Results 1 to 2 of 2

Thread: Kerberos extension: avoiding reauthentication in SpnegoAuthenticationProcessingFilter

Hybrid View

  1. Oct 20th, 2010, 12:56 PM #1
    nikitad
    nikitad is offline Junior Member
    Join Date
    Aug 2010
    Posts
    8

    Default Kerberos extension: avoiding reauthentication in SpnegoAuthenticationProcessingFilter

    I am using the Spring Security Kerberos extension (which btw was easy to setup and use, thank you!). One problem I ran into is that every request gets re-authenticated in SpnegoAuthenticationProcessingFilter. I am new to Kerberos, so I was wondering if there is a technical reason for this, or if it's something that can be addressed? Can the filter safely just skip authentication if the SecurityContextHolder has an authenticated, non-anonymous token?

    For basic and digest authentication, this ticket was logged and fixed (only for basic auth though): https://jira.springsource.org/browse/SEC-53

    Thank you,
    Nikita
    Reply With Quote Reply With Quote
  2. Oct 21st, 2010, 11:08 AM #2
    nikitad
    nikitad is offline Junior Member
    Join Date
    Aug 2010
    Posts
    8

    Default

    I just saw this commit which addresses this: http://git.springsource.org/spring-s...cf325e88ccfddb

    Nikita
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules