Cwikius-Spring/spring-security
1
0
Fork 0
mirror of https://github.com/spring-projects/spring-security.git synced 2025-10-23 18:59:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
spring-security/docs/modules/ROOT/pages/servlet/authentication/kerberos/ssk.adoc
Rob Winch f5fb127c8c
Add Spring Security Kerberos 
Move the Spring Security Kerberos Extension into Spring Security

Closes gh-17879
2025-09-12 14:25:20 -05:00

86 lines
2.5 KiB
Plaintext
Raw Blame History

[[springsecuritykerberos]]
= Spring and Spring Security Kerberos
:figures: servlet/authentication/kerberos
This part of the reference documentation explains the core functionality
that Spring Security Kerberos provides to any Spring based application.
<<ssk-authprovider>> describes the authentication provider support.
<<ssk-spnego>> describes the spnego negotiate support.
<<ssk-resttemplate>> describes the RestTemplate support.
[[ssk-authprovider]]
== Authentication Provider
Provider configuration using JavaConfig.
[source,java,indent=0]
----
include::example$kerberos/AuthProviderConfig.java[tags=snippetA]
----
[[ssk-spnego]]
== Spnego Negotiate
Spnego configuration using JavaConfig.
[source,java,indent=0]
----
include::example$kerberos/SpnegoConfig.java[tags=snippetA]
----
[[ssk-resttemplate]]
== Using KerberosRestTemplate
If there is a need to access Kerberos protected web resources
programmatically we have `KerberosRestTemplate` which extends
`RestTemplate` and does necessary login actions prior to delegating to
actual RestTemplate methods. You basically have few options to
configure this template.
- Leave keyTabLocation and userPrincipal empty if you want to
use cached ticket.
- Use keyTabLocation and userPrincipal if you want to use
keytab file.
- Use loginOptions if you want to customise Krb5LoginModule options.
- Use a customised httpClient.
With ticket cache.
[source,java,indent=0]
----
include::example$kerberos/KerberosRestTemplateConfig.java[tags=snippetA]
----
With keytab file.
[source,java,indent=0]
----
include::example$kerberos/KerberosRestTemplateConfig.java[tags=snippetB]
----
[[ssk-kerberosldap]]
== Authentication with LDAP Services
With most of your samples we're using `DummyUserDetailsService`
because there is not necessarily need to query a real user details
once kerberos authentication is successful and we can use kerberos
principal info to create that dummy user. However there is a way to
access kerberized LDAP services in a say way and query user details
from there.
`KerberosLdapContextSource` can be used to bind into LDAP via kerberos
which is at least proven to work well with Windows AD services.
[source,java,indent=0]
----
include::example$kerberos/KerberosLdapContextSourceConfig.java[tags=snippetA]
----
[TIP]
====
Sample xref:servlet/authentication/kerberos/samples.adoc#samples-sec-server-win-auth[Security Server Windows Auth Sample]
is currently configured to query user details from AD if authentication happen via kerberos.
====
Reference in New Issue View Git Blame Copy Permalink