Announcement Announcement Module
No announcement yet.
View based SpnegoEntryPoint Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • View based SpnegoEntryPoint

    Hi, I've just implemented an alternative to the standard SpnegoEntryPoint, which is able to include additional content in the 401 Unauthorized response. This is very helpful if you have FORM based alternative to SPNEGO. You can use the custom content to
    • automatically redirect users to the login page with JavaScript
    • display some error page (possibly with link to login page)
    • or even include the login page itself

    I think it would be nice if this can be supported by the standard SpnegoEntryPoint. Here is the code:

     * View based alternative to Spring's default {@link SpnegoEntryPoint}.
     * @author horal
    public class ViewBasedSpnegoEntryPoint implements AuthenticationEntryPoint {
        private String viewUri;
        public void commence(HttpServletRequest request, HttpServletResponse response,
                AuthenticationException authException) throws IOException, ServletException {
            // Set-up SPNEGO headers
            response.addHeader("WWW-Authenticate", "Negotiate");
            // Render custom view
            if (viewUri != null) {
                request.getRequestDispatcher(viewUri).include(request, response);
            // Flush response buffer
         * Set URI of the view to be sent together with the authentication challenge.
         * @param viewUri View URI, which will be included in the authentication challenge
         * response.
        public void setViewUri(String viewUri) {
            this.viewUri = viewUri;
    Last edited by pavel.horal; Jun 13th, 2013, 12:56 PM.

  • #2
    Thanks for sharing..


    • #3
      Side note for those who will try to get KERBEROS+FORM working:

      When combining Kerberos with FORM based authentication, be sure that AuthenticationFailureHandler will always return response 401. Otherwise when IE falls back to NTLM (and it does that) it might get an impression its authentication was successful, which can lead to all sorts of issues.