SPNEGO for GlassFish - Thanks, Greg!

Greg Luck's Logo

Greg (of Wotif.COM fame) has first working code for SPNEGO on GlassFish. SPENGO stands for "Simple and Protected GSSAPI Negotiation Mechanism" and it is used to discover what GSSAPI (like Kerberos) protocol can be used by peers for establishing security contexts... which means SSO.

SPENGO is supported by Active Directory, Sun's Access Manager, IE, FireFox and many others. Greg decided that kerberos is cool, started looking into using it in GlassFish and discovered that GF does not yet do SPNEGO; the result was spnego.dev.java.net.

Thanks to Greg for this contribution (and also to Ron and others that helped him along the way!). I looked around and it seems that SPNEGO is supported in WebLogic Server and WebSphere, so this will be yet another feature that can no longer be used to separate open source from non-open source app servers; and we have a few more in the queue that we are sure you will like!


How does this compares to SPNEGO in Java SE 6? http://java.sun.com/javase/6/docs/technotes/guides/security/jgss/lab/part5.html

Posted by Max on April 11, 2007 at 09:56 PM PDT #

"SPNEGO support was added to GF in the form of a pluggable server auth(entication) module that conforms to the Servlet Profile of JSR 196: Java Authentication Service Provider Interface for Containers. Internally, the server auth module employs the Java GSSAPI interfaces (i.e., org.ietf.jgss) to access the SPNEGO mechanism provided in Java EE 6. The Servlet container will be performing the jgss calls (described in the example you cite) on behalf of the deployed application, and within the context of its processing of the declarative security constraints defined for the application.

Posted by monzillo on April 12, 2007 at 03:23 AM PDT #

Post a Comment:
Comments are closed for this entry.