Support different principals on server side based on the spnego token recevied from token #67
Description
Currently kerb4j library supports using just a single kerberos principal on server side.
However in reality there could be multiple of them.
Consider following scenario:
0. Server has two DNS aliases: www1.server.com and www2.server.com
- Server side is using principal svc_server_a with SPN HTTP/www1.server.com and principal svc_server_b with SPN HTTP/www2.server.com
- Client A is using principal svc_client_a and makes a HTTP request to SPNEGO protected REST API hosted on www1.server.com
Client will obtain a TGT from domain controller and make a request to get a ticket for SPN HTTP/www1.server.com - it will encode the result token to base64 and send as a HTTP header. This token contains information that it was issued for SPN HTTP/www1.server.com - this information is unencrypted so server can choose proper principal to decode and validate the result token - Client B is using principal svc_client_b and makes a HTTP request to SPNEGO protected REST API hosted on www2.server.com
Client will obtain a TGT from domain controller and make a request to get a ticket for SPN HTTP/www2.server.com - it will encode the result token to base64 and send as a HTTP header. This token contains information that it was issued for SPN HTTP/www2.server.com - this information is unencrypted so server can choose proper principal to decode and validate the result token
Make changes to kerb4j library so it would support multiple principals on server side and choose between hem based on SPN.