Announcement Announcement Module
No announcement yet.
Intercepting Spring/Spnego Security Page Title Module
Move Remove Collapse
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Intercepting Spring/Spnego Security

    Hi (I'm new to Spring so please forgive any stupid questions!)

    I'm using Spring 3.0.0 to authenticate a web app using Spnego. This is all configured and working fine. However the app is also to be accessed via Blackberry which is causing issues with the Spnego authentication. What i would like to do is intercept the code at a point where having checked the user's browser I can direct then either
    a) through the normal Spring/Spnego security or
    b) through a different authentictaion mechanism for the blackbery users

    I have tried intercepting the code in servlet filters (extends GenericFilterBean) however the request headers appear to have been modified! Where I am expecting to see
    user-agent = Blackerry9000 etc etc
    I see
    user-agent = Mozilla/4.0 etc

    Can anyone tell me how/where this would get changed? And where in my code I might be best trying to intercept the request?

  • #2
    What sort of authentication are you planning on for Blackberry users?


    • #3
      As an interim solution we'll simply scrape the Device ID from the request header and use this to authenticate the user against an ADAM resource having looked up their username.

      Going back to the original issue it seems that the issue was at least partly due to the url being called from the Blackberry.

      If I call
      http://<IP_Address>:<Port Number>/myweb
      then the user-agent on the request as captured in my Spnego Entry Point Class shows as Mozilla 4, however if I call
      http://<IP_Address>:<Port Number>/myweb/default.jsp
      then the user-agent correctly shows as Blackberry9000

      this is despite having default.jsp in the <welcome-file-list> in the web.xml. Does anyone know why this would be? Also, whilst I now see the correct user-agent on the request, various other Blackberry specific headers are missing (e.g. email address, device ID) Any ideas??


      • #4
        I'm sure changes in the HTTP headers have nothing to do with Spring Security. Check to see what else is between your user agent (BB) and the servlet, for example, other servlet filters, firewalls, proxies, etc etc.