Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can you provide an example of a spring boot integrated kerberos? #140

Open
zhengdayday opened this issue Mar 19, 2019 · 3 comments
Open

Can you provide an example of a spring boot integrated kerberos? #140

zhengdayday opened this issue Mar 19, 2019 · 3 comments

Comments

@zhengdayday
Copy link

No description provided.

@GyllingSW
Copy link

GyllingSW commented Mar 19, 2019 via email

@zhengdayday
Copy link
Author

/usr/lib/jvm/jdk-11.0.1/bin/java -agentlib:jdwp=transport=dt_socket,address=127.0.0.1:43145,suspend=y,server=n -XX:TieredStopAtLevel=1 -noverify -Dspring.output.ansi.enabled=always -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=37917 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Djava.rmi.server.hostname=localhost -Dspring.liveBeansView.mbeanDomain -Dspring.application.admin.enabled=true -javaagent:/opt/idea-IU-182.4892.20/lib/rt/debugger-agent.jar=file:/tmp/capture.props -Dfile.encoding=UTF-8 -classpath /home/dayday/Downloads/kerberos-demo/target/classes:/home/dayday/.m2/repository/org/springframework/boot/spring-boot-starter-web/1.5.4.RELEASE/spring-boot-starter-web-1.5.4.RELEASE.jar:/home/dayday/.m2/repository/org/springframework/boot/spring-boot-starter/1.5.4.RELEASE/spring-boot-starter-1.5.4.RELEASE.jar:/home/dayday/.m2/repository/org/springframework/boot/spring-boot/1.5.4.RELEASE/spring-boot-1.5.4.RELEASE.jar:/home/dayday/.m2/repository/org/springframework/boot/spring-boot-autoconfigure/1.5.4.RELEASE/spring-boot-autoconfigure-1.5.4.RELEASE.jar:/home/dayday/.m2/repository/org/yaml/snakeyaml/1.17/snakeyaml-1.17.jar:/home/dayday/.m2/repository/org/springframework/boot/spring-boot-starter-tomcat/1.5.4.RELEASE/spring-boot-starter-tomcat-1.5.4.RELEASE.jar:/home/dayday/.m2/repository/org/apache/tomcat/embed/tomcat-embed-websocket/8.5.15/tomcat-embed-websocket-8.5.15.jar:/home/dayday/.m2/repository/org/hibernate/hibernate-validator/5.3.5.Final/hibernate-validator-5.3.5.Final.jar:/home/dayday/.m2/repository/javax/validation/validation-api/1.1.0.Final/validation-api-1.1.0.Final.jar:/home/dayday/.m2/repository/org/jboss/logging/jboss-logging/3.3.1.Final/jboss-logging-3.3.1.Final.jar:/home/dayday/.m2/repository/com/fasterxml/classmate/1.3.3/classmate-1.3.3.jar:/home/dayday/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.8/jackson-databind-2.8.8.jar:/home/dayday/.m2/repository/com/fasterxml/jackson/core/jackson-annotations/2.8.0/jackson-annotations-2.8.0.jar:/home/dayday/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.8.8/jackson-core-2.8.8.jar:/home/dayday/.m2/repository/org/springframework/spring-web/4.3.9.RELEASE/spring-web-4.3.9.RELEASE.jar:/home/dayday/.m2/repository/org/springframework/spring-webmvc/4.3.9.RELEASE/spring-webmvc-4.3.9.RELEASE.jar:/home/dayday/.m2/repository/org/springframework/spring-expression/4.3.9.RELEASE/spring-expression-4.3.9.RELEASE.jar:/home/dayday/.m2/repository/org/springframework/boot/spring-boot-starter-security/1.5.4.RELEASE/spring-boot-starter-security-1.5.4.RELEASE.jar:/home/dayday/.m2/repository/org/springframework/spring-aop/4.3.9.RELEASE/spring-aop-4.3.9.RELEASE.jar:/home/dayday/.m2/repository/org/springframework/security/spring-security-config/4.2.3.RELEASE/spring-security-config-4.2.3.RELEASE.jar:/home/dayday/.m2/repository/org/springframework/security/spring-security-web/4.2.3.RELEASE/spring-security-web-4.2.3.RELEASE.jar:/home/dayday/.m2/repository/org/springframework/boot/spring-boot-starter-logging/1.5.4.RELEASE/spring-boot-starter-logging-1.5.4.RELEASE.jar:/home/dayday/.m2/repository/ch/qos/logback/logback-classic/1.1.11/logback-classic-1.1.11.jar:/home/dayday/.m2/repository/ch/qos/logback/logback-core/1.1.11/logback-core-1.1.11.jar:/home/dayday/.m2/repository/org/slf4j/slf4j-api/1.7.25/slf4j-api-1.7.25.jar:/home/dayday/.m2/repository/org/slf4j/jcl-over-slf4j/1.7.25/jcl-over-slf4j-1.7.25.jar:/home/dayday/.m2/repository/org/slf4