Spring-security, Tomcat and SPNEGO - best approach

Question

I'm looking for the best approach to achieve SPNEGO/Kerberos login for a spring-security application on Tomcat and Windows. Candidates i've looked at:

• Spring Security Kerberos Extension
• Waffle
• Apache httpd fronting with mod_auth_kerb module
• Apache httpd with mod_auth_sspi module

I wasn't super-impressed by Waffle and mod_auth_sspi only seems to support NTLMv1 so that is out. I do see a value in fronting with an Apache httpd so that seems like a good approach. How well does that play with spring-security though, I wonder. Who has done this? Which is the best/most stable approach?

Answer 1

Don't do any overhead. Use the Spring SEC Extension. That one works quite well on our environment for more than a year. Though it has the potention for some improvement.