Announcement Announcement Module
Collapse
No announcement yet.
Spring Security - Kerberos - LoginException: Unable to obtain password from the user Page Title Module
Move Remove Collapse
This topic is closed
X
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring Security - Kerberos - LoginException: Unable to obtain password from the user

    Hello,

    I have this configuration:

    - Windows Server 2008 R2 running on VirtualBox on another PC, I can see (ping) the server, so it's working. I generated the keytab file and copied it to another PC.
    - The other PC has openSUSE on it and uses Glassfish as a webserver.
    - I copied the content of the web.xml from the sample to mine. I also did this with the spnego.xml (the name of my xml is dispatcher-servlet-kerberos.xml).
    - I changed the keyTabLocation to "file:/etc/http-web.keytab" and the servicePrincipal to "HTTP/xxx.xxx.xxx.xxx" (the IP of the Windows Server - which reponses to ping)

    I can't even deploy the application because of this exception:

    Code:
    org.springframework.beans.factory.BeanCreationException: Error creating bean with name '_authenticationManager': Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: No authentication providers were found in the application context
    dispatcher-servlet-kerberos.xml has the following structure:

    Code:
    <?xml version="1.0" encoding="UTF-8"?>
    <beans xmlns="http://www.springframework.org/schema/beans"
    	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:sec="http://www.springframework.org/schema/security"
    	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
    		http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">
    
    	<sec:http entry-point-ref="spnegoEntryPoint">
    		<sec:intercept-url pattern="/secure/**" access="IS_AUTHENTICATED_FULLY" />
    		<sec:custom-filter ref="spnegoAuthenticationProcessingFilter"
    			position="BASIC_AUTH_FILTER" />
    	</sec:http>
    
    	<bean id="spnegoEntryPoint"
    		class="org.springframework.security.extensions.kerberos.web.SpnegoEntryPoint" />
    
    	<bean id="spnegoAuthenticationProcessingFilter"
    		class="org.springframework.security.extensions.kerberos.web.SpnegoAuthenticationProcessingFilter">
    		<property name="authenticationManager" ref="authenticationManager" />
    	</bean>
    
    	<bean id="kerberosServiceAuthenticationProvider"
    		class="org.springframework.security.extensions.kerberos.KerberosServiceAuthenticationProvider">
    		<property name="ticketValidator">
    			<bean
    				class="org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator">
    				<property name="servicePrincipal" value="HTTP/xxx.xxx.xxx.xxx" />
    				<!-- Setting keyTabLocation to a classpath resource will most likely not work in a Java EE application Server -->
    				<!-- See the Javadoc for more information on that -->
    				<property name="keyTabLocation" value="file:/etc/http-web.keytab" />
    				<property name="debug" value="true" />
    			</bean>
    		</property>
    		<property name="userDetailsService" ref="dummyUserDetailsService" />
    	</bean>
    
    	<sec:authentication-manager alias="authenticationManager">
    		<sec:authentication-provider ref="kerberosServiceAuthenticationProvider" />
    	</sec:authentication-manager>
    
    
    
    
    
    	<!-- This bean definition enables a very detailed Kerberos logging -->
    	<bean
    		class="org.springframework.security.extensions.kerberos.GlobalSunJaasKerberosConfig">
    		<property name="debug" value="true" />
    	</bean>
    
    	<!--
    		Just returns the User authenticated by Kerberos and gives him the
    		ROLE_USER
    	-->
    	<bean id="dummyUserDetailsService"
    		class="org.springframework.security.extensions.kerberos.sample.DummyUserDetailsService" />
    
    </beans>
    The dummyUserDetailsService is the same as the one in the sample.

    I'm using NetBeans IDE 6.9, the java -version:
    java version "1.6.0_21"
    Java(TM) SE Runtime Environment (build 1.6.0_21-b06)
    Java HotSpot(TM) 64-Bit Server VM (build 17.0-b16, mixed mode)

    Any idea what can cause this problem?

    Thanks,
    Norbert

  • #2
    Looks like you might have a Spring Security 2 jar on your classpath somewhere.

    Comment


    • #3
      Thanks, perhaps this was the reason why it didn't work. Now I can deploy it at least. The problem is that I'm not asked the username and password at all. I'm using the website from a computer which credentials aren't in the KDC, so I'm not supposed to be allowed to see the site.

      I also tried out spnego. I followed the spnego's description on the official site. I could successfully run the HelloKDC example, but when I tried to run the second HelloKeytab example, I got this:

      Code:
      No valid credentials provided (Mechanism level: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7)))
      It seems that I can't connect to the server. What is the problem now? I thought that the first example was to check whether I have correct configuration in these files: krb5.conf, login.conf and http-web.keytab.

      Comment

      Working...
      X