j/jul-to-slf4j/1.7.25/jul-to-slf4j-1.7.25.jar:/home/dayday/.m2/repository/org/slf4j/log4j-over-slf4j/1.7.25/log4j-over-slf4j-1.7.25.jar:/home/dayday/.m2/repository/org/springframework/security/kerberos/spring-security-kerberos-core/1.0.1.RELEASE/spring-security-kerberos-core-1.0.1.RELEASE.jar:/home/dayday/.m2/repository/org/springframework/spring-core/4.3.9.RELEASE/spring-core-4.3.9.RELEASE.jar:/home/dayday/.m2/repository/commons-logging/commons-logging/1.2/commons-logging-1.2.jar:/home/dayday/.m2/repository/org/springframework/security/spring-security-core/4.2.3.RELEASE/spring-security-core-4.2.3.RELEASE.jar:/home/dayday/.m2/repository/aopalliance/aopalliance/1.0/aopalliance-1.0.jar:/home/dayday/.m2/repository/org/springframework/security/kerberos/spring-security-kerberos-client/1.0.1.RELEASE/spring-security-kerberos-client-1.0.1.RELEASE.jar:/home/dayday/.m2/repository/org/apache/httpcomponents/httpclient/4.5.3/httpclient-4.5.3.jar:/home/dayday/.m2/repository/org/apache/httpcomponents/httpcore/4.4.6/httpcore-4.4.6.jar:/home/dayday/.m2/repository/commons-codec/commons-codec/1.10/commons-codec-1.10.jar:/home/dayday/.m2/repository/org/springframework/security/kerberos/spring-security-kerberos-web/1.0.1.RELEASE/spring-security-kerberos-web-1.0.1.RELEASE.jar:/home/dayday/.m2/repository/org/springframework/security/spring-security-ldap/4.2.3.RELEASE/spring-security-ldap-4.2.3.RELEASE.jar:/home/dayday/.m2/repository/org/springframework/ldap/spring-ldap-core/2.3.1.RELEASE/spring-ldap-core-2.3.1.RELEASE.jar:/home/dayday/.m2/repository/org/springframework/spring-beans/4.3.9.RELEASE/spring-beans-4.3.9.RELEASE.jar:/home/dayday/.m2/repository/org/springframework/spring-context/4.3.9.RELEASE/spring-context-4.3.9.RELEASE.jar:/home/dayday/.m2/repository/org/springframework/spring-tx/4.3.9.RELEASE/spring-tx-4.3.9.RELEASE.jar:/home/dayday/.m2/repository/javax/servlet/jstl/1.2/jstl-1.2.jar:/home/dayday/.m2/repository/org/apache/tomcat/embed/tomcat-embed-jasper/8.5.15/tomcat-embed-jasper-8.5.15.jar:/home/dayday/.m2/repository/org/apache/tomcat/embed/tomcat-embed-core/8.5.15/tomcat-embed-core-8.5.15.jar:/home/dayday/.m2/repository/org/apache/tomcat/embed/tomcat-embed-el/8.5.15/tomcat-embed-el-8.5.15.jar:/home/dayday/.m2/repository/org/eclipse/jdt/ecj/3.12.3/ecj-3.12.3.jar:/home/dayday/.m2/repository/org/springframework/boot/spring-boot-starter-test/1.5.4.RELEASE/spring-boot-starter-test-1.5.4.RELEASE.jar:/home/dayday/.m2/repository/org/springframework/boot/spring-boot-test/1.5.4.RELEASE/spring-boot-test-1.5.4.RELEASE.jar:/home/dayday/.m2/repository/org/springframework/boot/spring-boot-test-autoconfigure/1.5.4.RELEASE/spring-boot-test-autoconfigure-1.5.4.RELEASE.jar:/home/dayday/.m2/repository/com/jayway/jsonpath/json-path/2.2.0/json-path-2.2.0.jar:/home/dayday/.m2/repository/net/minidev/json-smart/2.2.1/json-smart-2.2.1.jar:/home/dayday/.m2/repository/net/minidev/accessors-smart/1.1/accessors-smart-1.1.jar:/home/dayday/.m2/repository/org/ow2/asm/asm/5.0.3/asm-5.0.3.jar:/home/dayday/.m2/repository/org/assertj/assertj-core/2.6.0/assertj-core-2.6.0.jar:/home/dayday/.m2/repository/org/mockito/mockito-core/1.10.19/mockito-core-1.10.19.jar:/home/dayday/.m2/repository/org/objenesis/objenesis/2.1/objenesis-2.1.jar:/home/dayday/.m2/repository/org/hamcrest/hamcrest-core/1.3/hamcrest-core-1.3.jar:/home/dayday/.m2/repository/org/hamcrest/hamcrest-library/1.3/hamcrest-library-1.3.jar:/home/dayday/.m2/repository/org/skyscreamer/jsonassert/1.4.0/jsonassert-1.4.0.jar:/home/dayday/.m2/repository/com/vaadin/external/google/android-json/0.0.20131108.vaadin1/android-json-0.0.20131108.vaadin1.jar:/home/dayday/.m2/repository/org/springframework/spring-test/4.3.9.RELEASE/spring-test-4.3.9.RELEASE.jar:/home/dayday/.m2/repository/junit/junit/4.12/junit-4.12.jar:/opt/idea-IU-182.4892.20/lib/idea_rt.jar com.findwise.kerberos.App
Connected to the target VM, address: '127.0.0.1:43145', transport: 'socket'

