Spring Security-如果Kerberos失败则退回到基本身份验证

时间:2019-01-20 22:21:08

标签: spring-boot spring-security kerberos ntlm spring-security-kerberos

如果Kerberos身份验证失败(例如,客户端不在域中),如何启用回退到基本身份验证?在下面的配置下,不会出现浏览器身份验证窗口,并且会引发以下异常:

org.springframework.security.authentication.BadCredentialsException: Kerberos validation not successful
org.ietf.jgss.GSSException: Defective token detected (Mechanism level: GSSHeader did not find the right tag)

我的WebSecurityConfigurerAdapter实现的相关部分:

 @Override
 protected void configure(HttpSecurity http) throws Exception {
     http
             .exceptionHandling()
             .authenticationEntryPoint(spnegoEntryPoint())
             .and()
             .authorizeRequests()
             .anyRequest()
             .authenticated()
             .and()
             .logout()
             .permitAll()
             .and()
             .addFilterBefore(
                     spnegoAuthenticationProcessingFilter(),
                     BasicAuthenticationFilter.class);
    }

 @Bean
 public SpnegoEntryPoint spnegoEntryPoint() {
     return new SpnegoEntryPoint("/");
 }

@Bean
public SpnegoAuthenticationProcessingFilter spnegoAuthenticationProcessingFilter() {
    SpnegoAuthenticationProcessingFilter filter = new SpnegoAuthenticationProcessingFilter();
    try {
        filter.setAuthenticationManager(authenticationManagerBean());
    } catch (Exception e) {
        log.error("Failed to set AuthenticationManager on SpnegoAuthenticationProcessingFilter.", e);
    }
    return filter;
} 

0 个答案:

没有答案