What is the right implementation of SPNEGO auth provider

cancel
Showing results for 
Search instead for 
Did you mean: 
longinus
Member II

What is the right implementation of SPNEGO auth provider

I am writing a service that talks to Alfresco Core repository using Apache Chemistry opencmis library and need to authenticate through SPNEGO. Cmis library requires me to provide custom authentication provider which so far doesn't work for me. So far I came up with following:

public class KerberosAuthProvider extends AbstractAuthenticationProvider {

@Override

public Map<String, List<String>> getHTTPHeaders(String url) {   

   try {        

             String authToken = ….  // generate token       

            Map<String, List<String>> headers = Maps.newHashMap();                       

            headers.put("Authorization", Lists.newArrayList("Negotiate " + authToken));       

            return headers;   

    } catch    (Exception ex) {       

               throw new IllegalStateException("Couldn't get token", ex);    }}

      }

I will appreciate any suggestions.

4 Replies
afaust
Master

Re: What is the right implementation of SPNEGO auth provider

Suggestions for what? I can only suggest to work through the JAAS / GSS-API tutorials and guides from Oracle. That should be all you need to authenticate as a client and obtain a service ticket for a particular Alfresco instance. There are also StackOverflow questions / answers that cover this.

longinus
Member II

Re: What is the right implementation of SPNEGO auth provider

Sorry for not explaining the problem clearly. The code I posted doesn't work. It results with 500, so would be nice to get some suggestions of what I may be missing. 
I will also look into tutorials you suggested.
Thanks
longinus
Member II

Re: What is the right implementation of SPNEGO auth provider

Just realized that CMIS doesnt add the auth header to connection request headers. something is wrong....

longinus
Member II

Re: What is the right implementation of SPNEGO auth provider

Keep in mind that I am using OpenCMIS library. So just need to extend it with my auth provider that implements certain interface. I know how to generate token. For some reason it is not included with the connection, which is where i would appreciate some suggestions from people experienced with CMIS.