. ____ _ __ _ _
/\ / ' __ _ () __ __ _ \ \ \
( ( )__ | '_ | '| | ' / ` | \ \ \
\/ )| |)| | | | | || (| | ) ) ) )
' || .__|| ||| |_, | / / / /
=========||==============|/=////
:: Spring Boot :: (v1.5.4.RELEASE)

2019-03-19 16:05:55,432 [ INFO ] c.f.kerberos.App : Starting App on dayday-All-Series with PID 28836 (/home/dayday/Downloads/kerberos-demo/target/classes started by dayday in /home/dayday/Downloads/kerberos-demo)
2019-03-19 16:05:55,433 [ INFO ] c.f.kerberos.App : No active profile set, falling back to default profiles: default
2019-03-19 16:05:55,502 [ INFO ] o.s.b.c.e.AnnotationConfigEmbeddedWebApplicationContext : Refreshing org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext@3243b914: startup date [Tue Mar 19 16:05:55 CST 2019]; root of context hierarchy
2019-03-19 16:05:55,708 [ INFO ] o.h.v.i.u.Version : HV000001: Hibernate Validator 5.3.5.Final
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.springframework.cglib.core.ReflectUtils$1 (file:/home/dayday/.m2/repository/org/springframework/spring-core/4.3.9.RELEASE/spring-core-4.3.9.RELEASE.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain)
WARNING: Please consider reporting this to the maintainers of org.springframework.cglib.core.ReflectUtils$1
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
2019-03-19 16:05:56,351 [ INFO ] o.s.c.s.PostProcessorRegistrationDelegate$BeanPostProcessorChecker : Bean 'kerberosGlobalConfig' of type [com.findwise.kerberos.config.KerberosGlobalConfig$$EnhancerBySpringCGLIB$$78a29934] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
2019-03-19 16:05:56,592 [ INFO ] o.s.b.c.e.t.TomcatEmbeddedServletContainer : Tomcat initialized with port(s): 8080 (http)
2019-03-19 16:05:56,603 [ INFO ] o.a.c.c.StandardService : Starting service [Tomcat]
2019-03-19 16:05:56,604 [ INFO ] o.a.c.c.StandardEngine : Starting Servlet Engine: Apache Tomcat/8.5.15
2019-03-19 16:05:56,665 [ INFO ] o.a.c.c.C.[.[.[/] : Initializing Spring embedded WebApplicationContext
2019-03-19 16:05:56,665 [ INFO ] o.s.w.c.ContextLoader : Root WebApplicationContext: initialization completed in 1175 ms
2019-03-19 16:05:56,845 [ INFO ] o.s.s.k.c.l.KerberosLdapContextSource : URL 'ldap://adserver.dev.local/', root DN is ''
2019-03-19 16:05:56,858 [ INFO ] o.s.l.c.s.AbstractContextSource : Property 'userDn' not set - anonymous context will be used for read-write operations
Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt true ticketCache is null isInitiator false KeyTab is /home/dayday/Downloads/kerberos-demo/e:%5Csvc_user.keytab refreshKrb5Config is false principal is HTTP/[email protected] tryFirstPass is false useFirstPass is false storePass is false clearPass is false
principal is HTTP/[email protected]
Will use keytab
Commit Succeeded

