Oct 20th, 2010, 12:56 PM
Kerberos extension: avoiding reauthentication in SpnegoAuthenticationProcessingFilter
I am using the Spring Security Kerberos extension (which btw was easy to setup and use, thank you!). One problem I ran into is that every request gets re-authenticated in SpnegoAuthenticationProcessingFilter. I am new to Kerberos, so I was wondering if there is a technical reason for this, or if it's something that can be addressed? Can the filter safely just skip authentication if the SecurityContextHolder has an authenticated, non-anonymous token?
For basic and digest authentication, this ticket was logged and fixed (only for basic auth though): https://jira.springsource.org/browse/SEC-53
Oct 21st, 2010, 11:08 AM
Tags for this Thread