Java Thick Client with Kerberos for RESTful Service
Introduction
RESTful services are web applications so it can be secured with Kerberos. If you want to access the RESTful service which is secured with kerberos in windows the easiest way is to use WAFFLE to get the kerberos token and attach it in HTTP header.
Steps
1. Setup Kerberos for the RESTful server.
If you already have a RESTful application secured with Kerberos the continue with 2.Waffle Dependency else check this post for how to configure kerberos authentication for RESTful application.
Note: the above link is for securing web application basically its the same for RESTful applications.
2. Waffle Dependency
Add the following dependency to the project.
Maven
<dependency>
<groupId>com.github.dblock.waffle</groupId>
<artifactId>waffle-jna</artifactId>
<version>1.6</version>
</dependency>
Gradle
compile 'com.github.dblock.waffle:waffle-jna:1.6'
Download
- If you are not using any build tool download waffle and add the jars to the classpath.
3. Client
For Client
Kerberos Token
To get the kerberos token use the following util class.
import waffle.util.Base64;
import waffle.windows.auth.impl.WindowsSecurityContextImpl;
/**
* Client authenticator. This creates a KRB5 token for the target service.
*/
public class WindowsAuthenticator {
public static final String securityPackage = "Negotiate";
public static String getKrbToken(String aTargetSPName) {
if(null == aTargetSPName || aTargetSPName.trim().isEmpty()){
return null;
}
return Base64.encode(WindowsSecurityContextImpl.getCurrent(securityPackage, aTargetSPName).getToken());
}
private WindowsAuthenticator(){
super();
}
}
Test Client
I’m using a junit test as a client.
@Test
public void testNegoRestClient(){
List<MediaType> acceptableMediaTypes = new ArrayList<MediaType>();
acceptableMediaTypes.add(MediaType.APPLICATION_XML);
String restURL = REST_URL+1;
HttpHeaders headers = createNegoHeaders();
headers.setAccept(acceptableMediaTypes);
HttpEntity<Object> entity = new HttpEntity<Object>(headers);
ResponseEntity<RestTO> result = restTemplate.exchange(restURL,
HttpMethod.GET, entity, RestTO.class);
RestTO restTo = result.getBody();
}
HttpHeaders createNegoHeaders(){
return new HttpHeaders() {
{
byte[] encodedAuth = Base64.encode(getToken());
//The target SPN is HTTP/web.springsource.com
String authHeader = "Negotiate " + WindowsAuthenticator.getKrbToken("HTTP/web.springsource.com");
set("Authorization", authHeader);
}
};
}
Refrences
Newest Posts
- Anaconda Proxy Repository in Nexus OSS 3
- Node Command Line Interface Tool in TypeScript.
- Continuous Deployment for Jekyll using Bitbucket Pipeline to deploy in Github
- Grunt Watch and Livereload (Using BrowserSync) in Jekyll
- Java Thick Client with Kerberos for RESTful Service
- Install Gradle in Cloud9 IDE
- Localhost Authentication for Spring Kerberos
- JasperReport with Gradle
- Jasper Reports Font Extension
- JDK Folder from Installation EXE