cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Sliwak <michael.sli...@raytion.com>
Subject Re: Client HTTP transport with Kerberos/SPNEGO
Date Mon, 12 Sep 2011 12:38:49 GMT
Hi Christian!

Setting the corresponding registry key on windows does not have any effect.

Just one quick question before I dive more in to the code of CXF. Do I have to 
specify a login.conf for JGSS when using CXF?

The Javadoc for the LoginContext states 
(http://download.oracle.com/javase/1,5.0/docs/api/javax/security/auth/login/LoginContext.html#LoginContext(java.lang.String,
%20javax.security.auth.callback.CallbackHandler):

Throws:
LoginException - if the caller-specified name does not appear in the 
Configuration and there is no Configuration entry for "other", if the caller-
specified subject is null, or if the auth.login.defaultCallbackHandler security 
property was set, but the implementation class could not be loaded.

I have a slight suspicion that I'm still missing some configuration.

Michael



On Monday 12 September 2011 13:19:16 Christian Schneider wrote:
> I am not sure about the first exception. Could you debug into the code
> and try to find out more about the point where the exception happens?
> 
> About the second problem when using no username and password on windows.
> Can you check if you have the registry setting that allows java to use
> the tgt?
> See: http://www.javaactivedirectory.com/?page_id=93
> 
> Christian
> 
> Am 12.09.2011 13:07, schrieb Michael Sliwak:
> > Hello everyone!
> > 
> > According to
> > http://cxf.apache.org/docs/client-http-transport-including-ssl-
> > support.html#ClientHTTPTransport%28includingSSLsupport%29-
> > SpnegoAuthentication%28Kerberos%29 CXF should be able to handle
> > Kerberos/SPNEGO authentication when accessing web services.
> > 
> > I'm trying to access an ASP.NET Web Service that is secured by Kerberos
> > (Integrated Windows authentication) using CXF.
> > 
> > I have configured everything as stated in the documentation. Here's my
> > cxf.xml
> > 
> > <?xml version="1.0" encoding="UTF-8"?>
> > 
> > <beans xmlns="http://www.springframework.org/schema/beans"
> > 
> >    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> > 
> > xmlns:sec="http://cxf.apache.org/configuration/security"
> > 
> >    xmlns:http="http://cxf.apache.org/transports/http/configuration"
> >    xmlns:jaxws="http://cxf.apache.org/jaxws"
> >    xsi:schemaLocation="
> >    
> >             http://cxf.apache.org/configuration/security
> >             http://cxf.apache.org/schemas/configuration/secu
> >             rity.xsd
> >             http://cxf.apache.org/transports/http/configurat
> >             ion
> >             http://cxf.apache.org/schemas/configuration/http
> >             -conf.xsd
> >             http://cxf.apache.org/jaxws
> >             http://cxf.apache.org/schemas/jaxws.xsd
> >             http://www.springframework.org/schema/beans
> >             http://www.springframework.org/schema/beans/spri
> >             ng-beans.xsd">>    
> >    <http:conduit
> >    name="{http://some.name.space/}SoapPort.http-conduit">
> >    
> >      <http:client AllowChunking="false" />
> >      <http:authorization>
> >      
> >        <sec:UserName>username</sec:UserName>
> >        <sec:Password>password</sec:Password>
> >        <sec:AuthorizationType>Negotiate</sec:AuthorizationType>
> >      
> >      </http:authorization>
> >    
> >    </http:conduit>
> > 
> > </beans>
> > 
> > Whenever i run my code, i get the following exception:
> > 
> > Caused by: java.lang.RuntimeException: Invalid null input: name
> > 
> > 	at
> > 
> > org.apache.cxf.transport.http.auth.SpnegoAuthSupplier.getAuthorization(S
> > pnegoAuthSupplier.java:80)> 
> > 	at
> > 
> > org.apache.cxf.transport.http.HTTPConduit.setHeadersByAuthorizationPolic
> > y(HTTPConduit.java:771)> 
> > 	at
> > 	org.apache.cxf.transport.http.HTTPConduit.prepare(HTTPConduit.java:54
> > 	1) at
> > 
> > org.apache.cxf.interceptor.MessageSenderInterceptor.handleMessage(Messag
> > eSenderInterceptor.java:46)> 
> > 	at
> > 
> > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorC
> > hain.java:263)> 
> > 	at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:519)
