尝试通过登录表单配置Kerberos身份验证。我能够发送TGT,然后执行DummyUserDetailsService但最后我仍然获得状态500。 下面我附上日志和配置
09:14:13,316 DEBUG FilterChainProxy:176 - Converted URL to lowercase, from: '/j_spring_security_check'; to: '/j_spring_security_check'
09:14:13,317 DEBUG FilterChainProxy:183 - Candidate is: '/j_spring_security_check'; pattern is /**; matched=true
09:14:13,318 DEBUG FilterChainProxy:351 - /j_spring_security_check at position 1 of 9 in additional filter chain; firing Filter: 'org.springframework.security.web.context.SecurityContextPersistenceFilter@1e5b739'
09:14:13,318 DEBUG HttpSessionSecurityContextRepository:145 - HttpSession returned null object for SPRING_SECURITY_CONTEXT
09:14:13,319 DEBUG HttpSessionSecurityContextRepository:91 - No SecurityContext was available from the HttpSession: weblogic.servlet.internal.session.MemorySessionData@1d28f13. A new one will be created.
09:14:13,319 DEBUG FilterChainProxy:351 - /j_spring_security_check at position 2 of 9 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.UsernamePasswordAuthenticationProcessingFilter@6016b9'
09:14:13,319 DEBUG UsernamePasswordAuthenticationProcessingFilter:194 - Request is to process authentication
09:14:13,320 DEBUG ProviderManager:124 - Authentication attempt using org.springframework.security.extensions.kerberos.KerberosAuthenticationProvider
09:14:13,321 DEBUG SunJaasKerberosClient:55 - Trying to authenticate Login with Kerberos
09:14:13,453 DEBUG SunJaasKerberosClient:63 - Kerberos authenticated user: Subject:
Principal: Login@CORPO.DOMAIN.COM
Private Credential: Ticket (hex) =
0000: 61 82 07 29 30 82 07 25 A0 03 02 01 05 A1 13 1B a..)0..%........
0010: 11 43 4F 52 50 4F 2E 54 2D 4D 4F 42 49 4C 45 2E .CORPO.DOMAIN.COM.
0020: 50 4C A2 26 30 24 A0 03 02 01 02 A1 1D 30 1B 1B ..&0$.......0..
0030: 06 6B 72 62 74 67 74 1B 11 43 4F 52 50 4F 2E 54 .krbtgt..CORPO.
0040: 2D 4D 4F 42 49 4C 45 2E 50 4C A3 82 06 DF 30 82 .DOMAIN.COM....0.
0050: 06 DB A0 03 02 01 12 A1 03 02 01 02 A2 82 06 CD ................
0060: 04 82 06 C9 22 60 2B 12 13 B8 B5 AB 60 90 52 25 ...."`+.....`.R%
0070: 3F C8 9A D4 A7 19 C7 8D BF ED 97 A8 7D ED 94 33 ?..............3
0080: D7 9F 89 83 34 A0 49 24 80 06 04 F6 32 06 84 A5 ....4.I$....2...
0090: 72 AF 8C 05 7E 8C 55 1A C6 52 A9 97 46 4A A9 D0 r.....U..R..FJ..
00A0: E7 52 5E 37 64 B9 0E E4 32 18 1D 38 90 43 1A B8 .R^7d...2..8.C..
00B0: 88 CF BC 89 0B 08 2D 49 4B 04 91 27 97 8A C7 71 ......-IK..'...q
00C0: 27 FD 7E CA E0 19 E0 F8 42 50 E4 14 93 95 A2 96 '.......BP......
00D0: A5 90 E2 90 90 52 EB B0 EE C4 1F D5 78 19 C7 2A .....R......x..*
00E0: A1 F0 0F D8 A8 A2 84 A7 7D DB 20 DA 47 04 52 1D .......... .G.R.
00F0: B8 B7 A8 96 C7 11 7C 95 16 30 19 10 68 81 EC 2C .........0..h..,
0100: 16 BE 73 58 62 AA BF 85 55 B0 97 75 99 12 2F B8 ..sXb...U..u../.
0110: 87 53 A3 D1 17 A7 A0 16 9B FF 98 2F 15 2B DF 95 .S........./.+..
0120: 25 A5 07 0A D0 67 A1 49 E2 CE 3C 28 23 B5 48 0C %....g.I..<(#.H.