2019-03-19 16:05:56,941 [ INFO ] o.s.b.w.s.FilterRegistrationBean : Mapping filter: 'characterEncodingFilter' to: [/]
2019-03-19 16:05:56,941 [ INFO ] o.s.b.w.s.FilterRegistrationBean : Mapping filter: 'hiddenHttpMethodFilter' to: [/]
2019-03-19 16:05:56,941 [ INFO ] o.s.b.w.s.FilterRegistrationBean : Mapping filter: 'httpPutFormContentFilter' to: [/]
2019-03-19 16:05:56,941 [ INFO ] o.s.b.w.s.FilterRegistrationBean : Mapping filter: 'requestContextFilter' to: [/]
2019-03-19 16:05:56,942 [ INFO ] o.s.b.w.s.DelegatingFilterProxyRegistrationBean : Mapping filter: 'springSecurityFilterChain' to: [/]
2019-03-19 16:05:56,942 [ INFO ] o.s.b.w.s.FilterRegistrationBean : Mapping filter: 'localhostAuthFilter' to: [/]
2019-03-19 16:05:56,942 [ INFO ] o.s.b.w.s.FilterRegistrationBean : Mapping filter: 'spnegoAuthenticationProcessingFilter' to: [/*]
2019-03-19 16:05:56,942 [ INFO ] o.s.b.w.s.ServletRegistrationBean : Mapping servlet: 'dispatcherServlet' to [/]
2019-03-19 16:05:57,086 [ INFO ] o.s.s.w.DefaultSecurityFilterChain : Creating filter chain: org.springframework.security.web.util.matcher.AnyRequestMatcher@1, [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@37ad042b, org.springframework.security.web.context.SecurityContextPersistenceFilter@2f4ba1ae, org.springframework.security.web.header.HeaderWriterFilter@7a45d714, org.springframework.security.web.csrf.CsrfFilter@c017175, org.springframework.security.web.authentication.logout.LogoutFilter@516462cc, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@3003827c, com.findwise.kerberos.localhost.LocalhostAuthFilter@667fa9ab, org.springframework.security.kerberos.web.authentication.SpnegoAuthenticationProcessingFilter@46cdbcc8, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@77ab22be, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@2ae62bb6, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@43bdaa1b, org.springframework.security.web.session.SessionManagementFilter@204abeff, org.springframework.security.web.access.ExceptionTranslationFilter@63d5874f, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@6e3ecf5c]
2019-03-19 16:05:57,222 [ INFO ] o.s.w.s.m.m.a.RequestMappingHandlerAdapter : Looking for @ControllerAdvice: org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext@3243b914: startup date [Tue Mar 19 16:05:55 CST 2019]; root of context hierarchy
2019-03-19 16:05:57,287 [ INFO ] o.s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/]}" onto public java.lang.String com.findwise.kerberos.controller.ProtectedResourceController.home()
2019-03-19 16:05:57,288 [ INFO ] o.s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/protected]}" onto public java.lang.String com.findwise.kerberos.controller.ProtectedResourceController.protectedPage(org.springframework.ui.Model)
2019-03-19 16:05:57,289 [ INFO ] o.s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/login]}" onto public java.lang.String com.findwise.kerberos.controller.ProtectedResourceController.helloWorld(org.springframework.ui.Model)
2019-03-19 16:05:57,291 [ INFO ] o.s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/error]}" onto public org.springframework.http.ResponseEntity<java.util.Map<java.lang.String, java.lang.Object>> org.springframework.boot.autoconfigure.web.BasicErrorController.error(javax.servlet.http.HttpServletRequest)
2019-03-19 16:05:57,292 [ INFO ] o.s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/error],produces=[text/html]}" onto public org.springframework.web.servlet.ModelAndView org.springframework.boot.autoconfigure.web.BasicErrorController.errorHtml(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)
2019-03-19 16:05:57,314 [ INFO ] o.s.w.s.h.SimpleUrlHandlerMapping : Mapped URL path [/webjars/] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
2019-03-19 16:05:57,314 [ INFO ] o.s.w.s.h.SimpleUrlHandlerMapping : Mapped URL path [/] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
2019-03-19 16:05:57,341 [ INFO ] o.s.w.s.h.SimpleUrlHandlerMapping : Mapped URL path [/**/favicon.ico] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
2019-03-19 16:05:57,513 [ INFO ] o.s.j.e.a.AnnotationMBeanExporter : Registering beans for JMX exposure on startup
2019-03-19 16:05:57,527 [ INFO ] o.a.c.h.Http11NioProtocol : Initializing ProtocolHandler ["http-nio-8080"]
2019-03-19 16:05:57,543 [ INFO ] o.a.c.h.Http11NioProtocol : Starting ProtocolHandler ["http-nio-8080"]
2019-03-19 16:05:57,547 [ INFO ] o.a.t.u.n.NioSelectorPool : Using a shared selector for servlet write/read
2019-03-19 16:05:57,568 [ INFO ] o.s.b.c.e.t.TomcatEmbeddedServletContainer : Tomcat started on port(s): 8080 (http)
2019-03-19 16:05:57,573 [ INFO ] c.f.kerberos.App : Started App in 2.364 seconds (JVM running for 3.301)
2019-03-19 16:05:57,573 [ INFO ] c.f.kerberos.App : Application startup completed
2019-03-19 16:06:16,397 [ INFO ] o.a.c.c.C.[.[.[/] : Initializing Spring FrameworkServlet 'dispatcherServlet'
2019-03-19 16:06:16,397 [ INFO ] o.s.w.s.DispatcherServlet : FrameworkServlet 'dispatcherServlet': initialization started
2019-03-19 16:06:16,406 [ INFO ] o.s.w.s.DispatcherServlet : FrameworkServlet 'dispatcherServlet': initialization completed in 9 ms
2019-03-19 16:06:16,415 [ INFO ] c.f.k.l.LocalhostAuthFilter : Request is local
Debug is true storeKey true useTicketCache true useKeyTab true doNotPrompt true ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is false principal is HTTP/[email protected] tryFirstPass is false useFirstPass is false storePass is false clearPass is false
Acquire TGT from Cache

