VIKEnut'

De

РусскийPolskiEspañolPortuguês

Dunkles thema

Schreiben

Dunkles thema

De

РусскийPolskiEspañolPortuguês
spnegospringkerberostomcatspring-security

BadCredentialsException: Kerberos-Überprüfung nicht erfolgreich

Ich möchte eine Authentifizierung mit SPNEGO durchführen. Ich benutze:

spring-core-3.1.0.RELEASE.jarspring-security-core-3.1.0.RELEASE.jarspring-security-kerberos-core-1.0.0.M2.jarPaket-Codec aus Spring Core Security 3.0.7 (https://jira.springsource.org/browse/SES-98)Kater

Meine Konfigurationsdatei sieht folgendermaßen aus. Beim Versuch, mich bei den oben genannten Bibliotheken zu authentifizieren, ist die folgende Ausnahme aufgetreten.

Hatte jemand das gleiche Problem und hat sich darum gekümmert?

Konfigurationsdatei (entnommen aus dem Beispiel für Spring Security Kerberos):

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:sec="http://www.springframework.org/schema/security"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd">

    <!-- This configuration uses SPNEGO by default, but one could also use a form if he directly goes to /login.html -->
    <sec:http entry-point-ref="spnegoEntryPoint" use-expressions="true">
        <sec:intercept-url pattern="/secure/**" access="isAuthenticated()" />
        <sec:custom-filter ref="spnegoAuthenticationProcessingFilter"
            position="BASIC_AUTH_FILTER" />
        <sec:form-login login-page="/login.html" default-target-url="/secure/index.jsp"/>
    </sec:http>

    <bean id="spnegoEntryPoint"
        class="org.springframework.security.extensions.kerberos.web.SpnegoEntryPoint" />

    <bean id="spnegoAuthenticationProcessingFilter"
        class="org.springframework.security.extensions.kerberos.web.SpnegoAuthenticationProcessingFilter">
        <property name="authenticationManager" ref="authenticationManager" />
    </bean>

    <sec:authentication-manager alias="authenticationManager">
        <sec:authentication-provider ref="kerberosServiceAuthenticationProvider" /> <!-- Used with SPNEGO -->
        <sec:authentication-provider user-service-ref="dummyUserDetailsService"/> <!-- Used with form login -->
    </sec:authentication-manager>



    <bean id="kerberosServiceAuthenticationProvider"
        class="org.springframework.security.extensions.kerberos.KerberosServiceAuthenticationProvider">
        <property name="ticketValidator">
            <bean
                class="org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator">
                <property name="servicePrincipal" value="HTTP/[email protected]" />
                <!-- Setting keyTabLocation to a classpath resource will most likely not work in a Java EE application Server -->
                <!-- See the Javadoc for more information on that -->
                <property name="keyTabLocation" value="file:/home/xxxxx/conf/krb5/krb5.keytab" />
                <property name="debug" value="true" />
            </bean>
        </property>
        <property name="userDetailsService" ref="dummyUserDetailsService" />
    </bean>

    <!-- This bean definition enables a very detailed Kerberos logging -->
    <bean
        class="org.springframework.security.extensions.kerberos.GlobalSunJaasKerberosConfig">
        <property name="debug" value="true" />
    </bean>

    <!--
        Just returns the User authenticated by Kerberos and gives him the
        ROLE_USER
    -->

    <bean id="dummyUserDetailsService"
        class="org.springframework.security.extensions.kerberos.sample.DummyUserDetailsService" />

</beans>

Ausnahme, die ich bekam:

org.springframework.security.authentication.BadCredentialsException: Kerberos validation not succesfull
        at org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator.validateTicket(SunJaasKerberosTicketValidator.java:69)
        at org.springframework.security.extensions.kerberos.KerberosServiceAuthenticationProvider.authenticate(KerberosServiceAuthenticationProvider.java:86)
        at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
        at org.springframework.security.extensions.kerberos.web.SpnegoAuthenticationProcessingFilter.doFilter(SpnegoAuthenticationProcessingFilter.java:131)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
        at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:182)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
        at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
        at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
        at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173)
        at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
        at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:224)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:169)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
        at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:927)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
        at org.apache.catalina.ha.session.JvmRouteBinderValve.invoke(JvmRouteBinderValve.java:219)
        at org.apache.catalina.ha.tcp.ReplicationValve.invoke(ReplicationValve.java:333)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
        at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:987)
        at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:579)
        at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:309)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
        at java.lang.Thread.run(Thread.java:722)
Caused by: java.security.PrivilegedActionException: GSSException: Failure unspecified at GSS-API level (Mechanism level: Invalid argument (400) - Cannot find key of appropriate
type to decrypt AP REP - RC4 with HMAC)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.Subject.doAs(Subject.java:415)
        at org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator.validateTicket(SunJaasKerberosTicketValidator.java:67)
        ... 29 more
Caused by: GSSException: Failure unspecified at GSS-API level (Mechanism level: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - RC4 with HMAC)
        at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:778)
        at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:342)
        at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:285)
        at sun.security.jgss.spnego.SpNegoContext.GSS_acceptSecContext(SpNegoContext.java:871)
        at sun.security.jgss.spnego.SpNegoContext.acceptSecContext(SpNegoContext.java:544)
        at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:342)
        at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:285)
        at org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator$KerberosValidateAction.run(SunJaasKerberosTicketValidator.java:146)
        at org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator$KerberosValidateAction.run(SunJaasKerberosTicketValidator.java:136)
        ... 32 more
Caused by: KrbException: Invalid argument (400) - Cannot find key of appropriate type to decrypt AP REP - RC4 with HMAC
        at sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:273)
        at sun.security.krb5.KrbApReq.<init>(KrbApReq.java:144)
        at sun.security.jgss.krb5.InitSecContextToken.<init>(InitSecContextToken.java:108)
        at sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:761)
        ... 40 more

Antworten auf die Frage(2)

Ihre Antwort auf die Frage

Top Fragen

0 die antwort

Wie erstelle ich einen Button für den Ampelcode in Javascript?

0 die antwort

Algorithmus kann nicht verstanden werden

0 die antwort

ragen Sie den Benutzer, ob er ein Python-Programm wiederholen möcht

0 die antwort

HTML 5 Video stretch

0 die antwort

Neo4j 3.0.x PostingsFormat mit dem Namen &#39;BlockTreeOrds&#39; existiert nicht