登录表单的Kerberos身份验证

时间:2014-07-24 07:34:01

标签: spring spring-security kerberos spring-security-kerberos

尝试通过登录表单配置Kerberos身份验证。我能够发送TGT,然后执行DummyUserDetailsS​​ervice但最后我仍然获得状态500。 下面我附上日志和配置

09:14:13,316 DEBUG FilterChainProxy:176 - Converted URL to lowercase, from: '/j_spring_security_check'; to: '/j_spring_security_check'
09:14:13,317 DEBUG FilterChainProxy:183 - Candidate is: '/j_spring_security_check'; pattern is /**; matched=true
09:14:13,318 DEBUG FilterChainProxy:351 - /j_spring_security_check at position 1 of 9 in additional filter chain; firing Filter: 'org.springframework.security.web.context.SecurityContextPersistenceFilter@1e5b739'
09:14:13,318 DEBUG HttpSessionSecurityContextRepository:145 - HttpSession returned null object for SPRING_SECURITY_CONTEXT
09:14:13,319 DEBUG HttpSessionSecurityContextRepository:91 - No SecurityContext was available from the HttpSession: weblogic.servlet.internal.session.MemorySessionData@1d28f13. A new one will be created.
09:14:13,319 DEBUG FilterChainProxy:351 - /j_spring_security_check at position 2 of 9 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.UsernamePasswordAuthenticationProcessingFilter@6016b9'
09:14:13,319 DEBUG UsernamePasswordAuthenticationProcessingFilter:194 - Request is to process authentication
09:14:13,320 DEBUG ProviderManager:124 - Authentication attempt using org.springframework.security.extensions.kerberos.KerberosAuthenticationProvider
09:14:13,321 DEBUG SunJaasKerberosClient:55 - Trying to authenticate Login with Kerberos
09:14:13,453 DEBUG SunJaasKerberosClient:63 - Kerberos authenticated user: Subject:
        Principal: Login@CORPO.DOMAIN.COM
        Private Credential: Ticket (hex) =
0000: 61 82 07 29 30 82 07 25   A0 03 02 01 05 A1 13 1B  a..)0..%........
0010: 11 43 4F 52 50 4F 2E 54   2D 4D 4F 42 49 4C 45 2E  .CORPO.DOMAIN.COM.
0020: 50 4C A2 26 30 24 A0 03   02 01 02 A1 1D 30 1B 1B  ..&0$.......0..
0030: 06 6B 72 62 74 67 74 1B   11 43 4F 52 50 4F 2E 54  .krbtgt..CORPO. 
0040: 2D 4D 4F 42 49 4C 45 2E   50 4C A3 82 06 DF 30 82  .DOMAIN.COM....0.
0050: 06 DB A0 03 02 01 12 A1   03 02 01 02 A2 82 06 CD  ................
0060: 04 82 06 C9 22 60 2B 12   13 B8 B5 AB 60 90 52 25  ...."`+.....`.R%
0070: 3F C8 9A D4 A7 19 C7 8D   BF ED 97 A8 7D ED 94 33  ?..............3
0080: D7 9F 89 83 34 A0 49 24   80 06 04 F6 32 06 84 A5  ....4.I$....2...
0090: 72 AF 8C 05 7E 8C 55 1A   C6 52 A9 97 46 4A A9 D0  r.....U..R..FJ..
00A0: E7 52 5E 37 64 B9 0E E4   32 18 1D 38 90 43 1A B8  .R^7d...2..8.C..
00B0: 88 CF BC 89 0B 08 2D 49   4B 04 91 27 97 8A C7 71  ......-IK..'...q
