Versions Compared

Old Version 18

changes.mady.by.user Colm O hEigeartaigh

Saved on

compared with

New Version Current

changes.mady.by.user Colm O hEigeartaigh

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

 

 

Span
stylefont-size:2em;font-weight:bold
JAX-RS Kerberos Support
 

...

The "servicePrincipalName" and "realm" properties can be used to customize it, example, setting "servicePrincipalName" to "HTTP/www.mycompany.com" and realm to "services.org" will result in the "HTTP/www.mycompany.com@services.org" service principal name being used.

When the "servicePrincipalName" is not specified, the target host from the provided endpoint URL is used to construct one as-is.  To perform canonicalization of this hostname (e.g. if a CNAME record host.example.com points to an A record host-x.example.com, then use "host-x.example.com" when constructing the servicePrincipalName), the "useCanonicalHostname" property can be set to "true".

Using JAAS Configuration

Both HTTPConduit and interceptor handlers need a "java.security.auth.login.config" system property set up. This property needs to point to the file containing the configuration of the specific Kerberos login module.

...