花了点时间在JBOSS,TOMCAT,WEBSPHERE上应用了SPNEGO open source project,有几点要注意的地方
1)tomcat下面的login.conf的正确格式如下:
spnego-client {
com.sun.security.auth.module.Krb5LoginModule required;
};
spnego-server {
com.sun.security.auth.module.Krb5LoginModule required
isInitiator=false
storeKey=true
useKeyTab=true
keyTab="tomcat.keytab"
debug=true
principal="HTTP/shadcdw83.bib.biz@BIB.BIZ";
};
SPNEGO 网站提供的格式太简单,无法工作的。
还要注意这个tomcat.keytab要在tomcat工作的当前目录.
2)Websphere无法使用SPNEGO open source project,不过它自身的支持已经很完备了。
下面是取得delegation token,并且访问另外的网站的代码:
try{
String delegatedToken = SpnegoTokenHelper.buildSpnegoAuthorizationFromCallerSubject(
"HTTP/swapp83.bib.biz@BIB.BIZ",
GSSCredential.INDEFINITE_LIFETIME, true);
out.println("<pre>Retrieve delegated token"+delegatedToken+"</pre>");
String testUrl = "http://swapp83.bib.biz:7080/sample/spnego.jsp";
out.print("<br>Trying to visit <a href='"+testUrl+"'>" + testUrl +"</a>");
HttpURLConnection connection = (HttpURLConnection) new URL(testUrl).openConnection();
connection.setRequestProperty("Authorization", delegatedToken);
connection.connect();
InputStream in = connection.getInputStream();
int resp = connection.getResponseCode();
out.print("<br />HTTP Status Code: " + resp);
out.print("<br />HTTP Status Message: " + connection.getResponseMessage());
InputStreamReader isr = new InputStreamReader(in);
int numCharsRead;
char[] charArray = new char[1024];
StringBuffer sb = new StringBuffer();
while ((numCharsRead = isr.read(charArray)) > 0) {
sb.append(charArray, 0, numCharsRead);
}
String result = sb.toString();
out.println("<hr>*** BEGIN ***");
out.println(result);
isr.close();
in.close();
out.println("*** END ***");
} catch (Exception e) {
e.printStackTrace();
out.println(e.getMessage() + "<br>");
}
还要注意SPNEGO在Websphere 8.5.5.0无法工作,需要8.5.5.10或以后的版本。
<end>