00C0: 27 FD 7E CA E0 19 E0 F8   42 50 E4 14 93 95 A2 96  '.......BP......
00D0: A5 90 E2 90 90 52 EB B0   EE C4 1F D5 78 19 C7 2A  .....R......x..*
00E0: A1 F0 0F D8 A8 A2 84 A7   7D DB 20 DA 47 04 52 1D  .......... .G.R.
00F0: B8 B7 A8 96 C7 11 7C 95   16 30 19 10 68 81 EC 2C  .........0..h..,
0100: 16 BE 73 58 62 AA BF 85   55 B0 97 75 99 12 2F B8  ..sXb...U..u../.
0110: 87 53 A3 D1 17 A7 A0 16   9B FF 98 2F 15 2B DF 95  .S........./.+..
0120: 25 A5 07 0A D0 67 A1 49   E2 CE 3C 28 23 B5 48 0C  %....g.I..<(#.H.
0130: 01 F2 5F 24 89 30 21 2B   B0 84 E1 E3 0A 79 F4 2B  .._$.0!+.....y.+
0140: 2D 36 AF B3 02 AA 56 69   19 45 57 84 14 8A AF 7F  -6....Vi.EW.....
0150: B9 D1 F2 9E ED 1A 30 F4   5B E1 3A AA FE DB 2F 4D  ......0.[.:.../M
0160: 4B 6C 7A B1 62 F6 7D E4   C4 43 75 CA 81 8E A6 2F  Klz.b....Cu..../
0170: 88 34 60 D1 EA C6 0C FB   29 C0 7E 67 C2 1B 1E F1  .4`.....)..g....
0180: 4B 1C F2 B0 9E 8B E8 9D   8D C5 21 B5 B7 21 81 A9  K.........!..!..
0190: 80 F1 75 A4 53 5D E7 CC   20 97 48 04 F2 18 75 C8  ..u.S].. .H...u.
01A0: 91 93 FF 6D 44 8D E1 DF   10 D0 E2 6E E5 7F C7 E2  ...mD......n....
01B0: 48 1B 3A C5 AA 4C 68 99   10 F5 49 00 84 A2 48 82  H.:..Lh...I...H.
01C0: 48 A6 B0 FF 46 91 9C CD   25 1D 64 B2 73 51 0A C3  H...F...%.d.sQ..
01D0: 82 E1 F9 E9 56 FC 45 73   51 C8 08 91 42 97 08 2D  ....V.EsQ...B..-
01E0: 89 38 66 96 48 EA 5F A3   1A B2 13 CF BA 7B C6 33  .8f.H._........3
01F0: E0 F6 E2 0F 18 EB 44 96   44 9F A2 F9 D6 BE 9C A9  ......D.D.......
0200: 7D 10 F2 98 E8 5E 3A 39   BC EA C2 7F 8D F0 75 EF  .....^:9......u.
0210: 0D 25 2C 08 C4 7F 92 12   80 08 F1 1F 06 62 FA C4  .%,..........b..
0220: CC E4 A4 A8 BC A1 A9 7E   49 32 09 15 6A 8A 1B 89  ........I2..j...
0230: 82 53 E2 64 A4 E9 85 2A   CE AC 99 0E A2 29 6F C4  .S.d...*.....)o.
0240: 04 14 A4 96 67 F9 FE 46   CC 2B F4 B7 76 43 6F 18  ....g..F.+..vCo.
0250: CA 92 89 77 31 AB CD 73   CD F6 1D FB 40 DF 38 DF  ...w1..s....@.8.
0260: B4 78 98 5A 1B 48 26 EA   D5 93 0C 04 B6 AD 18 B4  .x.Z.H&.........
0270: 4E B2 B5 17 E8 D2 1F E7   E8 C7 89 36 FC B3 95 5E  N..........6...^
0280: A4 4E D1 F2 56 79 9D 92   37 F5 03 94 06 62 68 C2  .N..Vy..7....bh.
0290: 56 1D 68 4B 87 21 17 4F   02 86 33 D1 E5 A9 F4 8D  V.hK.!.O..3.....
02A0: 45 4E FB FC 7C F6 BA 28   7A F2 F8 50 0E 8A 34 20  EN.....(z..P..4
02B0: A1 5C 92 F2 3F 61 32 E4   15 27 04 B3 8C 7E C1 25  .\..?a2..'.....%
02C0: 54 14 66 BF BA 52 8C D8   4D 47 BB B7 37 61 10 B9  T.f..R..MG..7a..
02D0: 4A EC BE D1 2F 08 8B B4   54 34 71 39 6D 47 A4 0C  J.../...T4q9mG..
