Is it possible to use Spring Web Services to make soap calls to Kerberos protected service?
Should I use Spring Security - Kerberos Extension?
Thanks!
Should I use Spring Security - Kerberos Extension?
Thanks!
-
-
It is possible.I have got spring security using kerberos authentication successfully working.
The code is:
<?xml version="1.0" encoding="UTF-8"?> <beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:util="http://www.springframework.org/schema/util" xmlns:beans="http://www.springframework.org/schema/beans" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schem...ring-beans.xsd http://www.springframework.org/schema/util http://www.springframework.org/schem...g-util-3.0.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd"> <http entry-point-ref="spnegoEntryPoint" auto-config="false"> <intercept-url pattern="/login*" access="IS_AUTHENTICATED_ANONYMOUSLY" /> <intercept-url pattern="/j_spring_security_check*" access="IS_AUTHENTICATED_ANONYMOUSLY"/> <intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY" /> <custom-filter ref="spnegoAuthenticationProcessingFilter" position="BASIC_AUTH_FILTER" /> <form-login login-page="/login.html" default-target-url="/" always-use-default-target="true"/> </http> <authentication-manager alias="authenticationManager"> <authentication-provider ref="kerberosServiceAuthenticationProvider" /> <authentication-provider ref="kerberosAuthenticationProvider"/> </authentication-manager> <beans:bean id="spnegoEntryPoint" class="org.springframework.security.extensions.kerberos. web.SpnegoEntryPoint" /> <beans:bean id="spnegoAuthenticationProcessingFilter" class="org.springframework.security.extensions.kerberos. web.SpnegoAuthenticationProcessingFilter"> <beans
roperty name="failureHandler"> <beans:bean class="org.springframework.security.web.authentication.E xceptionMappingAuthenticationFailureHandler"> <beansroperty name="defaultFailureUrl" value="/login.html" /> <beansroperty name="allowSessionCreation" value="true"/> </beans:bean> </beansroperty> <beansroperty name="authenticationManager" ref="authenticationManager" /> </beans:bean> <beans:bean id="kerberosServiceAuthenticationProvider" class="org.springframework.security.extensions.kerberos. KerberosServiceAuthenticationProvider"> <beansroperty name="ticketValidator"> <beans:bean class="org.springframework.security.extensions.kerberos. SunJaasKerberosTicketValidator"> <beansroperty name="servicePrincipal" value="HTTP/mywebserver.corpza.corp.co.za"/> <beansroperty name="keyTabLocation" value="classpath:mywebserver.keytab" /> <beansroperty name="debug" value="true"/> </beans:bean> </beansroperty> <beansroperty name="userDetailsService" ref="dummyUserDetailsService" /> </beans:bean> <beans:bean id="kerberosAuthenticationProvider" class="org.springframework.security.extensions.kerberos. KerberosAuthenticationProvider"> <beansroperty name="kerberosClient"> <beans:bean class="org.springframework.security.extensions.kerberos. SunJaasKerberosClient"> <beansroperty name="debug" value="true" /> </beans:bean> </beansroperty> <beansroperty name="userDetailsService" ref="dummyUserDetailsService" /> </beans:bean> <beans:bean class="org.springframework.security.extensions.kerberos. GlobalSunJaasKerberosConfig"> <beansroperty name="debug" value="true" /> <beansroperty name="krbConfLocation" value="/etc/krb5.conf" /> </beans:bean> <beans:bean id="dummyUserDetailsService" class="main.server.DummyUserDetailsService"/> </beans:beans>
-
Hello ashleyturnier ,
i tried . according to your example but i am getting below error.
Key for the principal HTTP/[email protected] not available in file:/C:/Eclipse%20Workspace/.metadata/.plugins/org.eclipse.wst.server.core/tmp0/wtpwebapps/oneecm-cms/WEB-INF/classes/testsso.keytab
[Krb5LoginModule] authentication failed
Unable to obtain password from user
Below is my Spring security config file.
-------------------------------------------------------------------------------------------------
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:sec="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schem...-beans-2.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<sec:http entry-point-ref="spnegoEntryPoint">
<sec:intercept-url pattern="/secure/**" access="IS_AUTHENTICATED_FULLY" />
<sec:custom-filter ref="spnegoAuthenticationProcessingFilter" position="PRE_AUTH_FILTER" />
</sec:http>
<bean id="spnegoEntryPoint"
class="org.springframework.security.extensions.ker beros.web.SpnegoEntryPoint" />
<bean id="spnegoAuthenticationProcessingFilter"
class="org.springframework.security.extensions.ker beros.web.SpnegoAuthenticationProcessingFilter">
<property name="authenticationManager" ref="authenticationManager" />
</bean>
<sec:authentication-manager alias="authenticationManager">
<sec:authentication-provider ref="kerberosServiceAuthenticationProvider" />
</sec:authentication-manager>
<bean id="kerberosServiceAuthenticationProvider"
class="org.springframework.security.extensions.ker beros.KerberosServiceAuthenticationProvider">
<property name="ticketValidator">
<bean
class="org.springframework.security.extensions.ker beros.SunJaasKerberosTicketValidator">
<property name="servicePrincipal" value="HTTP/testsso.oneecm.net" />
<property name="keyTabLocation" value="classpath:testsso.keytab" />
<property name="debug" value="true"/>
</bean>
</property>
<property name="userDetailsService" ref="dummyUserDetailsService" />
</bean>
<!-- Just returns the User authenticated by Kerberos and gives him the ROLE_USER -->
<bean id="dummyUserDetailsService" class=" com.cms.service.security.DummyUserDetailsService"/>
<bean id="inMemoryUserDetailsService"
class="org.springframework.security.core.userdetai ls.memory.InMemoryDaoImpl">
<property name="userProperties">
<value>
[email protected]=notUsed,ROLE_ADMIN
</value>
</property>
</bean>
</beans>
------------------------------------------------------------------------------------------------------------------------------------------
Thanks
Vishal
Comment
-
Ok i got solution by changing this line with <property name="keyTabLocation" value="classpath:testsso.keytab" />
<property name="keyTabLocation" value="file\\c:\testsso.keytab" />Comment
Comment