Announcement Announcement Module
Collapse
No announcement yet.
Spring Web Services + Kerberos Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Spring Web Services + Kerberos

    Is it possible to use Spring Web Services to make soap calls to Kerberos protected service?

    Should I use Spring Security - Kerberos Extension?

    Thanks!

  • #2
    It is possible.I have got spring security using kerberos authentication successfully working.

    The code is:


    <?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:util="http://www.springframework.org/schema/util" xmlns:beans="http://www.springframework.org/schema/beans" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schem...ring-beans.xsd http://www.springframework.org/schema/util http://www.springframework.org/schem...g-util-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"> <http entry-point-ref="spnegoEntryPoint" auto-config="false"> <intercept-url pattern="/login*" access="IS_AUTHENTICATED_ANONYMOUSLY" /> <intercept-url pattern="/j_spring_security_check*" access="IS_AUTHENTICATED_ANONYMOUSLY"/> <intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY" /> <custom-filter ref="spnegoAuthenticationProcessingFilter" position="BASIC_AUTH_FILTER" /> <form-login login-page="/login.html" default-target-url="/" always-use-default-target="true"/> </http> <authentication-manager alias="authenticationManager"> <authentication-provider ref="kerberosServiceAuthenticationProvider" /> <authentication-provider ref="kerberosAuthenticationProvider"/> </authentication-manager> <beans:bean id="spnegoEntryPoint" class="org.springframework.security.extensions.kerberos. web.SpnegoEntryPoint" /> <beans:bean id="spnegoAuthenticationProcessingFilter" class="org.springframework.security.extensions.kerberos. web.SpnegoAuthenticationProcessingFilter"> <beansroperty name="failureHandler"> <beans:bean class="org.springframework.security.web.authentication.E xceptionMappingAuthenticationFailureHandler"> <beansroperty name="defaultFailureUrl" value="/login.html" /> <beansroperty name="allowSessionCreation" value="true"/> </beans:bean> </beansroperty> <beansroperty name="authenticationManager" ref="authenticationManager" /> </beans:bean> <beans:bean id="kerberosServiceAuthenticationProvider" class="org.springframework.security.extensions.kerberos. KerberosServiceAuthenticationProvider"> <beansroperty name="ticketValidator"> <beans:bean class="org.springframework.security.extensions.kerberos. SunJaasKerberosTicketValidator"> <beansroperty name="servicePrincipal" value="HTTP/mywebserver.corpza.corp.co.za"/> <beansroperty name="keyTabLocation" value="classpath:mywebserver.keytab" /> <beansroperty name="debug" value="true"/> </beans:bean> </beansroperty> <beansroperty name="userDetailsService" ref="dummyUserDetailsService" /> </beans:bean> <beans:bean id="kerberosAuthenticationProvider" class="org.springframework.security.extensions.kerberos. KerberosAuthenticationProvider"> <beansroperty name="kerberosClient"> <beans:bean class="org.springframework.security.extensions.kerberos. SunJaasKerberosClient"> <beansroperty name="debug" value="true" /> </beans:bean> </beansroperty> <beansroperty name="userDetailsService" ref="dummyUserDetailsService" /> </beans:bean> <beans:bean class="org.springframework.security.extensions.kerberos. GlobalSunJaasKerberosConfig"> <beansroperty name="debug" value="true" /> <beansroperty name="krbConfLocation" value="/etc/krb5.conf" /> </beans:bean> <beans:bean id="dummyUserDetailsService" class="main.server.DummyUserDetailsService"/> </beans:beans>

    Comment


    • #3
      Hello ashleyturnier ,

      i tried . according to your example but i am getting below error.

      Key for the principal HTTP/[email protected] not available in file:/C:/Eclipse%20Workspace/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/wtpwebapps/oneecm-cms/WEB-INF/classes/testsso.keytab
      [Krb5LoginModule] authentication failed
      Unable to obtain password from user

      Below is my Spring security config file.
      -------------------------------------------------------------------------------------------------
      <?xml version="1.0" encoding="UTF-8"?>
      <beans xmlns="http://www.springframework.org/schema/beans"
      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:sec="http://www.springframework.org/schema/security"
      xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schem...-beans-2.0.xsd
      http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">

      <sec:http entry-point-ref="spnegoEntryPoint">
      <sec:intercept-url pattern="/secure/**" access="IS_AUTHENTICATED_FULLY" />
      <sec:custom-filter ref="spnegoAuthenticationProcessingFilter" position="PRE_AUTH_FILTER" />
      </sec:http>

      <bean id="spnegoEntryPoint"
      class="org.springframework.security.extensions.ker beros.web.SpnegoEntryPoint" />

      <bean id="spnegoAuthenticationProcessingFilter"
      class="org.springframework.security.extensions.ker beros.web.SpnegoAuthenticationProcessingFilter">
      <property name="authenticationManager" ref="authenticationManager" />
      </bean>

      <sec:authentication-manager alias="authenticationManager">
      <sec:authentication-provider ref="kerberosServiceAuthenticationProvider" />
      </sec:authentication-manager>

      <bean id="kerberosServiceAuthenticationProvider"
      class="org.springframework.security.extensions.ker beros.KerberosServiceAuthenticationProvider">
      <property name="ticketValidator">
      <bean
      class="org.springframework.security.extensions.ker beros.SunJaasKerberosTicketValidator">
      <property name="servicePrincipal" value="HTTP/testsso.oneecm.net" />
      <property name="keyTabLocation" value="classpath:testsso.keytab" />
      <property name="debug" value="true"/>
      </bean>
      </property>
      <property name="userDetailsService" ref="dummyUserDetailsService" />
      </bean>

      <!-- Just returns the User authenticated by Kerberos and gives him the ROLE_USER -->
      <bean id="dummyUserDetailsService" class=" com.cms.service.security.DummyUserDetailsService"/>

      <bean id="inMemoryUserDetailsService"
      class="org.springframework.security.core.userdetai ls.memory.InMemoryDaoImpl">
      <property name="userProperties">
      <value>
      [email protected]=notUsed,ROLE_ADMIN
      </value>
      </property>
      </bean>
      </beans>
      ------------------------------------------------------------------------------------------------------------------------------------------

      Thanks
      Vishal

      Comment


      • #4
        Ok i got solution by changing this line with <property name="keyTabLocation" value="classpath:testsso.keytab" />

        <property name="keyTabLocation" value="file\\c:\testsso.keytab" />

        Comment

        Working...
        X