02E0: C0 68 55 5B B5 2B 9E 6D   22 30 76 BF 78 65 9B A1  .hU[.+.m"0v.xe..
02F0: 03 D0 6E 45 38 A9 22 A9   44 43 20 DA 6D B6 C1 61  ..nE8.".DC .m..a
0300: 0B 04 B0 72 D9 FC 23 FE   D1 6F 30 EC 51 34 70 38  ...r..#..o0.Q4p8
0310: 1A 60 FA F8 FE 58 A2 06   A2 83 5E 38 36 7B 2C 38  .`...X....^86.,8
0320: D0 AF 7F 24 96 8D EB F9   90 DE EE 32 EA 3D 57 3D  ...$.......2.=W=
0330: 07 3E FE 8D 0C 96 F3 2E   FB E2 09 D8 32 2C EF 65  .>..........2,.e
0340: EC 53 1B 08 F6 D2 37 63   45 AB FB 04 B3 79 1C 03  .S....7cE....y..
0350: 1B 21 3B 67 F7 C3 21 2D   58 BB D6 AF D4 6A FD 30  .!;g..!-X....j.0
0360: 60 7D AF 3E 1F 13 A7 8B   C6 25 D0 8E CE FD 8C FA  `..>.....%......
0370: 09 D4 47 F5 60 19 B2 2F   E1 D6 D4 B5 F5 0B 98 5F  ..G.`../......._
0380: 08 F4 5B E8 F4 F3 91 A5   E3 5D DA 7C 43 69 30 58  ..[......]..Ci0X
0390: 9E 33 68 B9 A9 2B 89 8C   F5 12 42 D9 2C 0F 46 11  .3h..+....B.,.F.
03A0: 6B 96 14 AE 28 0B 2E 72   3A 12 CE A8 C4 C2 8C B9  k...(..r:.......
03B0: 41 FD 69 33 C4 2B 70 B9   C8 E8 02 B6 EF F9 84 B8  A.i3.+p.........
03C0: 45 28 0D CB 61 7C 4B 08   32 22 D8 E6 D6 45 3D 67  E(..a.K.2"...E=g
03D0: 85 4D CD 49 79 C7 10 61   BC 79 B8 30 D0 46 2B A0  .M.Iy..a.y.0.F+.
03E0: BB 56 77 48 13 E8 66 30   A0 09 F3 C0 45 0E CE 0E  .VwH..f0....E...
03F0: C6 BB B4 3C 19 E6 CF 5B   84 FF D8 92 5B 13 5D FC  ...<...[....[.].
0400: B8 E3 24 09 C7 37 AA E7   3B AE 8C 31 3E 0F 5A 3A  ..$..7..;..1>.Z:
0410: D8 C5 08 7E 05 C8 B6 3A   60 24 38 61 B1 00 2D 25  .......:`$8a..-%
0420: 1F 37 22 65 28 ED C1 7E   33 02 DE 3F 5F 2E D9 CF  .7"e(...3..?_...
0430: 10 D3 33 CE E1 C8 FF 64   83 10 FC 92 9A 35 C5 13  ..3....d.....5..
0440: 7B B6 52 DC 48 EC 06 2D   F7 52 53 93 6F D8 63 E9  ..R.H..-.RS.o.c.
0450: 82 AC 77 B3 2B B0 FB DA   04 FF D6 BA C6 1F 8C AC  ..w.+...........
0460: EE AD 2F AD 32 C9 EE 06   0E 0D EF F9 DC C1 CE 0A  ../.2...........
0470: 70 6C 49 94 D3 8D F9 B9   27 5A 15 34 50 51 EC 0B  plI.....'Z.4PQ..
0480: 80 99 70 31 96 3E C4 D8   E8 AD 07 A6 FE 6D B4 7E  ..p1.>.......m..
0490: 44 B4 61 2A 68 2D 74 FF   0C B7 98 65 D0 EF 31 A0  D.a*h-t....e..1.
04A0: 61 9B 3D 89 2C B0 DA 7E   15 1A 0B 0D 50 3C B5 E4  a.=.,.......P<..
04B0: 13 80 9C 27 2A B4 4F 95   A3 96 A9 5C D4 A0 B4 1B  ...'*.O....\....
04C0: 42 EB 52 33 1C C5 FD 53   21 DC 42 9C 2B 83 6B 5D  B.R3...S!.B.+.k]
04D0: B2 E4 E7 F4 16 46 7A 84   41 2C 27 3F D6 6C 5D B5  .....Fz.A,'?.l].
04E0: 54 E5 CA 7F FD 6C 68 97   B9 E2 8C 47 BF 90 A0 51  T....lh....G...Q
04F0: A1 11 C5 CC 75 AC 1B 18   78 18 46 79 88 16 FA F0  ....u...x.Fy....
0500: 7E 63 59 13 BF 8A 98 83   72 57 60 47 EA E0 0A AA  .cY.....rW`G....