0130: 01 F2 5F 24 89 30 21 2B B0 84 E1 E3 0A 79 F4 2B .._$.0!+.....y.+
0140: 2D 36 AF B3 02 AA 56 69 19 45 57 84 14 8A AF 7F -6....Vi.EW.....
0150: B9 D1 F2 9E ED 1A 30 F4 5B E1 3A AA FE DB 2F 4D ......0.[.:.../M
0160: 4B 6C 7A B1 62 F6 7D E4 C4 43 75 CA 81 8E A6 2F Klz.b....Cu..../
0170: 88 34 60 D1 EA C6 0C FB 29 C0 7E 67 C2 1B 1E F1 .4`.....)..g....
0180: 4B 1C F2 B0 9E 8B E8 9D 8D C5 21 B5 B7 21 81 A9 K.........!..!..
0190: 80 F1 75 A4 53 5D E7 CC 20 97 48 04 F2 18 75 C8 ..u.S].. .H...u.
01A0: 91 93 FF 6D 44 8D E1 DF 10 D0 E2 6E E5 7F C7 E2 ...mD......n....
01B0: 48 1B 3A C5 AA 4C 68 99 10 F5 49 00 84 A2 48 82 H.:..Lh...I...H.
01C0: 48 A6 B0 FF 46 91 9C CD 25 1D 64 B2 73 51 0A C3 H...F...%.d.sQ..
01D0: 82 E1 F9 E9 56 FC 45 73 51 C8 08 91 42 97 08 2D ....V.EsQ...B..-
01E0: 89 38 66 96 48 EA 5F A3 1A B2 13 CF BA 7B C6 33 .8f.H._........3
01F0: E0 F6 E2 0F 18 EB 44 96 44 9F A2 F9 D6 BE 9C A9 ......D.D.......
0200: 7D 10 F2 98 E8 5E 3A 39 BC EA C2 7F 8D F0 75 EF .....^:9......u.
0210: 0D 25 2C 08 C4 7F 92 12 80 08 F1 1F 06 62 FA C4 .%,..........b..
0220: CC E4 A4 A8 BC A1 A9 7E 49 32 09 15 6A 8A 1B 89 ........I2..j...
0230: 82 53 E2 64 A4 E9 85 2A CE AC 99 0E A2 29 6F C4 .S.d...*.....)o.
0240: 04 14 A4 96 67 F9 FE 46 CC 2B F4 B7 76 43 6F 18 ....g..F.+..vCo.
0250: CA 92 89 77 31 AB CD 73 CD F6 1D FB 40 DF 38 DF ...w1..s....@.8.
0260: B4 78 98 5A 1B 48 26 EA D5 93 0C 04 B6 AD 18 B4 .x.Z.H&.........
0270: 4E B2 B5 17 E8 D2 1F E7 E8 C7 89 36 FC B3 95 5E N..........6...^
0280: A4 4E D1 F2 56 79 9D 92 37 F5 03 94 06 62 68 C2 .N..Vy..7....bh.
0290: 56 1D 68 4B 87 21 17 4F 02 86 33 D1 E5 A9 F4 8D V.hK.!.O..3.....
02A0: 45 4E FB FC 7C F6 BA 28 7A F2 F8 50 0E 8A 34 20 EN.....(z..P..4
02B0: A1 5C 92 F2 3F 61 32 E4 15 27 04 B3 8C 7E C1 25 .\..?a2..'.....%
02C0: 54 14 66 BF BA 52 8C D8 4D 47 BB B7 37 61 10 B9 T.f..R..MG..7a..
02D0: 4A EC BE D1 2F 08 8B B4 54 34 71 39 6D 47 A4 0C J.../...T4q9mG..
02E0: C0 68 55 5B B5 2B 9E 6D 22 30 76 BF 78 65 9B A1 .hU[.+.m"0v.xe..
02F0: 03 D0 6E 45 38 A9 22 A9 44 43 20 DA 6D B6 C1 61 ..nE8.".DC .m..a
0300: 0B 04 B0 72 D9 FC 23 FE D1 6F 30 EC 51 34 70 38 ...r..#..o0.Q4p8
0310: 1A 60 FA F8 FE 58 A2 06 A2 83 5E 38 36 7B 2C 38 .`...X....^86.,8
0320: D0 AF 7F 24 96 8D EB F9 90 DE EE 32 EA 3D 57 3D ...$.......2.=W=
0330: 07 3E FE 8D 0C 96 F3 2E FB E2 09 D8 32 2C EF 65 .>..........2,.e
0340: EC 53 1B 08 F6 D2 37 63 45 AB FB 04 B3 79 1C 03 .S....7cE....y..