KinitOptions cache name is /tmp/krb5cc_1000
Principal is HTTP/[email protected]
null credentials from Ticket Cache
Java config name: $PATH_TO_GLOBAL_KERBEROS_CONF_FILE
Loaded from Java config
Looking for keys for: HTTP/[email protected]
Key for the principal HTTP/[email protected] not available in default key tab
[Krb5LoginModule] authentication failed
Unable to obtain password from user

2019-03-19 16:06:16,449 [ ERROR ] o.a.c.c.C.[.[.[.[dispatcherServlet] : Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception
org.springframework.ldap.AuthenticationException: Unable to obtain password from user
; nested exception is javax.naming.AuthenticationException: Unable to obtain password from user
[Root exception is javax.security.auth.login.LoginException: Unable to obtain password from user
]
at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:191)
at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:355)
at org.springframework.ldap.core.support.AbstractContextSource.doGetContext(AbstractContextSource.java:139)
at org.springframework.ldap.core.support.AbstractContextSource.getReadOnlyContext(AbstractContextSource.java:158)
at org.springframework.ldap.core.LdapTemplate.executeReadOnly(LdapTemplate.java:802)
at org.springframework.security.ldap.SpringSecurityLdapTemplate.searchForSingleEntry(SpringSecurityLdapTemplate.java:316)
at org.springframework.security.ldap.search.FilterBasedLdapUserSearch.searchForUser(FilterBasedLdapUserSearch.java:127)
at org.springframework.security.ldap.userdetails.LdapUserDetailsService.loadUserByUsername(LdapUserDetailsService.java:56)
at com.findwise.kerberos.localhost.LocalhostAuthProvider.authenticate(LocalhostAuthProvider.java:45)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:199)
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$AuthenticationManagerDelegator.authenticate(WebSecurityConfigurerAdapter.java:504)
at com.findwise.kerberos.localhost.LocalhostAuthFilter.doFilter(LocalhostAuthFilter.java:90)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:100)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:105)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:81)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:861)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: javax.naming.AuthenticationException: Unable to obtain password from user

at org.springframework.security.kerberos.client.ldap.KerberosLdapContextSource.login(KerberosLdapContextSource.java:151)
at org.springframework.security.kerberos.client.ldap.KerberosLdapContextSource.getDirContextInstance(KerberosLdapContextSource.java:110)
at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:343)
... 65 common frames omitted

