Announcement Announcement Module
No announcement yet.
Spring Security - Kerberos - LoginException: Unable to obtain password from the user Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring Security - Kerberos - LoginException: Unable to obtain password from the user


    I have this configuration:

    - Windows Server 2008 R2 running on VirtualBox on another PC, I can see (ping) the server, so it's working. I generated the keytab file and copied it to another PC.
    - The other PC has openSUSE on it and uses Glassfish as a webserver.
    - I copied the content of the web.xml from the sample to mine. I also did this with the spnego.xml (the name of my xml is dispatcher-servlet-kerberos.xml).
    - I changed the keyTabLocation to "file:/etc/http-web.keytab" and the servicePrincipal to "HTTP/" (the IP of the Windows Server - which reponses to ping)

    I can't even deploy the application because of this exception:

    org.springframework.beans.factory.BeanCreationException: Error creating bean with name '_authenticationManager': Invocation of init method failed; nested exception is java.lang.IllegalArgumentException: No authentication providers were found in the application context
    dispatcher-servlet-kerberos.xml has the following structure:

    <?xml version="1.0" encoding="UTF-8"?>
    <beans xmlns=""
    	xmlns:xsi="" xmlns:sec=""
    	<sec:http entry-point-ref="spnegoEntryPoint">
    		<sec:intercept-url pattern="/secure/**" access="IS_AUTHENTICATED_FULLY" />
    		<sec:custom-filter ref="spnegoAuthenticationProcessingFilter"
    			position="BASIC_AUTH_FILTER" />
    	<bean id="spnegoEntryPoint"
    		class="" />
    	<bean id="spnegoAuthenticationProcessingFilter"
    		<property name="authenticationManager" ref="authenticationManager" />
    	<bean id="kerberosServiceAuthenticationProvider"
    		<property name="ticketValidator">
    				<property name="servicePrincipal" value="HTTP/" />
    				<!-- Setting keyTabLocation to a classpath resource will most likely not work in a Java EE application Server -->
    				<!-- See the Javadoc for more information on that -->
    				<property name="keyTabLocation" value="file:/etc/http-web.keytab" />
    				<property name="debug" value="true" />
    		<property name="userDetailsService" ref="dummyUserDetailsService" />
    	<sec:authentication-manager alias="authenticationManager">
    		<sec:authentication-provider ref="kerberosServiceAuthenticationProvider" />
    	<!-- This bean definition enables a very detailed Kerberos logging -->
    		<property name="debug" value="true" />
    		Just returns the User authenticated by Kerberos and gives him the
    	<bean id="dummyUserDetailsService"
    		class="" />
    The dummyUserDetailsService is the same as the one in the sample.

    I'm using NetBeans IDE 6.9, the java -version:
    java version "1.6.0_21"
    Java(TM) SE Runtime Environment (build 1.6.0_21-b06)
    Java HotSpot(TM) 64-Bit Server VM (build 17.0-b16, mixed mode)

    Any idea what can cause this problem?


  • #2
    Looks like you might have a Spring Security 2 jar on your classpath somewhere.


    • #3
      Thanks, perhaps this was the reason why it didn't work. Now I can deploy it at least. The problem is that I'm not asked the username and password at all. I'm using the website from a computer which credentials aren't in the KDC, so I'm not supposed to be allowed to see the site.

      I also tried out spnego. I followed the spnego's description on the official site. I could successfully run the HelloKDC example, but when I tried to run the second HelloKeytab example, I got this:

      No valid credentials provided (Mechanism level: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7)))
      It seems that I can't connect to the server. What is the problem now? I thought that the first example was to check whether I have correct configuration in these files: krb5.conf, login.conf and http-web.keytab.