0350: 1B 21 3B 67 F7 C3 21 2D 58 BB D6 AF D4 6A FD 30 .!;g..!-X....j.0
0360: 60 7D AF 3E 1F 13 A7 8B C6 25 D0 8E CE FD 8C FA `..>.....%......
0370: 09 D4 47 F5 60 19 B2 2F E1 D6 D4 B5 F5 0B 98 5F ..G.`../......._
0380: 08 F4 5B E8 F4 F3 91 A5 E3 5D DA 7C 43 69 30 58 ..[......]..Ci0X
0390: 9E 33 68 B9 A9 2B 89 8C F5 12 42 D9 2C 0F 46 11 .3h..+....B.,.F.
03A0: 6B 96 14 AE 28 0B 2E 72 3A 12 CE A8 C4 C2 8C B9 k...(..r:.......
03B0: 41 FD 69 33 C4 2B 70 B9 C8 E8 02 B6 EF F9 84 B8 A.i3.+p.........
03C0: 45 28 0D CB 61 7C 4B 08 32 22 D8 E6 D6 45 3D 67 E(..a.K.2"...E=g
03D0: 85 4D CD 49 79 C7 10 61 BC 79 B8 30 D0 46 2B A0 .M.Iy..a.y.0.F+.
03E0: BB 56 77 48 13 E8 66 30 A0 09 F3 C0 45 0E CE 0E .VwH..f0....E...
03F0: C6 BB B4 3C 19 E6 CF 5B 84 FF D8 92 5B 13 5D FC ...<...[....[.].
0400: B8 E3 24 09 C7 37 AA E7 3B AE 8C 31 3E 0F 5A 3A ..$..7..;..1>.Z:
0410: D8 C5 08 7E 05 C8 B6 3A 60 24 38 61 B1 00 2D 25 .......:`$8a..-%
0420: 1F 37 22 65 28 ED C1 7E 33 02 DE 3F 5F 2E D9 CF .7"e(...3..?_...
0430: 10 D3 33 CE E1 C8 FF 64 83 10 FC 92 9A 35 C5 13 ..3....d.....5..
0440: 7B B6 52 DC 48 EC 06 2D F7 52 53 93 6F D8 63 E9 ..R.H..-.RS.o.c.
0450: 82 AC 77 B3 2B B0 FB DA 04 FF D6 BA C6 1F 8C AC ..w.+...........
0460: EE AD 2F AD 32 C9 EE 06 0E 0D EF F9 DC C1 CE 0A ../.2...........
0470: 70 6C 49 94 D3 8D F9 B9 27 5A 15 34 50 51 EC 0B plI.....'Z.4PQ..
0480: 80 99 70 31 96 3E C4 D8 E8 AD 07 A6 FE 6D B4 7E ..p1.>.......m..
0490: 44 B4 61 2A 68 2D 74 FF 0C B7 98 65 D0 EF 31 A0 D.a*h-t....e..1.
04A0: 61 9B 3D 89 2C B0 DA 7E 15 1A 0B 0D 50 3C B5 E4 a.=.,.......P<..
04B0: 13 80 9C 27 2A B4 4F 95 A3 96 A9 5C D4 A0 B4 1B ...'*.O....\....
04C0: 42 EB 52 33 1C C5 FD 53 21 DC 42 9C 2B 83 6B 5D B.R3...S!.B.+.k]
04D0: B2 E4 E7 F4 16 46 7A 84 41 2C 27 3F D6 6C 5D B5 .....Fz.A,'?.l].
04E0: 54 E5 CA 7F FD 6C 68 97 B9 E2 8C 47 BF 90 A0 51 T....lh....G...Q
04F0: A1 11 C5 CC 75 AC 1B 18 78 18 46 79 88 16 FA F0 ....u...x.Fy....
0500: 7E 63 59 13 BF 8A 98 83 72 57 60 47 EA E0 0A AA .cY.....rW`G....
0510: 5F 33 AA F3 7F 05 EC FB 85 47 15 0B 7C 69 AD 02 _3.......G...i..
0520: D6 83 2C A0 01 EB 17 3B BA B9 24 25 78 4F 20 D0 ..,....;..$%xO .
