Hi Christian! Setting the corresponding registry key on windows does not have any effect.
Just one quick question before I dive more in to the code of CXF. Do I have to specify a login.conf for JGSS when using CXF? The Javadoc for the LoginContext states (http://download.oracle.com/javase/1,5.0/docs/api/javax/security/auth/login/LoginContext.html#LoginContext(java.lang.String, %20javax.security.auth.callback.CallbackHandler): Throws: LoginException - if the caller-specified name does not appear in the Configuration and there is no Configuration entry for "other", if the caller- specified subject is null, or if the auth.login.defaultCallbackHandler security property was set, but the implementation class could not be loaded. I have a slight suspicion that I'm still missing some configuration. Michael On Monday 12 September 2011 13:19:16 Christian Schneider wrote: > I am not sure about the first exception. Could you debug into the code > and try to find out more about the point where the exception happens? > > About the second problem when using no username and password on windows. > Can you check if you have the registry setting that allows java to use > the tgt? > See: http://www.javaactivedirectory.com/?page_id=93 > > Christian > > Am 12.09.2011 13:07, schrieb Michael Sliwak: > > Hello everyone! > > > > According to > > http://cxf.apache.org/docs/client-http-transport-including-ssl- > > support.html#ClientHTTPTransport%28includingSSLsupport%29- > > SpnegoAuthentication%28Kerberos%29 CXF should be able to handle > > Kerberos/SPNEGO authentication when accessing web services. > > > > I'm trying to access an ASP.NET Web Service that is secured by Kerberos > > (Integrated Windows authentication) using CXF. > > > > I have configured everything as stated in the documentation. Here's my > > cxf.xml > > > > <?xml version="1.0" encoding="UTF-8"?> > > > > <beans xmlns="http://www.springframework.org/schema/beans"; > > > > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; > > > > xmlns:sec="http://cxf.apache.org/configuration/security"; > > > > xmlns:http="http://cxf.apache.org/transports/http/configuration"; > > xmlns:jaxws="http://cxf.apache.org/jaxws"; > > xsi:schemaLocation=" > > > > http://cxf.apache.org/configuration/security > > http://cxf.apache.org/schemas/configuration/secu > > rity.xsd > > http://cxf.apache.org/transports/http/configurat > > ion > > http://cxf.apache.org/schemas/configuration/http > > -conf.xsd > > http://cxf.apache.org/jaxws > > http://cxf.apache.org/schemas/jaxws.xsd > > http://www.springframework.org/schema/beans > > http://www.springframework.org/schema/beans/spri > > ng-beans.xsd">> > > <http:conduit > > name="{http://some.name.space/}SoapPort.http-conduit";> > > > > <http:client AllowChunking="false" /> > > <http:authorization> > > > > <sec:UserName>username</sec:UserName> > > <sec:Password>password</sec:Password> > > <sec:AuthorizationType>Negotiate</sec:AuthorizationType> > > > > </http:authorization> > > > > </http:conduit> > > > > </beans> > > > > Whenever i run my code, i get the following exception: > > > > Caused by: java.lang.RuntimeException: Invalid null input: name > > > > at > > > > org.apache.cxf.transport.http.auth.SpnegoAuthSupplier.getAuthorization(S > > pnegoAuthSupplier.java:80)> > > at > > > > org.apache.cxf.transport.http.HTTPConduit.setHeadersByAuthorizationPolic > > y(HTTPConduit.java:771)> > > at > > org.apache.cxf.transport.http.HTTPConduit.prepare(HTTPConduit.java:54 > > 1) at > > > > org.apache.cxf.interceptor.MessageSenderInterceptor.handleMessage(Messag > > eSenderInterceptor.java:46)> > > at > > > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorC > > hain.java:263)> > > at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:519) > > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:449) > > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:352) > > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:304) > > at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:88) > > at > > org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:13 > > 4) ... 2 more > > > > Caused by: javax.security.auth.login.LoginException: Invalid null input: > > name> > > at javax.security.auth.login.LoginContext.init(LoginContext.java:229) > > at > > javax.security.auth.login.LoginContext.<init>(LoginContext.java:403) > > at > > > > org.apache.cxf.transport.http.auth.SpnegoAuthSupplier.getToken(SpnegoAut > > hSupplier.java:104)> > > at > > > > org.apache.cxf.transport.http.auth.SpnegoAuthSupplier.getToken(SpnegoAut > > hSupplier.java:144)> > > at > > > > org.apache.cxf.transport.http.auth.SpnegoAuthSupplier.getAuthorization(S > > pnegoAuthSupplier.java:77)> > > ... 12 more > > > > This happens on both Windows and Linux. > > > > krb5.conf/krb5.ini is present and found by Java. > > > > On the other hand, when I leave the Username and password blank i get an > > exception that no TGT could be aquired. Anyhow 'klist' on both Windows > > and Linux states that there is a TGT available in the cache. > > > > Caused by: java.lang.RuntimeException: No valid credentials provided > > (Mechanism level: No valid credentials provided (Mechanism level: Failed > > to find any Kerberos tgt)) > > > > at > > > > org.apache.cxf.transport.http.auth.SpnegoAuthSupplier.getAuthorization(S > > pnegoAuthSupplier.java:82)> > > at > > > > org.apache.cxf.transport.http.HTTPConduit.setHeadersByAuthorizationPolic > > y(HTTPConduit.java:771)> > > at > > org.apache.cxf.transport.http.HTTPConduit.prepare(HTTPConduit.java:54 > > 1) at > > > > org.apache.cxf.interceptor.MessageSenderInterceptor.handleMessage(Messag > > eSenderInterceptor.java:46)> > > at > > > > org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorC > > hain.java:263)> > > at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:519) > > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:449) > > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:352) > > at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:304) > > at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:88) > > at > > org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:13 > > 4) ... 2 more > > > > Caused by: GSSException: No valid credentials provided (Mechanism level: > > No valid credentials provided (Mechanism level: Failed to find any > > Kerberos tgt))> > > at > > > > sun.security.jgss.spnego.SpNegoContext.initSecContext(SpNegoContext.java > > :450)> > > at > > sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:2 > > 30) at > > sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:1 > > 62) at > > > > org.apache.cxf.transport.http.auth.SpnegoAuthSupplier.getToken(SpnegoAut > > hSupplier.java:100)> > > at > > > > org.apache.cxf.transport.http.auth.SpnegoAuthSupplier.getToken(SpnegoAut > > hSupplier.java:144)> > > at > > > > org.apache.cxf.transport.http.auth.SpnegoAuthSupplier.getAuthorization(S > > pnegoAuthSupplier.java:77)> > > ... 12 more > > > > Caused by: GSSException: No valid credentials provided (Mechanism level: > > Failed to find any Kerberos tgt) > > > > at > > > > sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential > > .java:130)> > > at > > > > sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFact > > ory.java:106)> > > at > > > > sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFacto > > ry.java:172)> > > at > > > > sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java > > :209)> > > at > > sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:1 > > 95) at > > sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:1 > > 62) at > > > > sun.security.jgss.spnego.SpNegoContext.GSS_initSecContext(SpNegoContext. > > java:851)> > > at > > > > sun.security.jgss.spnego.SpNegoContext.initSecContext(SpNegoContext.java > > :309)> > > ... 17 more > > > > Did I miss anything in my configuration? > > > > Thanks in advance!
