String spnegoToken = getSpnegoToken(header);
HttpSession httpSession = request.getSession(false);
SpnegoUserIdentity identity = (SpnegoUserIdentity)login(null, spnegoToken, request);
if (identity.isEstablished())
setSpnegoToken(response, principal.getEncodedToken());
Duration authnDuration = getAuthenticationDuration();
if (!authnDuration.isNegative())
httpSession.setAttribute(UserIdentityHolder.ATTRIBUTE, new UserIdentityHolder(identity));
return new UserAuthentication(getAuthMethod(), identity);
LOG.debug("Sending intermediate challenge");
SpnegoUserPrincipal principal = (SpnegoUserPrincipal)identity.getUserPrincipal();
sendChallenge(response, principal.getEncodedToken());
return Authentication.SEND_CONTINUE;
Duration authnDuration = getAuthenticationDuration();
if (!authnDuration.isNegative())
return new UserAuthentication(getAuthMethod(), identity);
sendChallenge(response, null);
return Authentication.SEND_CONTINUE;