0530: 96 82 83 3E 97 F8 6E 60 71 CA 1C 00 14 59 1B 7F ...>..n`q....Y..
0540: F3 46 A6 95 69 0E 52 B9 E9 8E 2A 58 D8 48 65 9D .F..i.R...*X.He.
0550: 7E 5D 4D DE 7B DC FD 5E 41 ED 0E 4F 15 95 D7 4C .]M....^A..O...L
0560: A1 A3 B2 12 5A 7D AC 68 FD 98 2D BF 42 AE 29 84 ....Z..h..-.B.).
0570: EB 27 65 92 EC 92 73 7C 5D B2 6B 79 7D 73 E6 51 .'e...s.].ky.s.Q
0580: E7 CF 76 5E 8B 66 D6 D3 9A B8 6C C7 FD FD F3 05 ..v^.f....l.....
0590: 31 66 4E 5F FD B3 F1 40 A4 89 2D 9A 99 F2 4A 87 1fN_...@..-...J.
05A0: 77 C7 29 94 AF 4D 09 2D C4 3C 5B CC 22 27 63 97 w.)..M.-.<[."'c.
05B0: 2E 4C 38 BF 19 BB 0D 28 3B 9E 06 5D 30 C0 7B FC .L8....(;..]0...
05C0: CF E7 85 AE 73 4D 46 35 55 58 0E D3 D0 AC CE 76 ....sMF5UX.....v
05D0: 83 87 0B 7D C5 6A 18 57 EB 37 D1 B4 33 05 BA C9 .....j.W.7..3...
05E0: 1E 4C C8 71 68 6E 0A 4B DD CE DC 85 96 FD C3 30 .L.qhn.K.......0
05F0: 15 42 1F 0A C0 F4 3E 7E 5C 44 4E 45 62 F3 F6 5F .B....>.\DNEb.._
0600: 07 25 4E 98 C7 22 60 C5 3D 72 6A 56 87 8A 70 2D .%N.."`.=rjV..p-
0610: C1 95 BE 09 4D 0B F6 2B FD B0 E0 27 31 C4 2D 45 ....M..+...'1.-E
0620: 0C C0 D7 F2 BB 82 E9 F5 38 05 ED 04 F2 00 C0 37 ........8......7
0630: EF 6E 9C BE 17 CA FA A9 4C A6 56 65 03 37 D0 6B .n......L.Ve.7.k
0640: 7C D8 25 07 42 49 1F 6E 7E CA E6 DE 6D A1 E6 32 ..%.BI.n....m..2
0650: 4D 25 2A 95 13 4B 31 01 33 91 BD FF 51 20 42 C7 M%*..K1.3...Q B.
0660: E7 A0 EA 8D 6F 5A 5A 57 2F 63 5E 5B 98 6B D5 64 ....oZZW/c^[.k.d
0670: A6 0A F1 26 07 7F 2F B9 57 CD F5 E9 CB D8 6D FA ...&../.W.....m.
0680: FC 4F F4 28 F9 51 2D 83 25 AE ED 66 57 52 4B 1F .O.(.Q-.%..fWRK.
0690: 73 DC C7 4D 0F 90 4F 5F 77 B4 2C 45 89 97 64 47 s..M..O_w.,E..dG
06A0: 62 3D A4 C5 C9 76 D7 34 37 2C B2 12 EF 5D C0 5A b=...v.47,...].Z
06B0: 2E 44 FE D4 96 F1 60 58 6C 11 CE EF 09 C8 29 E9 .D....`Xl.....).
06C0: 2E 98 36 80 BD 21 5A 41 E8 35 29 02 DF A0 90 D5 ..6..!ZA.5).....
06D0: BE 47 8B BA D8 46 D7 26 00 14 98 F8 4C B0 9D 03 .G...F.&....L...
06E0: 06 58 17 87 D3 3D BD D3 1F 1F C7 E6 9D 5D CC 11 .X...=.......]..
06F0: F8 68 C9 39 E8 72 7C 6B 1A 59 95 77 69 CC 6D 5F .h.9.r.k.Y.wi.m_
0700: F4 1A C4 32 4C F7 8A EC C2 9A 69 2E 0B 48 34 C2 ...2L.....i..H4.
0710: 49 A1 77 B8 4D 93 18 2A AE 73 50 FE 27 6F 47 CA I.w.M..*.sP.'oG.
