Intercepting Spring/Spnego Security

Printable View

Feb 8th, 2011, 10:41 AM
geordieracer

Intercepting Spring/Spnego Security

Hi (I'm new to Spring so please forgive any stupid questions!)

I'm using Spring 3.0.0 to authenticate a web app using Spnego. This is all configured and working fine. However the app is also to be accessed via Blackberry which is causing issues with the Spnego authentication. What i would like to do is intercept the code at a point where having checked the user's browser I can direct then either
a) through the normal Spring/Spnego security or
b) through a different authentictaion mechanism for the blackbery users

I have tried intercepting the code in servlet filters (extends GenericFilterBean) however the request headers appear to have been modified! Where I am expecting to see
user-agent = Blackerry9000 etc etc
I see
user-agent = Mozilla/4.0 etc

Can anyone tell me how/where this would get changed? And where in my code I might be best trying to intercept the request?
Feb 9th, 2011, 09:12 AM
pmularien

What sort of authentication are you planning on for Blackberry users?
Feb 9th, 2011, 09:50 AM
geordieracer

As an interim solution we'll simply scrape the Device ID from the request header and use this to authenticate the user against an ADAM resource having looked up their username.

Going back to the original issue it seems that the issue was at least partly due to the url being called from the Blackberry.

If I call
http://<IP_Address>:<Port Number>/myweb
then the user-agent on the request as captured in my Spnego Entry Point Class shows as Mozilla 4, however if I call
http://<IP_Address>:<Port Number>/myweb/default.jsp
then the user-agent correctly shows as Blackberry9000

this is despite having default.jsp in the <welcome-file-list> in the web.xml. Does anyone know why this would be? Also, whilst I now see the correct user-agent on the request, various other Blackberry specific headers are missing (e.g. email address, device ID) Any ideas??
Feb 9th, 2011, 10:30 AM
pmularien

I'm sure changes in the HTTP headers have nothing to do with Spring Security. Check to see what else is between your user agent (BB) and the servlet, for example, other servlet filters, firewalls, proxies, etc etc.