root-context-with-krb.xml

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:beans="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xmlns:sec="http://www.springframework.org/schema/security"
    xmlns:context="http://www.springframework.org/schema/context"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.2.xsd
        http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.2.xsd
        http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd">

    <sec:http entry-point-ref="spnegoEntryPoint">
        <sec:intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY" />
        <sec:custom-filter ref="spnegoAuthenticationProcessingFilter" position="BASIC_AUTH_FILTER" />
    </sec:http>

    <bean id="spnegoEntryPoint" class="org.springframework.security.extensions.kerberos.web.SpnegoEntryPoint" />

    <bean id="spnegoAuthenticationProcessingFilter"
        class="org.springframework.security.extensions.kerberos.web.SpnegoAuthenticationProcessingFilter">
        <property name="authenticationManager" ref="authenticationManager" />
    </bean>

    <sec:authentication-manager alias="authenticationManager">
        <sec:authentication-provider ref="kerberosServiceAuthenticationProvider" />
        <sec:authentication-provider ref="myCusomAuthenticationProvider" />
    </sec:authentication-manager>

    <bean id="myCusomAuthenticationProvider" class="com.test.MyCustomAuthenticationProvider">
    </bean>

    <bean id="kerberosAuthenticationProvider"
        class="org.springframework.security.extensions.kerberos.KerberosAuthenticationProvider">
        <property name="kerberosClient">
            <bean class="org.springframework.security.extensions.kerberos.SunJaasKerberosClient">
                <property name="debug" value="${krb.debug}"/>
            </bean>
        </property>
        <property name="userDetailsService" ref="dummyUserDetailsService"/>
    </bean>

    <bean id="kerberosServiceAuthenticationProvider"
        class="org.springframework.security.extensions.kerberos.KerberosServiceAuthenticationProvider">
        <property name="ticketValidator">
            <bean
                class="org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator">
                <property name="servicePrincipal" value="${krb.service.prinicipal}" />
                <!-- Setting keyTabLocation to a classpath resource will most likely not work in a Java EE application Server -->
                <!-- See the Javadoc for more information on that -->
                <property name="keyTabLocation" value="${krb.keytab.location}" />
                <property name="debug" value="${krb.debug}" />
            </bean>
        </property>
        <property name="userDetailsService" ref="dummyUserDetailsService" />
    </bean>

    <bean
        class="org.springframework.security.extensions.kerberos.GlobalSunJaasKerberosConfig">
        <property name="debug" value="${krb.debug}" />
        <property name="krbConfLocation" value="${krb.conf.location}"/>
    </bean>

    <bean id="dummyUserDetailsService"
        class="org.springframework.security.extensions.kerberos.sample.DummyUserDetailsService" />

    <context:property-placeholder location="/WEB-INF/kerberos.properties"/>
</beans>