Mixing NTLM/SPNEGO and basic-auth for different paths in the same app?

Mar 9, 2012 at 7:56 AM

I'm wondering if WAFFLE could help me solve my problem. I tried proxing requests for authentication through IIS and failed: http://markmail.org/message/ezbcn67jmremhau2
So, I'm looking also at WAFFLE as an alternative.

I have a Spring (Security) based Java web app running in Tomcat at /myapp. All requests from browsers (i.e. "real users") to /myapp/* must be authenticated against Windows AD using NTLM/SPNEGO. All requests to /myapp/API must be authenticated against AD using basic-auth and only a single technical user should have permissions for that. I expect that from a Spring Security perspective it only deals with pre-authenticated request, they would have been authenticated by WAFFLE.

Can WAFFLE here?

Mar 10, 2012 at 8:24 PM

There's a lot here that spring does that I am not familiar with, but if you can setup separate security context for those two paths (via two apps probably), then the answer should be 'yes'. I would start with figuring out how to set different auth - Waffle w/ spring security on the first path and basic auth on the second path.