In the 1st et 2d articles about chaining kerberos with OpenAM, there may be some use cases where the « referer » solution may not work, since for example the browser does not always generate it, for security reasons.

In such a case, here’s a more sophisticated 401.jsp page, that requires a Java 7 environment:

<%@ page import="*"%>
<%@ page import="java.util.*"%>
<%@ page import="javax.servlet.*"%>
<%@ page import="javax.servlet.http.*"%>
<%@ page import="javax.servlet.ServletContext"%>

<%@taglib uri="/WEB-INF/jato.tld" prefix="jato"%>
<%@taglib uri="/WEB-INF/auth.tld" prefix="auth"%>


*(C) 2010 Jim Klimov, JSC COS&HT
*param processing (C)

Chaining kerberos with OpenAM

The browser will reload the page, preserving the initial request and parameters if any

response.setStatus (response.SC_UNAUTHORIZED);
response.setHeader ("WWW-Authenticate", "Negotiate");

* Default ORG and MODULE/SERVICE values, should override whatever
* was passed to the Login page, if fallback redirect is required
* TODO: Parametrize via serice/property configs
String FallbackServiceURI = "/openam/UI/Login?module=LDAP";

<HTML><HEAD><TITLE>HTTP-401: Unauthorized</TITLE>

Enumeration<String> paramNames = request.getParameterNames();

while(paramNames.hasMoreElements()) {
String paramName = paramNames.nextElement();
if (
paramName.equals("service") ||
paramName.equals("module") ||
) { ; } else {

String[] paramValues = request.getParameterValues(paramName);

for(int i=0; i<paramValues.length; i++) {
String paramValue = paramValues[i];

FallbackServiceURI += "&"+paramName;

if (paramValue.length() != 0) {

FallbackServiceURI += "="+paramValue;






<meta HTTP-EQUIV="refresh" content="0;url=<%= FallbackServiceURI %>">


<BODY><H1>HTTP-401: Unauthorized</H1>

Proper authorization is required for this area. 

Either your browser does not perform authorization, 

or your authorization has failed.<br>

Your browser will be redirected to 

<a href="<%= FallbackServiceURI %>">default authorization method</a>.



Les derniers articles par janua (tout voir)