Choosing Kerberos (SPNEGO) Java library for web application single sign-on [closed]

天大地大妈咪最大 提交于 2019-12-23 09:59:38

问题


I'm currently working on implementing enterprise authentication mechanisms in our Java web-application, including single sign-on. Windows networks are what we primary target at, and Kerberos sounds a reasonable choice. Sidenote: as far as I understand, the protocol used in web (HTTP) environment to SSO is SPNEGO, and it's basically a wrapper around Kerberos. Thus it sounds that Kerberos HTTP SSO libraries in fact are using SPNEGO -- correct me if I'm wrong.

As I started investigating this topic, I realized that there's no obvious choice. Let me list those:

  1. Spring security Kerberos/SPNEGO extension. This was the first I looked at (as we are already using Spring security), but it seems to be stuck at v1.0.0 second milestone few years ago. Only this SO question gives slight hope it could be used for production.
  2. WAFFLE - Windows Authentication Functional Framework. Seems to be active and feature-rich. It can be 'plugged' as generic servlet, and also as a Spring security filter.
  3. SPNEGO SourceForge. Seems very lightweight, provides HTTP Servlet filter, tutorials are easy to follow.

Are there any particular reasons to choose one option over the other? Are there any other options around?


回答1:


First of all, your assumption is correct. You need SPNEGO to perform SSO with HTTP.

  1. This can reasonably used in Spring only. If you have it, got for it. We are using it for more that two years. Does its job.
  2. This works on Windows only.
  3. Uses the same JGSS as the Spring stuff but is framework agnostic. This seems to work very well.

If you are using Tomcat 7, there is already built-in support. I have donated appropriate code. You should speficy what you exactly expect. If you have no expectations but the authentication use either 3 or 1 with Spring.



来源:https://stackoverflow.com/questions/11694975/choosing-kerberos-spnego-java-library-for-web-application-single-sign-on

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!