The tests that are failing are all the tests that require you to perform an additional step. Uncomment the following bean + reference in the server.xml:
<!-- <bean id="kerberosTicketDecoderImpl" class="org.apache.cxf.systest.ws.kerberos.server.KerberosTokenDecoderImpl"/>--> <!--<property name="kerberosTokenDecoder" ref="kerberosTicketDecoderImpl"/>--> Then you need to download the KerberosTokenDecoderImpl referenced in my blog entry and put it in that directory. See section 1.1 here: http://coheigea.blogspot.ie/2011/10/using-kerberos-with-web-services-part.html Colm. On Wed, Apr 24, 2013 at 8:10 AM, Jim Ma <[email protected]> wrote: > Hi Colm, > After corrected my localhost setting and re-configured the kerberos > server , I got 6 tests passed. And there are still 7 failures (attached > please see the test log): > > Tests in error: > KerberosTokenTest.testKerberosOverSymmetricProtection:285 » SOAPFault > The sign... > KerberosTokenTest.testKerberosOverTransportEndorsing:235 » SOAPFault The > signa... > KerberosTokenTest.testKerberosOverSymmetricEndorsingEncrypted:400 » > SOAPFault ... > KerberosTokenTest.testKerberosOverAsymmetricEndorsing:260 » SOAPFault > The sign... > KerberosTokenTest.testKerberosOverAsymmetricSignedEndorsing:341 » > SOAPFault Th... > KerberosTokenTest.testKerberosOverSymmetricDerivedProtection:311 » > SOAPFault G... > KerberosTokenTest.testKerberosOverSymmetricSignedEndorsingEncrypted:430 > » SOAPFault > > > > Looks the kerberos server works. What else do you think I need to check ? > > Thanks, > Jim > > > On Tue, Apr 23, 2013 at 5:16 PM, Jim Ma <[email protected]> wrote: > >> Yes. I ran it with "mvn test -Dtest=KerberosTokenTest >> -Djava.security.auth.login.config=src/test/resources/kerberos.jaas" under >> trunk/systests/ws-security. It might be something wrong with my >> environment. Let me have a look. >> Thanks, >> Jim >> >> >> On Tue, Apr 23, 2013 at 5:11 PM, Colm O hEigeartaigh <[email protected] >> > wrote: >> >>> >>> How are you running the test? Are you passing >>> "-Djava.security.auth.login.config=src/test/resources/kerberos.jaas"? It >>> works fine for me on trunk with both JDK 1.6 + 1.7. >>> >>> Colm. >>> >>> >>> On Tue, Apr 23, 2013 at 7:56 AM, Jim Ma <[email protected]> wrote: >>> >>>> Hi Colm, >>>> >>>> After I setup the Kerboros server and ran the KerberosTokenTest >>>> following >>>> the guide, I hit this No CallbackHandler error. It looks we didn't pass >>>> the >>>> handler to KerberosClient. I ran it with JDK7, is there anything else I >>>> need to configure? >>>> >>>> >>>> testKerberosOverTransport(org.apache.cxf.systest.ws.kerberos.KerberosTokenTest) >>>> Time elapsed: 0.434 sec <<< ERROR! >>>> javax.xml.ws.soap.SOAPFaultException: General security error (An error >>>> occurred >>>> in trying to obtain a TGT: No CallbackHandler available to garner >>>> authenticati >>>> on information from the user) >>>> at >>>> com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5Login >>>> Module.java:856) >>>> at >>>> com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(K >>>> rb5LoginModule.java:715) >>>> at >>>> com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.j >>>> ava:580) >>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >>>> at >>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl >>>> .java:57) >>>> at >>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcce >>>> ssorImpl.java:43) >>>> at java.lang.reflect.Method.invoke(Method.java:601) >>>> at >>>> javax.security.auth.login.LoginContext.invoke(LoginContext.java:784) >>>> at >>>> javax.security.auth.login.LoginContext.access$000(LoginContext.java:203) >>>> at >>>> javax.security.auth.login.LoginContext$4.run(LoginContext.java:698) >>>> at >>>> javax.security.auth.login.LoginContext$4.run(LoginContext.java:696) >>>> at java.security.AccessController.doPrivileged(Native Method) >>>> at >>>> javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:695) >>>> at >>>> javax.security.auth.login.LoginContext.login(LoginContext.java:594) >>>> at >>>> >>>> org.apache.ws.security.message.token.KerberosSecurity.retrieveServiceTicket(KerberosSecurity.java:133) >>>> at >>>> >>>> org.apache.cxf.ws.security.kerberos.KerberosClient.requestSecurityToken(KerberosClient.java:135) >>>> at >>>> >>>> org.apache.cxf.ws.security.policy.interceptors.KerberosTokenInterceptorProvider$KerberosTokenOutInterceptor.handleMessage(Ke >>>> rberosTokenInterceptorProvider.java:114) >>>> at >>>> >>>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271) >>>> at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530) >>>> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463) >>>> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366) >>>> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319) >>>> at >>>> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96) >>>> at >>>> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:133) >>>> at com.sun.proxy.$Proxy43.doubleIt(Unknown Source) >>>> at >>>> >>>> org.apache.cxf.systest.ws.kerberos.KerberosTokenTest.testKerberosOverTransport(KerberosTokenTest.java:92) >>>> >>>> >>>> Thanks, >>>> Jim >>>> >>> >>> >>> >>> -- >>> Colm O hEigeartaigh >>> >>> Talend Community Coder >>> http://coders.talend.com >>> >> >> > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
