1
我的應用程序使用Grails,Spring,Kerberos。使用Kerberos進行域身份驗證失敗
的applicationContext.xml
<beans
...
<sec:http entry-point-ref="spnegoEntryPoint">
<sec:intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY" />
<sec:custom-filter ref="spnegoAuthenticationProcessingFilter"
position="BASIC_AUTH_FILTER" />
</sec:http>
<bean id="spnegoEntryPoint"
class="org.springframework.security.kerberos.web.authentication.SpnegoEntryPoint" />
<bean id="spnegoAuthenticationProcessingFilter"
class="org.springframework.security.kerberos.web.authentication.SpnegoAuthenticationProcessingFilter">
<property name="authenticationManager" ref="authenticationManager" />
</bean>
<sec:authentication-manager alias="authenticationManager">
<sec:authentication-provider ref="kerberosServiceAuthenticationProvider" />
</sec:authentication-manager>
<bean id="kerberosServiceAuthenticationProvider"
class="org.springframework.security.kerberos.authentication.KerberosServiceAuthenticationProvider">
<property name="ticketValidator">
<bean class="org.springframework.security.kerberos.authentication.sun.SunJaasKerberosTicketValidator">
<property name="servicePrincipal" value="HTTP/[email protected]" />
<property name="keyTabLocation" value="file:/u/tomcat/app/apache-tomcat-7.0.11/lib/http-web.keytab"/>
<property name="debug" value="true" />
</bean>
</property>
<property name="userDetailsService" ref="dummyUserDetailsService" />
</bean>
<bean class="org.springframework.security.kerberos.authentication.sun.GlobalSunJaasKerberosConfig">
<property name="debug" value="true" />
<property name="krbConfLocation" value="/etc/krb5.conf" />
</bean>
<bean id="dummyUserDetailsService"
class="com.spring.security.kerberos.sample.user.DummyUserDetailsService" />
</beans>
當我部署我的應用程序,並在瀏覽器中輸入我的域名登錄/密碼,我得到提琴手以下請求:
GET http://my.host.com:8080/myapp HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: ru-RU
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: my.host.com:8080
Cookie: JSESSIONID=EDE49792033A8FC877427704DBE26D85
Proxy-Connection: Keep-Alive
DNT: 1
Authorization: Negotiate YIIHDw...=
據我瞭解, Kerberos域身份驗證成功。但在網頁上我看到:
java.lang.NullPointerException
at org.springframework.security.kerberos.authentication.sun.SunJaasKerberosTicketValidator$KerberosValidateAction.run(SunJaasKerberosTicketValidator.java:162)
at org.springframework.security.kerberos.authentication.sun.SunJaasKerberosTicketValidator$KerberosValidateAction.run(SunJaasKerberosTicketValidator.java:151)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:422)
at org.springframework.security.kerberos.authentication.sun.SunJaasKerberosTicketValidator.validateTicket(SunJaasKerberosTicketValidator.java:66)
at org.springframework.security.kerberos.authentication.KerberosServiceAuthenticationProvider.authenticate(KerberosServiceAuthenticationProvider.java:64)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
....
NPE出現在行
String user = context.getSrcName().toString();
因爲context.getSrcName()== NULL。 有什麼不對?
P.S .:另外一個時刻:當我輸入錯誤密碼時,它再次向我詢問。
嗯,對我來說這不是一個選項,不幸的是,我遇到了同樣的錯誤。 –