Once upon a time, I needed to convince a third-party web application (running in Tomcat) to talk to our campus Kerberos domain.
In order to learn how, I started with the
jsp-examples webapp that ships with Tomcat.
Changing Tomcat's jsp-examples webapp from UserDatabase to Kerberos
Currently, the URL http://localhost:8080/jsp-examples/security/protected/index.jsp is protected by form-based authentication. Users and Roles are configured in tomcat-users.xml. Here are three ways to use Kerberos for authentication:
- With only changes to configuration, no custom programming required:
- With a custom LoginModule that wraps Sun's Krb5LoginModule:
- With a custom Realm that extends JAASRealm and overrides 'authenticate'