO在Websphere 8.5.5.0无法工作，需要8.5.5.10或以后的版本。
<end>