> > 	at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:449)
> > 	at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:352)
> > 	at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:304)
> > 	at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:88)
> > 	at
> > 	org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:13
> > 	4) ... 2 more
> > 
> > Caused by: javax.security.auth.login.LoginException: Invalid null input:
> > name> 
> > 	at javax.security.auth.login.LoginContext.init(LoginContext.java:229)
> > 	at
> > 	javax.security.auth.login.LoginContext.<init>(LoginContext.java:403)
> > 	at
> > 
> > org.apache.cxf.transport.http.auth.SpnegoAuthSupplier.getToken(SpnegoAut
> > hSupplier.java:104)> 
> > 	at
> > 
> > org.apache.cxf.transport.http.auth.SpnegoAuthSupplier.getToken(SpnegoAut
> > hSupplier.java:144)> 
> > 	at
> > 
> > org.apache.cxf.transport.http.auth.SpnegoAuthSupplier.getAuthorization(S
> > pnegoAuthSupplier.java:77)> 
> > 	... 12 more
> > 
> > This happens on both Windows and Linux.
> > 
> > krb5.conf/krb5.ini is present and found by Java.
> > 
> > On the other hand, when I leave the Username and password blank i get an
> > exception that no TGT could be aquired. Anyhow 'klist' on both Windows
> > and Linux states that there is a TGT available in the cache.
> > 
> > Caused by: java.lang.RuntimeException: No valid credentials provided
> > (Mechanism level: No valid credentials provided (Mechanism level: Failed
> > to find any Kerberos tgt))
> > 
> > 	at
> > 
> > org.apache.cxf.transport.http.auth.SpnegoAuthSupplier.getAuthorization(S
> > pnegoAuthSupplier.java:82)> 
> > 	at
> > 
> > org.apache.cxf.transport.http.HTTPConduit.setHeadersByAuthorizationPolic
> > y(HTTPConduit.java:771)> 
> > 	at
> > 	org.apache.cxf.transport.http.HTTPConduit.prepare(HTTPConduit.java:54
> > 	1) at
> > 
> > org.apache.cxf.interceptor.MessageSenderInterceptor.handleMessage(Messag
> > eSenderInterceptor.java:46)> 
> > 	at
> > 
> > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorC
> > hain.java:263)> 
> > 	at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:519)
> > 	at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:449)
> > 	at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:352)
> > 	at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:304)
> > 	at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:88)
> > 	at
> > 	org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:13
> > 	4) ... 2 more
> > 
> > Caused by: GSSException: No valid credentials provided (Mechanism level:
> > No valid credentials provided (Mechanism level: Failed to find any
> > Kerberos tgt))> 
> > 	at
> > 
> > sun.security.jgss.spnego.SpNegoContext.initSecContext(SpNegoContext.java
> > :450)> 
> > 	at
> > 	sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:2
> > 	30) at
> > 	sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:1
> > 	62) at
> > 
> > org.apache.cxf.transport.http.auth.SpnegoAuthSupplier.getToken(SpnegoAut
> > hSupplier.java:100)> 
> > 	at
> > 
> > org.apache.cxf.transport.http.auth.SpnegoAuthSupplier.getToken(SpnegoAut
> > hSupplier.java:144)> 
> > 	at
> > 
> > org.apache.cxf.transport.http.auth.SpnegoAuthSupplier.getAuthorization(S
> > pnegoAuthSupplier.java:77)> 
> > 	... 12 more
> > 
> > Caused by: GSSException: No valid credentials provided (Mechanism level:
> > Failed to find any Kerberos tgt)
> > 
> > 	at
> > 
> > sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential
> > .java:130)> 
> > 	at
> > 
> > sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFact
> > ory.java:106)> 
> > 	at
> > 
> > sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFacto
> > ry.java:172)> 
> > 	at
> > 
> > sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java
> > :209)> 
> > 	at
> > 	sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:1
> > 	95) at
> > 	sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:1
> > 	62) at
> > 
> > sun.security.jgss.spnego.SpNegoContext.GSS_initSecContext(SpNegoContext.
> > java:851)> 
> > 	at
> > 
> > sun.security.jgss.spnego.SpNegoContext.initSecContext(SpNegoContext.java
> > :309)> 
> > 	... 17 more
> > 
> > Did I miss anything in my configuration?
> > 
> > Thanks in advance!


Mime
View raw message