我正在使用http://spnego.sourceforge.net/spnego_tomcat.html教程尝试将Tomcat配置为使用spnego。
Hello_KDC.java工作,我能够进行身份验证。如果我使用错误的密码,我会收到错误异常,所以它正在运行。
但是当我尝试将该教程用于Tomcat时,它会中断。 Tomcat ROOT / index.jsp变为空白,监视时我看到它返回404. log \ host-manager.2013-02-22.log有以下内容:
Fev 22, 2013 1:39:03 PM org.apache.catalina.core.StandardContext filterStart
SEVERE: Exception starting filter SpnegoHttpFilter
javax.servlet.ServletException: javax.security.auth.login.LoginException: Cannot locate default realm
at net.sourceforge.spnego.SpnegoHttpFilter.init(SpnegoHttpFilter.java:198)
at org.apache.catalina.core.ApplicationFilterConfig.initFilter(ApplicationFilterConfig.java:281)
at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:262)
at org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:107)
at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:4656)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5309)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:901)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:877)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:633)
at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1114)
at org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1673)
at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: javax.security.auth.login.LoginException: Cannot locate default realm
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Unknown Source)
at com.sun.security.auth.module.Krb5LoginModule.login(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at javax.security.auth.login.LoginContext.invoke(Unknown Source)
at javax.security.auth.login.LoginContext.access$000(Unknown Source)
at javax.security.auth.login.LoginContext$4.run(Unknown Source)
at javax.security.auth.login.LoginContext$4.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(Unknown Source)
at javax.security.auth.login.LoginContext.login(Unknown Source)
at net.sourceforge.spnego.SpnegoAuthenticator.<init>(SpnegoAuthenticator.java:161)
at net.sourceforge.spnego.SpnegoHttpFilter.init(SpnegoHttpFilter.java:196)
... 17 more
Caused by: KrbException: Cannot locate default realm
at sun.security.krb5.PrincipalName.<init>(Unknown Source)
... 32 more
Caused by: KrbException: Cannot locate default realm
at sun.security.krb5.Config.getDefaultRealm(Unknown Source)
... 33 more
Caused by: KrbException: Generic error (description in e-text) (60) - Unable to locate Kerberos realm
at sun.security.krb5.Config.getRealmFromDNS(Unknown Source)
... 34 more
在tomcat启动期间,在从浏览器加载任何页面之前发生这种情况。当我尝试加载页面时,不会添加任何日志。
在krb5.conf中我尝试了主机名和IP并得到了同样的错误。正在找到krb5.conf和login.conf,因为如果我删除它们,我会得到这个日志:
Fev 22, 2013 1:46:05 PM org.apache.catalina.core.StandardContext filterStart
SEVERE: Exception starting filter SpnegoHttpFilter
java.lang.SecurityException: login.conf (tal arquivo ou diretório não existe)
at com.sun.security.auth.login.ConfigFile.<init>(Unknown Source)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at java.lang.Class.newInstance0(Unknown Source)
at java.lang.Class.newInstance(Unknown Source)
at javax.security.auth.login.Configuration$3.run(Unknown Source)
at javax.security.auth.login.Configuration$3.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.Configuration.getConfiguration(Unknown Source)
at net.sourceforge.spnego.SpnegoFilterConfig.doClientModule(SpnegoFilterConfig.java:176)
at net.sourceforge.spnego.SpnegoFilterConfig.<init>(SpnegoFilterConfig.java:138)
at net.sourceforge.spnego.SpnegoFilterConfig.getInstance(SpnegoFilterConfig.java:314)
at net.sourceforge.spnego.SpnegoHttpFilter.init(SpnegoHttpFilter.java:193)
at org.apache.catalina.core.ApplicationFilterConfig.initFilter(ApplicationFilterConfig.java:281)
at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:262)
at org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:107)
at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:4656)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5309)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:901)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:877)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:633)
at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1114)
at org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1673)
at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.io.IOException: login.conf (tal arquivo ou diretório não existe)
at com.sun.security.auth.login.ConfigFile.init(Unknown Source)
... 32 more
知道可能发生的事情吗?
答案 0 :(得分:3)
这可能意味着两件事: -
以下是krb5.conf示例供参考。请注意,在这种情况下,我的tomcat托管机器在KERBOS.COM上。
[libdefaults]
default_realm = KERBOS.COM
ticket_lifetime = 36000
[realms]
KERBOS.COM = {
kdc = 10.1.2.3
admin_server = INQS28KERB01
default_domain = KERBOS.COM
}
[domain_realm]
.mycompany.com = KERBOS.COM
[appdefaults]
autologin = true
forward = true
forwardable = true
encrypt = true
对我而言,这是有效的。请提供您的krb5.conf以获取详细信息。此外,请同时提供您所做的tomcat过滤器编辑,可能在那里配置错误。
答案 1 :(得分:3)
异常KrbException: Cannot locate default realm的一个可能原因是登录模块无法找到您的krb5.conf。
instructions for configuring Tomcat for Windows Integrated Authentication表示krb5.conf应放在Tomcat主目录中,例如C:\ Tomcat \,如果你在Windows上。
但是,一般而言,(即不是特定于您引用的Sourceforge项目)登录模块将查找krb5.conf的默认位置已定义为here:
如果设置了系统属性java.security.krb5.conf,则其值为 假设指定路径和文件名。
如果是那个系统属性 如果未设置值,则在中查找配置文件 目录:
- \ lib \ security(Windows)
- / lib / security(Solaris和Linux)
如果仍未找到该文件,则尝试进行 定位如下:
- /etc/krb5/krb5.conf(Solaris)
- c:\ winnt \ krb5.ini(Windows)
- /etc/krb5.conf(Linux)
设置一些其他属性以激活调试日志记录有助于确定您的特定应用程序在哪里查找krb5.conf:
System.setProperty("sun.security.krb5.debug", "true");
根据您的情况,调试输出可以打印部分或全部以下内容:
系统属性java.security.krb5.conf未设置,因此模块在默认的系统特定位置查找:
Java config name: null
Native config name: /etc/krb5.conf
Loaded from native config
设置了系统属性java.security.krb5.conf并找到了文件:
Java config name: krb5.conf
Loaded from Java config
系统属性java.security.krb5.conf已设置但找不到文件:
Java config name: krb5.conf
请注意,在上一个示例中,没有确认已加载配置。在这种情况下,您会看到异常消息:KrbException: Cannot locate default realm)
答案 2 :(得分:1)
刚才我遇到了同样的问题,并意识到我的krb5.conf文件不在我的文件结构中的正确位置。它应该位于:
服务器&gt; Tomcat的
服务器&gt; Tomcat&gt;箱子
这就是我在工作中设置的方法,现在一切正常。我已经更改了工作区,我需要添加它以使其正常工作。