I'm using spnego ( http://spnego.sourceforge.net ) for kerberos authentication under JBoss.
I need to decrypt kerberos ticket to access the authorization-data which will containt PAC data. The PAC data is needed to decide which roles are to be granted to user.
How to access and decrypt kerberos ticket? I've searched net for examples, but without effort.
These guys have a full PAC decoding implementation:
http://jaaslounge.sourceforge.net/
You can use the token parser like this:
HttpServletRequest request = (HttpServletRequest) req;
String header = request.getHeader("Authorization");
byte[] base64Token = header.substring(10).getBytes("UTF-8");
byte[] spnegoHeader = Base64.decode(base64Token);
SpnegoInitToken spnegoToken = new SpnegoInitToken(spnegoHeader);
You're going to need to jump though some hoops if you want to decrypt the underlying Kerberos ticket. Not sure if you need that.
Grant