cxf-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Paul O'Brien" <paul.obrien...@gmail.com>
Subject JAXRS service with CXF KerberosAuthenticationFilter
Date Wed, 08 Jan 2014 10:00:46 GMT
Hi All,

Trying to setup CXF JAXRS with Kerberos authentication (Active Directory
KDC), the CXF endpoint works fine however I'm unable to successfully
authenticate once the Kerberos Filter is activated.

Using the sample code on the Apache CXF project homepage as a guide:
http://cxf.apache.org/docs/jaxrs-kerberos.html

My project cxf-servlet.conf file has the Kerberos filter enabled as per
below:

<bean id="kerberosFilter"
class="org.apache.cxf.jaxrs.security.KerberosAuthenticationFilter">
<property name="loginContextName" value="KerberosServer"/>
</bean>

<jaxrs:server>
<jaxrs:serviceBeans>
<bean class="org.mycompany.MyCompanyResource"/>
</jaxrs:serviceBeans>
<jaxrs:providers>
<ref bean="kerberosFilter">
</jaxrs:providers>
</jaxrs:server>

My jaas.conf file has been placed in the /src/main/webapp/WEB-INF directory
and contains the following:

KerberosServer {
com.sun.security.auth.module.Krb5LoginModule required storeKey=true;
};
KerberosServerKeyTab {
com.sun.security.auth.module.Krb5LoginModule required
storeKey=true
refreshKrb5Config=true
useKeyTab=true
keyTab="/etc/tomcat.keytab"
principal="HTTP/<Hosting Workstation name>@<Valid REALM>";
};

However the following exception is received when making a call against the
protected service:
Jan 08, 2014 3:57:01 PM
org.apache.cxf.jaxrs.impl.WebApplicationExceptionMapper toResponse
WARNING: javax.ws.rs.NotAuthorizedException
at
org.apache.cxf.jaxrs.security.KerberosAuthenticationFilter.handleRequest(KerberosAuthenticationFilter.java:117)
at
org.apache.cxf.jaxrs.interceptor.JAXRSInInterceptor.processRequest(JAXRSInInterceptor.java:208)
at
org.apache.cxf.jaxrs.interceptor.JAXRSInInterceptor.handleMessage(JAXRSInInterceptor.java:90)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:272)
at
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:121)
at
org.apache.cxf.transport.http.AbstractHTTPDestination.invoke(AbstractHTTPDestination.java:239)
at
org.apache.cxf.transport.servlet.ServletController.invokeDestination(ServletController.java:248)
at
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:222)
at
org.apache.cxf.transport.servlet.ServletController.invoke(ServletController.java:153)
at
org.apache.cxf.transport.servlet.CXFNonSpringServlet.invoke(CXFNonSpringServlet.java:167)
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.handleRequest(AbstractHTTPServlet.java:286)
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.doGet(AbstractHTTPServlet.java:211)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:621)
at
org.apache.cxf.transport.servlet.AbstractHTTPServlet.service(AbstractHTTPServlet.java:262)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:305)
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:171)
at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:953)
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at
org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1023)
at
org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:589)
at
org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:724)

My initial thought was that the jaas.conf wasn't being read and applied but
even setting the java.security.auth.login.config variable in the tomcat
setenv.sh script seemingly hasn't worked.

Any ideas on why the above isn't working or how I can debug further?

Thanks in advance.

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message