Announcement Announcement Module
No announcement yet.
Setting up Acegi + CAS + Kerberos Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Setting up Acegi + CAS + Kerberos

    My company uses Kerberos servers for Unix and Windows authentication. I want to set up CAS using Acegi and Spring for a single sign on service for all of my company's intranet applications. However, I can't find a clean "Spring Way" of telling Acegi's JaasAuthenticationProvider which Kerberos servers to use.

    My problem is simple: I need to define two system properties in order for JaasAuthenticationProvider to use Kerberos (see

    My initial attempt (which just feels non-Springy) was to create a simple Java bean with two setters, setKrb5Realm() and setKrb5Kdc(), which internally calls java.lang.System.setProperties(). I do configure this bean in /WEB-INF/applicationContext.xml, but it seems like there should be a "Spring Way" to set system properties.

    I tried using a technique to set system properties described in, but it blows up Tomcat with a java.lang.NullPointerException coming from Catalina.

    Has anyone else used Acegi and Kerberos in a Web application successfully? How do I set these two Kerberos system properties in /WEB-INF/applicationContext.xml? Am I all wrong in my approach?

    Warmest regards, Matt
    Last edited by robyn; May 14th, 2006, 05:45 PM.

  • #2
    Heya Matt.
    The JaasAuthenticationProvider really doesn't know anything about how your using Jaas. The code really just acts as a bridge between Acegi and Jaas.

    You are definately on the right path when asking the, "How do I set system properties in Spring?" question. The JaasAuthenticationProvider has to do exactly what you're talking about in it's configuration. Take a look at JaasAuthenticationProvider in viewcvs

    Take a look at the afterPropertiesSet method. There is no way in the JAAS api to tell the LoginContext class what login configuration file to load, so I set system properties. Just like you have no way to tell the Krb5LoginModule what realm or kdc to use.

    You could write a bean you like you had mentioned before, with a setKrb5Realm and setKrb5Kdc methods that both just call their respect System.setProperty() methods. It's not the most elegant way, I would imagine there is a cleaner route (I just don't know it).

    I looked over the other post you made about setting system properties. The problem there is your missing the static stuff, take another look at the java doc there. That route definately takes up a lot more space in your application xml.