我有一个运行为weblogic启动类的应用程序。当它到达必须从我的应用程序请求服务的点时,使用Kerberos服务主体设置我获得401 Unauthorized异常(如下所示)。
当我使用正常的私有静态void main方法运行应用程序时,使用完全相同的JVM参数和配置文件(如下所示),它可以工作。
我使用Wireshark查看发生了什么,我可以看到它只尝试使用该服务一次,而不是两次,这意味着Weblogic不知道如何协商身份验证。似乎Weblogic完全忽略了我的JVM参数,因为即使将debug=true添加到jvm参数和配置文件中,也没有在Weblogic中使用Kerberos的迹象。我还设置了日志级别以进行调试并启用atn和atz监视没有使用任何Kerberos的痕迹
这是我的论点(我在路径中测试了单斜线和双斜线以及添加qoutes而不是)
set JAVA_OPTIONS_KRB5_CREDS="-Djavax.security.auth.useSubjectCredsOnly=false"
set JAVA_OPTIONS_KRB5_CONF="-Djava.security.auth.login.config=C:\Mywork\wl12213\user_projects\domains\KSS\config\login.conf"
set JAVA_OPTIONS_KRB5_INI="-Djava.security.krb5.conf=C:\Mywork\wl12213\user_projects\domains\KSS\config\krb5.conf"
set JAVA_OPTIONS_KRB5_DEBUG="-Dsun.security.krb5.debug=true"
set JAVA_OPTIONS=%JAVA_OPTIONS% %JAVA_OPTIONS_KRB5_CREDS% %JAVA_OPTIONS_KRB5_CONF% %JAVA_OPTIONS_KRB5_INI% %JAVA_OPTIONS_KRB5_DEBUG%
这是我的主要课程
URL url = new URL("url to service (Using the url the SPN is registered to)");
QName qname = new QName("schema");
Service service = Service.create(url, qname);
keystoreService = service.getPort(new QName("schema", "KeystoreServiceSoap11"), KeystoreService.class);
GetKeystoreRequest request = new GetKeystoreRequest();
request.setKeystoreType(StoreType.IDENTITY_STORE);
request.setMachineName(machineName);
GetKeystoreResponse response = keystoreService.getKeystore(request);
login.conf文件
com.sun.security.jgss.krb5.initiate {
com.sun.security.auth.module.Krb5LoginModule required principal="KHULE" useKeyTab="true" keyTab="C:\\Mywork\\wl12213\\user_projects\\domains\\KSS\\config\\weblogic.keytab" storeKey="true" debug=true;
};
例外
Caused by: com.sun.xml.ws.client.ClientTransportException: The server sent HTTP status code 401: Unauthorized
at com.sun.xml.ws.transport.http.client.HttpTransportPipe.checkStatusCode(HttpTransportPipe.java:332)
at com.sun.xml.ws.transport.http.client.HttpTransportPipe.createResponsePacket(HttpTransportPipe.java:274)
at com.sun.xml.ws.transport.http.client.HttpTransportPipe.process(HttpTransportPipe.java:232)
at weblogic.wsee.jaxws.transport.http.client.WLSHttpTransportPipe.process(WLSHttpTransportPipe.java:30)
at com.sun.xml.ws.transport.http.client.HttpTransportPipe.processRequest(HttpTransportPipe.java:145)
at com.sun.xml.ws.transport.DeferredTransportPipe.processRequest(DeferredTransportPipe.java:110)
at com.sun.xml.ws.api.pipe.Fiber.__doRun(Fiber.java:1136)
at com.sun.xml.ws.api.pipe.Fiber._doRun(Fiber.java:1050)
at com.sun.xml.ws.api.pipe.Fiber.doRun(Fiber.java:1019)
at com.sun.xml.ws.api.pipe.Fiber.runSync(Fiber.java:877)
at com.sun.xml.ws.client.Stub.process(Stub.java:463)
at com.sun.xml.ws.client.sei.SEIStub.doProcess(SEIStub.java:191)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:108)
at com.sun.xml.ws.client.sei.SyncMethodHandler.invoke(SyncMethodHandler.java:92)
at com.sun.xml.ws.client.sei.SEIStub.invoke(SEIStub.java:161)
at com.sun.proxy.$Proxy147.getKeystore(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at weblogic.wsee.jaxws.spi.ClientInstanceInvocationHandler.invoke(ClientInstanceInvocationHandler.java:147)
at com.sun.proxy.$Proxy148.getKeystore(Unknown Source)
at za.co.discovery.security.camanager.clients.weblogic.KeyStoreFactory.getIdentityStore(KeyStoreFactory.java:66)
你能帮帮我吗?