So I have a web app that does not define ANY authentication requirements (legacy app, handles authentication/authorization internally).
This application is also making client http connections to other resources and it needs to do so using the integrated Java 6 kerberos login provider, so that it can connect via NTLM and/or SPNEGGO to Windows pages. However, when I first make the client connection attempt, I get | org.jboss.security.auth.spi.UsersRolesLoginModule Failed to load users/passwords/role files | java.io.IOException: No properties file: users.properties or defaults: defaultUsers.properties found | at org.jboss.security.auth.spi.Util.loadProperties(Util.java:315) | at org.jboss.security.auth.spi.UsersRolesLoginModule.loadUsers(UsersRolesLoginModule.java:186) | at org.jboss.security.auth.spi.UsersRolesLoginModule.createUsers(UsersRolesLoginModule.java:200) | at org.jboss.security.auth.spi.UsersRolesLoginModule.initialize(UsersRolesLoginModule.java:127) | at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) | at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) | at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) | at java.lang.reflect.Method.invoke(Method.java:597) | at javax.security.auth.login.LoginContext.invoke(LoginContext.java:756) | at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186) | at javax.security.auth.login.LoginContext$5.run(LoginContext.java:706) | at java.security.AccessController.doPrivileged(Native Method) | at javax.security.auth.login.LoginContext.invokeCreatorPriv(LoginContext.java:703) | at javax.security.auth.login.LoginContext.login(LoginContext.java:575) | at sun.security.jgss.GSSUtil.login(GSSUtil.java:246) | at sun.security.jgss.krb5.Krb5Util.getTicket(Krb5Util.java:136) | at sun.security.jgss.krb5.Krb5InitCredential$1.run(Krb5InitCredential.java:331) | at java.security.AccessController.doPrivileged(Native Method) | at sun.security.jgss.krb5.Krb5InitCredential.getTgt(Krb5InitCredential.java:328) | at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:128) | at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:106) | at sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:172) | at sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:209) | at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:195) | at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:162) | at sun.security.jgss.spnego.SpNegoContext.GSS_initSecContext(SpNegoContext.java:846) | at sun.security.jgss.spnego.SpNegoContext.initSecContext(SpNegoContext.java:304) | at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:230) | at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:162) | at sun.net.www.protocol.http.NegotiatorImpl.init(NegotiatorImpl.java:86) | at sun.net.www.protocol.http.NegotiatorImpl.<init>(NegotiatorImpl.java:95) | at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) | at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39) | at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27) | at java.lang.reflect.Constructor.newInstance(Constructor.java:513) | at sun.net.www.protocol.http.Negotiator.getSupported(NegotiateAuthentication.java:265) | at sun.net.www.protocol.http.NegotiateAuthentication.isSupported(NegotiateAuthentication.java:106) | at sun.net.www.protocol.http.AuthenticationHeader.parse(AuthenticationHeader.java:170) | at sun.net.www.protocol.http.AuthenticationHeader.<init>(AuthenticationHeader.java:119) | at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1070) | at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:373) | So I tried to setup an auth policy that points directly to the KRB5 modules in the login-config.xml | <!-- KRB5 Policy --> | <application-policy name="krb5"> | <authentication> | <login-module code="com.sun.security.auth.module.Krb5LoginModule" flag="required"> | <module-option name="storeKey">true</module-option> | <module-option name="keyTab">/etc/eonkeytab</module-option> | <module-option name="doNotPrompt">true</module-option> | <module-option name="useKeyTab">true</module-option> | <module-option name="realm">AMS.GBLXINT.COM</module-option> | <module-option name="principal">HTTP/[EMAIL PROTECTED]</module-option> | <module-option name="useTicketCache">true</module-option> | <module-option name="debug">true</module-option> | </login-module> | </authentication> | </application-policy> | and added the following to the jboss-web.xml | <security-domain>java:/jaas/krb5</security-domain> | No luck whatsoever...same errors occuring. Anyone have any pointers? View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4044480#4044480 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4044480 _______________________________________________ jboss-user mailing list [email protected] https://lists.jboss.org/mailman/listinfo/jboss-user