0510: 5F 33 AA F3 7F 05 EC FB   85 47 15 0B 7C 69 AD 02  _3.......G...i..
0520: D6 83 2C A0 01 EB 17 3B   BA B9 24 25 78 4F 20 D0  ..,....;..$%xO .
0530: 96 82 83 3E 97 F8 6E 60   71 CA 1C 00 14 59 1B 7F  ...>..n`q....Y..
0540: F3 46 A6 95 69 0E 52 B9   E9 8E 2A 58 D8 48 65 9D  .F..i.R...*X.He.
0550: 7E 5D 4D DE 7B DC FD 5E   41 ED 0E 4F 15 95 D7 4C  .]M....^A..O...L
0560: A1 A3 B2 12 5A 7D AC 68   FD 98 2D BF 42 AE 29 84  ....Z..h..-.B.).
0570: EB 27 65 92 EC 92 73 7C   5D B2 6B 79 7D 73 E6 51  .'e...s.].ky.s.Q
0580: E7 CF 76 5E 8B 66 D6 D3   9A B8 6C C7 FD FD F3 05  ..v^.f....l.....
0590: 31 66 4E 5F FD B3 F1 40   A4 89 2D 9A 99 F2 4A 87  1fN_...@..-...J.
05A0: 77 C7 29 94 AF 4D 09 2D   C4 3C 5B CC 22 27 63 97  w.)..M.-.<[."'c.
05B0: 2E 4C 38 BF 19 BB 0D 28   3B 9E 06 5D 30 C0 7B FC  .L8....(;..]0...
05C0: CF E7 85 AE 73 4D 46 35   55 58 0E D3 D0 AC CE 76  ....sMF5UX.....v
05D0: 83 87 0B 7D C5 6A 18 57   EB 37 D1 B4 33 05 BA C9  .....j.W.7..3...
05E0: 1E 4C C8 71 68 6E 0A 4B   DD CE DC 85 96 FD C3 30  .L.qhn.K.......0
05F0: 15 42 1F 0A C0 F4 3E 7E   5C 44 4E 45 62 F3 F6 5F  .B....>.\DNEb.._
0600: 07 25 4E 98 C7 22 60 C5   3D 72 6A 56 87 8A 70 2D  .%N.."`.=rjV..p-
0610: C1 95 BE 09 4D 0B F6 2B   FD B0 E0 27 31 C4 2D 45  ....M..+...'1.-E
0620: 0C C0 D7 F2 BB 82 E9 F5   38 05 ED 04 F2 00 C0 37  ........8......7
0630: EF 6E 9C BE 17 CA FA A9   4C A6 56 65 03 37 D0 6B  .n......L.Ve.7.k
0640: 7C D8 25 07 42 49 1F 6E   7E CA E6 DE 6D A1 E6 32  ..%.BI.n....m..2
0650: 4D 25 2A 95 13 4B 31 01   33 91 BD FF 51 20 42 C7  M%*..K1.3...Q B.
0660: E7 A0 EA 8D 6F 5A 5A 57   2F 63 5E 5B 98 6B D5 64  ....oZZW/c^[.k.d
0670: A6 0A F1 26 07 7F 2F B9   57 CD F5 E9 CB D8 6D FA  ...&../.W.....m.
0680: FC 4F F4 28 F9 51 2D 83   25 AE ED 66 57 52 4B 1F  .O.(.Q-.%..fWRK.
0690: 73 DC C7 4D 0F 90 4F 5F   77 B4 2C 45 89 97 64 47  s..M..O_w.,E..dG
06A0: 62 3D A4 C5 C9 76 D7 34   37 2C B2 12 EF 5D C0 5A  b=...v.47,...].Z
06B0: 2E 44 FE D4 96 F1 60 58   6C 11 CE EF 09 C8 29 E9  .D....`Xl.....).
06C0: 2E 98 36 80 BD 21 5A 41   E8 35 29 02 DF A0 90 D5  ..6..!ZA.5).....
06D0: BE 47 8B BA D8 46 D7 26   00 14 98 F8 4C B0 9D 03  .G...F.&....L...
06E0: 06 58 17 87 D3 3D BD D3   1F 1F C7 E6 9D 5D CC 11  .X...=.......]..
06F0: F8 68 C9 39 E8 72 7C 6B   1A 59 95 77 69 CC 6D 5F  .h.9.r.k.Y.wi.m_
0700: F4 1A C4 32 4C F7 8A EC   C2 9A 69 2E 0B 48 34 C2  ...2L.....i..H4.
0710: 49 A1 77 B8 4D 93 18 2A   AE 73 50 FE 27 6F 47 CA  I.w.M..*.sP.'oG.
0720: D5 1A BA D3 94 E9 57 A8   2F AB 16 33 38           ......W./..38

