Results 1 to 4 of 4

Thread: Intercepting Spring/Spnego Security

  1. Feb 8th, 2011, 10:41 AM #1
    geordieracer
    geordieracer is offline Junior Member
    Join Date
    Feb 2011
    Posts
    8

    Default Intercepting Spring/Spnego Security

    Hi (I'm new to Spring so please forgive any stupid questions!)

    I'm using Spring 3.0.0 to authenticate a web app using Spnego. This is all configured and working fine. However the app is also to be accessed via Blackberry which is causing issues with the Spnego authentication. What i would like to do is intercept the code at a point where having checked the user's browser I can direct then either
    a) through the normal Spring/Spnego security or
    b) through a different authentictaion mechanism for the blackbery users

    I have tried intercepting the code in servlet filters (extends GenericFilterBean) however the request headers appear to have been modified! Where I am expecting to see
    user-agent = Blackerry9000 etc etc
    I see
    user-agent = Mozilla/4.0 etc

    Can anyone tell me how/where this would get changed? And where in my code I might be best trying to intercept the request?
    Reply With Quote Reply With Quote
  2. Feb 9th, 2011, 09:12 AM #2
    pmularien
    pmularien is offline Senior Member
    Join Date
    Sep 2004
    Location
    Manchester, NH
    Posts
    1,236

    Default

    What sort of authentication are you planning on for Blackberry users?
    Peter Mularien | Blog
    Author, Spring Security 3 (Book) - Packt Publishing, Available in print and eBook form
    SCJP 5, Oracle DBA
    Any postings are my own opinion, and should not be attributed to my employer or clients.
    Reply With Quote Reply With Quote
  3. Feb 9th, 2011, 09:50 AM #3
    geordieracer
    geordieracer is offline Junior Member
    Join Date
    Feb 2011
    Posts
    8

    Default

    As an interim solution we'll simply scrape the Device ID from the request header and use this to authenticate the user against an ADAM resource having looked up their username.

    Going back to the original issue it seems that the issue was at least partly due to the url being called from the Blackberry.

    If I call
    http://<IP_Address>:<Port Number>/myweb
    then the user-agent on the request as captured in my Spnego Entry Point Class shows as Mozilla 4, however if I call
    http://<IP_Address>:<Port Number>/myweb/default.jsp
    then the user-agent correctly shows as Blackberry9000

    this is despite having default.jsp in the <welcome-file-list> in the web.xml. Does anyone know why this would be? Also, whilst I now see the correct user-agent on the request, various other Blackberry specific headers are missing (e.g. email address, device ID) Any ideas??
    Reply With Quote Reply With Quote
  4. Feb 9th, 2011, 10:30 AM #4
    pmularien
    pmularien is offline Senior Member
    Join Date
    Sep 2004
    Location
    Manchester, NH
    Posts
    1,236

    Default

    I'm sure changes in the HTTP headers have nothing to do with Spring Security. Check to see what else is between your user agent (BB) and the servlet, for example, other servlet filters, firewalls, proxies, etc etc.
    Peter Mularien | Blog
    Author, Spring Security 3 (Book) - Packt Publishing, Available in print and eBook form
    SCJP 5, Oracle DBA
    Any postings are my own opinion, and should not be attributed to my employer or clients.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules