我有一个简单的Spring MVC应用程序,它将在连接到外部域时尝试使用Kerberos身份验证(尝试创建Atlassian JIRA票证)。这是我的代码
System.setProperty("java.security.auth.login.config", path + File.separator + "config/auth.conf");
System.setProperty("java.security.krb5.conf", path + File.separator + "config/krb5.conf");
try {
LoginContext lc = new LoginContext("CodePlugin");
lc.login(); // Breaks here at login
我的配置很好,但我收到以下错误消息
Debug is true storeKey false useTicketCache true useKeyTab false doNotPrompt false ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is true principal is null tryFirstPass is false useFirstPass is false storePass is false clearPass is false
Refreshing Kerberos configuration
Acquire TGT from Cache
Principal is null
null credentials from Ticket Cache
[Krb5LoginModule] authentication failed
No CallbackHandler available to garner authentication information from the user
javax.security.auth.login.LoginException: No CallbackHandler available to garner authentication information from the user
这是我的auth.conf
com.sun.security.jgss.initiate {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=false
storeKey=false
debug=true
useTicketCache=true
refreshKrb5Config=true
isInitiator=true;
};
CodePlugin {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=false
storeKey=false
debug=true
useTicketCache=true
refreshKrb5Config=true
isInitiator=true
};
和krb5.conf
[libdefaults]
default_realm = MY.DOMAIN.COM
ticket_lifetime = 36000
forwardable = true
default_etypes = asdf asdf asdf
default_etypes_des = asdf asdf asdf
default_tkt_enctypes = asdf asdf asdf
default_tgs_enctypes = asdf asdf asdfcrc
permitted_enctypes = asdf asdf asdf
[realms]
.my.domain.com = {
default_domain = MY.DOMAIN.COM
}
[domain_realm]
my.domain.com = MY.DOMAIN.COM
我不确定如何设置CallbackHandler并将凭据传递给我的LoginContext。有些文章提到创建login.conf并在那里传递凭据我已经尝试了但是我得到了同样的错误。抱歉,但我对Kerberos AuthN很新。我可以参考的任何建议或文件?
非常感谢!