Disabling BasicSecurityFilterProvider

Jun 16, 2010 at 10:39 AM


We're looking to use WAFFLE with Jetty.  After learning about SPNs under Windows, the integration was pretty painless -- thank you.

However, we'd like to disable the BasicSecurityFilterProvider so that no username/password is ever sent (only Negotiate or NTLM).  I can see this being added in SecurityFilterProviderCollection and can hence make the change manually, but it'd be nice to have some mechanism to programmatically do this without modifying the source code.

Have you any plans for this?

Thanks in advance.

Jun 16, 2010 at 11:36 AM

Yes, it was already filed as this workitem. I definitely plan to implement this before a release. Feel freel to help :)

Jun 16, 2010 at 12:06 PM

Btw, it would be nice if someone (maybe you?) was to contribute a page to the documentation about SPNs.

Jun 16, 2010 at 12:37 PM

Thank you.  I'll see what I can do in my spare time.  I'll attach a patch if I get a chance to this week.

As for the documentation:  Again, I'll try to write up a summary page / FAQ.

Jun 16, 2010 at 2:47 PM

It was actually quite easy. Please try build 1.3.4197.0.

Here's a full filter configuration.


You get the idea - modify securityFilterProviders accordingly.

Jun 17, 2010 at 2:36 PM

Thanks, that's great.