Announcement Announcement Module
Collapse
No announcement yet.
Kerberos extension: avoiding reauthentication in SpnegoAuthenticationProcessingFilter Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Kerberos extension: avoiding reauthentication in SpnegoAuthenticationProcessingFilter

    I am using the Spring Security Kerberos extension (which btw was easy to setup and use, thank you!). One problem I ran into is that every request gets re-authenticated in SpnegoAuthenticationProcessingFilter. I am new to Kerberos, so I was wondering if there is a technical reason for this, or if it's something that can be addressed? Can the filter safely just skip authentication if the SecurityContextHolder has an authenticated, non-anonymous token?

    For basic and digest authentication, this ticket was logged and fixed (only for basic auth though): https://jira.springsource.org/browse/SEC-53

    Thank you,
    Nikita

  • #2
    I just saw this commit which addresses this: http://git.springsource.org/spring-s...cf325e88ccfddb

    Nikita

    Comment

    Working...
    X