我正在尝试将 Spenego 与 Wildfly 8.2.1 应用程序服务器集成,并且已经按照以下链接中提到的步骤进行操作
https://github.com/dstraub/spnego-wildfly
但是,我仍然难以将spenego与wildfly集成在一起。它总是在日志文件中引发以下异常:
2018-07-15 18:41:15,722 ERROR [de.ctrlaltdel.SpnegoAuthenticationMechanism] (default task-63) HTTP Authorization Header=Negotiate TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGA4AlAAAADw==
2018-07-15 18:41:16,334 ERROR [de.ctrlaltdel.SpnegoAuthenticationMechanism] (default task-1) HTTP Authorization Header=Negotiate TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAGA4AlAAAADw==
下面是我的项目结构:
Application.ear
│
├───META-INF
│ application.xml
│ jboss-app.xml
│ jboss-deployment-structure.xml
│
|───Application.war
│ └───WEB-INF
│ │ jboss-web.xml
│ │ web.xml
将spnego-auth-1.0.1.jar复制到Application.war / WEB_INF / lib文件夹中。
standalone-full.xml
<system-properties>
<property name="sun.security.krb5.debug" value="true"/>
<property name="java.security.krb5.kdc" value="hostname.domain.com"/>
<property name="java.security.krb5.realm" value="DOMAIN.COM"/>
<property name="java.security.krb5.conf" value="C:/wildfly-8.2.1.Final/modules/com/ca/iam/configuration/main/krb5.conf"/>
<property name="jboss.security.disable.secdomain.option" value="true"/>
<property name="spnego.allow.basic" value="false"/>
<property name="spnego.allow.localhost" value="true"/>
<property name="spnego.allow.unsecure.basic" value="true"/>
<property name="spnego.prompt.ntlm" value="false"/>
<property name="spnego.login.client.module" value="spnego-roles"/>
</system-properties>
<security-domain name="spnego-server">
<authentication>
<login-module code="com.sun.security.auth.module.Krb5LoginModule" flag="required">
<module-option name="debug" value="true"/>
<module-option name="storeKey" value="true"/>
<module-option name="refreshKrb5Config" value="true"/>
<module-option name="useKeyTab" value="true"/>
<module-option name="doNotPrompt" value="true"/>
<module-option name="keyTab" value="C:/wildfly-8.2.1.Final/modules/com/ca/iam/configuration/main/iwa.host.keytab"/>
<module-option name="principal" value="HOST/hostname.domain.com@DOMAIN.COM"/>
</login-module>
</authentication>
</security-domain>
<security-domain name="spnego-roles" cache-type="default">
<authentication>
<login-module code="de.ctrlaltdel.SpnegoAckLoginModule" flag="required"/>
</authentication>
</security-domain>
jboss-web.xml
<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
<security-domain>spnego-roles</security-domain>
</jboss-web>
krb5.conf
[libdefaults]
default_realm = DOMAIN.COM
default_tkt_enctypes = aes128-cts rc4-hmac aes256-cts des-cbc-md5
default_tgs_enctypes = aes128-cts rc4-hmac aes256-cts des-cbc-md5
permitted_enctypes = aes128-cts rc4-hmac aes256-cts des-cbc-md5
[realms]
DOMAIN.COM = {
kdc = hostname.domain.com
default_domain = DOMAIN.COM
}
[domain_realm]
.domain.com = DOMAIN.COM
web.xml
<web-app>
<security-constraint>
<web-resource-collection>
<web-resource-name>sample</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>POST</http-method>
<http-method>GET</http-method>
</web-resource-collection>
<!-- <auth-constraint>
<role-name>*</role-name>
</auth-constraint>
-->
</security-constraint>
<login-config>
<auth-method>SPNEGO</auth-method>
</login-config>
<security-role>
<role-name>login</role-name>
</security-role>
</web-app>
修改
如果在协商身份验证方案的情况下尝试使用任何浏览器(chrome,IE或FF)访问我的应用程序,则身份验证失败。 GSSContext未建立,我不明白为什么。我没有任何异常或错误,只是没有建立GSSContext的事实。调试之后,我可以看到context.isFounded()始终返回false。
context.currentState = 2
context.mechOid = 1.3.6.1.5.5.2
SpnegoAuthScheme.scheme = Negotiate
SpnegoAuthScheme.token = YH0GBisGAQUFAqBzMHGgMDAuBgorBgEEAYI3AgIKBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICHqI9BDtOVExNU1NQAAEAAACXsgjiBQAFADYAAAAOAA4AKAAAAAYDgCUAAAAPQ0hJTkEwNi1JMTYwMzVQQU1TQw==