You can use a system programming interface to customize the behavior
of the Simple and Protected GSS-API Negotiation Mechanism (SPNEGO) trust association
interceptor (TAI) by specifying whether or not a particular HTTP request should
be intercepted.
About this task
Verify the configuration of your SPNEGO TAI. The deployment of the
SPNEGO TAI can vary from a single WebSphere Application Server system on which
a single application is running to a large multinode WebSphere Application
Server Network Deployment (ND) cell, with dozens of application servers, hosting
many applications. Every SPNEGO TAI is installed at the cell level. You must
be aware of your particular SPNEGO TAI configuration.
The default behavior
of the SPNEGO TAI is to not intercept HTTP requests. This default behavior
ensures that the SPNEGO TAI can be installed into an existing cell, configured
for a single application server and not change any other application servers
in the cell. Other WebSphere Application Servers can run exactly as before
within a given configuration.
Then decide whether or not to use the
sample SPN<id>.filter class and determine the exact filter properties to
use.
Note: The default behavior of the SPNEGO TAI is to use the com.ibm.ws.security.spnego.SPN<id>.filter
class and intercept all requests.
If the default behavior is not appropriate,
you can use a customer provided class, or extend or modify the sample class
as required. The system programmer interface, com.ibm.ws.security.spnego.SpnegoFilter
allows you to implement a custom filter to determine whether or not to intercept
a particular HTTP request. With the default implementation, you can set filter
rules for coarse as well as fine-grained criteria in selecting which HTTP
requests to intercept.