Caused by: javax.security.auth.login.LoginException: Unable to obtain password from user

at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5LoginModule.java:874)
at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:737)
at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:592)
at java.base/javax.security.auth.login.LoginContext.invoke(LoginContext.java:726)
at java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:665)
at java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:663)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at java.base/javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:663)
at java.base/javax.security.auth.login.LoginContext.login(LoginContext.java:574)
at org.springframework.security.kerberos.client.ldap.KerberosLdapContextSource.login(KerberosLdapContextSource.java:147)
... 67 common frames omitted

2019-03-19 16:06:16,716 [ INFO ] c.f.k.l.LocalhostAuthFilter : Request is local
Debug is true storeKey true useTicketCache true useKeyTab true doNotPrompt true ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is false principal is HTTP/[email protected] tryFirstPass is false useFirstPass is false storePass is false clearPass is false
Acquire TGT from Cache

KinitOptions cache name is /tmp/krb5cc_1000
Principal is HTTP/[email protected]
null credentials from Ticket Cache
Looking for keys for: HTTP/[email protected]
Key for the principal HTTP/[email protected] not available in default key tab
[Krb5LoginModule] authentication failed
Unable to obtain password from user

2019-03-19 16:06:16,720 [ ERROR ] o.a.c.c.C.[.[.[.[dispatcherServlet] : Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception
org.springframework.ldap.AuthenticationException: Unable to obtain password from user
; nested exception is javax.naming.AuthenticationException: Unable to obtain password from user
[Root exception is javax.security.auth.login.LoginException: Unable to obtain password from user
]
at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:191)
at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:355)
at org.springframework.ldap.core.support.AbstractContextSource.doGetContext(AbstractContextSource.java:139)
at org.springframework.ldap.core.support.AbstractContextSource.getReadOnlyContext(AbstractContextSource.java:158)
at org.springframework.ldap.core.LdapTemplate.executeReadOnly(LdapTemplate.java:802)
at org.springframework.security.ldap.SpringSecurityLdapTemplate.searchForSingleEntry(SpringSecurityLdapTemplate.java:316)
at org.springframework.security.ldap.search.FilterBasedLdapUserSearch.searchForUser(FilterBasedLdapUserSearch.java:127)
at org.springframework.security.ldap.userdetails.LdapUserDetailsService.loadUserByUsername(LdapUserDetailsService.java:56)
at com.findwise.kerberos.localhost.LocalhostAuthProvider.authenticate(LocalhostAuthProvider.java:45)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:199)
at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$AuthenticationManagerDelegator.authenticate(WebSecurityConfigurerAdapter.java:494)
at com.findwise.kerberos.localhost.LocalhostAuthFilter.doFilter(LocalhostAuthFilter.java:90)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:100)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:105)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:81)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342)
at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799)
at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66)
at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:861)
at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455)
at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: javax.naming.AuthenticationException: Unable to obtain password from user

at org.springframework.security.kerberos.client.ldap.KerberosLdapContextSource.login(KerberosLdapContextSource.java:151)
at org.springframework.security.kerberos.client.ldap.KerberosLdapContextSource.getDirContextInstance(KerberosLdapContextSource.java:110)
at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:343)
... 65 common frames omitted

Caused by: javax.security.auth.login.LoginException: Unable to obtain password from user

at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5LoginModule.java:874)
at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:737)
at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:592)
at java.base/javax.security.auth.login.LoginContext.invoke(LoginContext.java:726)
at java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:665)
at java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:663)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at java.base/javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:663)
at java.base/javax.security.auth.login.LoginContext.login(LoginContext.java:574)
at org.springframework.security.kerberos.client.ldap.KerberosLdapContextSource.login(KerberosLdapContextSource.java:147)
... 67 common frames omitted

@GyllingSW
Copy link

GyllingSW commented Mar 19, 2019
edited
Loading

Caused by: javax.security.auth.login.LoginException: Unable to obtain password from user

Is a message to you, that the path to the keytab file is wrong or the service principal in the keytab file isn't matching the settings in your code configuration.

KinitOptions cache name is /tmp/krb5cc_1000
Principal is HTTP/[email protected]
null credentials from Ticket Cache
Java config name: $PATH_TO_GLOBAL_KERBEROS_CONF_FILE
Loaded from Java config
Looking for keys for: HTTP/[email protected]
Key for the principal HTTP/[email protected] not available in default key tab
[Krb5LoginModule] authentication failed
Unable to obtain password from user

You will have to adapt to your working environment - And generate a valid keytab file.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@GyllingSW @zhengdayday