0720: D5 1A BA D3 94 E9 57 A8 2F AB 16 33 38 ......W./..38
Client Principal = Login@CORPO.DOMAIN.COM
Server Principal = krbtgt/CORPO.DOMAIN.COM@CORPO.DOMAIN.COM
Session Key = EncryptionKey: keyType=23 keyBytes (hex dump)=
0000: B2 BE 18 1F BB 83 62 CE C9 A2 D9 C5 96 20 18 DB ......b...... ..
Forwardable Ticket false
Forwarded Ticket false
Proxiable Ticket false
Proxy Ticket false
Postdated Ticket false
Renewable Ticket false
Initial Ticket false
Auth Time = Thu Jul 24 09:14:13 CEST 2014
Start Time = Thu Jul 24 09:14:13 CEST 2014
End Time = Thu Jul 24 19:14:13 CEST 2014
Renew Till = null
Client Addresses Null
Private Credential: Kerberos Principal Login@CORPO.DOMAIN.COMKey Version 0key EncryptionKey: keyType=23 keyBytes (hex dump)=
0000: 2F B2 A5 13 00 0C BF E8 9E 37 4A D9 B0 60 2D 54 /........7J..`-T
Private Credential: Kerberos Principal Login@CORPO.DOMAIN.COMKey Version 0key EncryptionKey: keyType=17 keyBytes (hex dump)=
0000: 50 F5 48 E9 99 D1 78 B0 27 A4 E4 10 C5 5B D5 DA P.H...x.'....[..
09:14:13,455 INFO DummyUserDetailsService:20 - DummyUserDetailsService !!!! EXECUTE
09:14:13,456 DEBUG SecurityContextPersistenceFilter:90 - SecurityContextHolder now cleared, as request processing completed
Spring Security Conf
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:sec="http://www.springframework.org/schema/security"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<sec:http entry-point-ref="spnegoEntryPoint" auto-config="false">
<sec:intercept-url pattern="/login*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<sec:intercept-url pattern="/j_spring_security_check*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<sec:intercept-url pattern="/**" access="ROLE_USER" />
<sec:custom-filter ref="spnegoAuthenticationProcessingFilter" position="BASIC_PROCESSING_FILTER" />
<sec:form-login login-page="/login" default-target-url="/source/hello" always-use-default-target="true"/>
</sec:http>
<bean id="spnegoEntryPoint" class="org.springframework.security.extensions.kerberos.web.SpnegoEntryPoint" />
<bean id="spnegoAuthenticationProcessingFilter" class="org.springframework.security.extensions.kerberos.web.SpnegoAuthenticationProcessingFilter">
<property name="authenticationManager" ref="authenticationManager" />
</bean>
<!-- LDAP Authentication provider -->
<sec:authentication-manager alias="authenticationManager">
<sec:authentication-provider ref="kerberosServiceAuthenticationProvider" />
<sec:authentication-provider ref="kerberosAuthenticationProvider"/>
</sec:authentication-manager>
<bean id="kerberosServiceAuthenticationProvider"
class="org.springframework.security.extensions.kerberos.KerberosServiceAuthenticationProvider">
<property name="ticketValidator">
<bean
class="org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator">
<property name="servicePrincipal"
value="HTTP/webappserver.linux.domain.com@CORPO.DOMAIN.COM" />
<property name="keyTabLocation" value="file:/apps/bin/krb5/test.keytab" />
<property name="debug" value="true" />
</bean>
</property>
<property name="userDetailsService" ref="dummyUserDetailsServices" />
</bean>
<bean id="kerberosAuthenticationProvider" class="org.springframework.security.extensions.kerberos.KerberosAuthenticationProvider">
<property name="kerberosClient">
<bean class="org.springframework.security.extensions.kerberos.SunJaasKerberosClient">
<property name="debug" value="true" />
</bean>
</property>
<property name="userDetailsService" ref="dummyUserDetailsService" />
</bean>
<bean
class="org.springframework.security.extensions.kerberos.GlobalSunJaasKerberosConfig">
<property name="debug" value="true" />
<property name="krbConfLocation" value="/apps/bin/krb5/krb5.conf" />
</bean>
<bean id="dummyUserDetailsService" class="com.web.skorpion.ldap.DummyUserDetailsService" />
</beans>
答案 0 :(得分:0)
现在配置工作。 我已将BASIC_PROCESSING_FILTER更改为BASIC_AUTH_FILTER,但首先我更改了spring securito的版本。到3.2.4.RELEASE。