Client Principal = Login@CORPO.DOMAIN.COM
Server Principal = krbtgt/CORPO.DOMAIN.COM@CORPO.DOMAIN.COM
Session Key = EncryptionKey: keyType=23 keyBytes (hex dump)=
0000: B2 BE 18 1F BB 83 62 CE   C9 A2 D9 C5 96 20 18 DB  ......b...... ..


Forwardable Ticket false
Forwarded Ticket false
Proxiable Ticket false
Proxy Ticket false
Postdated Ticket false
Renewable Ticket false
Initial Ticket false
Auth Time = Thu Jul 24 09:14:13 CEST 2014
Start Time = Thu Jul 24 09:14:13 CEST 2014
End Time = Thu Jul 24 19:14:13 CEST 2014
Renew Till = null
Client Addresses  Null
        Private Credential: Kerberos Principal Login@CORPO.DOMAIN.COMKey Version 0key EncryptionKey: keyType=23 keyBytes (hex dump)=
0000: 2F B2 A5 13 00 0C BF E8   9E 37 4A D9 B0 60 2D 54  /........7J..`-T


        Private Credential: Kerberos Principal Login@CORPO.DOMAIN.COMKey Version 0key EncryptionKey: keyType=17 keyBytes (hex dump)=
0000: 50 F5 48 E9 99 D1 78 B0   27 A4 E4 10 C5 5B D5 DA  P.H...x.'....[..



09:14:13,455  INFO DummyUserDetailsService:20 - DummyUserDetailsService !!!! EXECUTE
09:14:13,456 DEBUG SecurityContextPersistenceFilter:90 - SecurityContextHolder now cleared, as request processing completed

Spring Security Conf

<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:sec="http://www.springframework.org/schema/security"
    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
                http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">

    <sec:http entry-point-ref="spnegoEntryPoint" auto-config="false">
        <sec:intercept-url pattern="/login*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
        <sec:intercept-url pattern="/j_spring_security_check*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
        <sec:intercept-url pattern="/**" access="ROLE_USER" />
        <sec:custom-filter ref="spnegoAuthenticationProcessingFilter" position="BASIC_PROCESSING_FILTER" />
        <sec:form-login login-page="/login" default-target-url="/source/hello" always-use-default-target="true"/>
    </sec:http>

    <bean id="spnegoEntryPoint" class="org.springframework.security.extensions.kerberos.web.SpnegoEntryPoint" />

    <bean id="spnegoAuthenticationProcessingFilter" class="org.springframework.security.extensions.kerberos.web.SpnegoAuthenticationProcessingFilter">
        <property name="authenticationManager" ref="authenticationManager" />
    </bean>

    <!-- LDAP Authentication provider -->
    <sec:authentication-manager alias="authenticationManager">
        <sec:authentication-provider ref="kerberosServiceAuthenticationProvider" />
        <sec:authentication-provider ref="kerberosAuthenticationProvider"/>
    </sec:authentication-manager>

    <bean id="kerberosServiceAuthenticationProvider"
        class="org.springframework.security.extensions.kerberos.KerberosServiceAuthenticationProvider">
        <property name="ticketValidator">
            <bean
                class="org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator">
                <property name="servicePrincipal"
                    value="HTTP/webappserver.linux.domain.com@CORPO.DOMAIN.COM" />
                <property name="keyTabLocation" value="file:/apps/bin/krb5/test.keytab" />
                <property name="debug" value="true" />
            </bean>
        </property>
        <property name="userDetailsService" ref="dummyUserDetailsServices" />
    </bean>

    <bean id="kerberosAuthenticationProvider" class="org.springframework.security.extensions.kerberos.KerberosAuthenticationProvider">
        <property name="kerberosClient">
            <bean class="org.springframework.security.extensions.kerberos.SunJaasKerberosClient">
                <property name="debug" value="true" />
            </bean>
        </property>
        <property name="userDetailsService" ref="dummyUserDetailsService" />
    </bean>

    <bean
        class="org.springframework.security.extensions.kerberos.GlobalSunJaasKerberosConfig">
        <property name="debug" value="true" />
        <property name="krbConfLocation" value="/apps/bin/krb5/krb5.conf" />
    </bean>

    <bean id="dummyUserDetailsService" class="com.web.skorpion.ldap.DummyUserDetailsService" />

</beans>

1 个答案:

答案 0 :(得分:0)

现在配置工作。 我已将BASIC_PROCESSING_FILTER更改为BASIC_AUTH_FILTER,但首先我更改了spring securito的版本。到3.2.4.RELEASE。