Hik*_*ari 3 tomcat kerberos spnego jgss
我正在使用http://spnego.sourceforge.net/spnego_tomcat.html教程尝试将Tomcat配置为使用spnego。
Hello_KDC.java工作正常,并且能够进行身份验证。如果我使用了错误的密码,则会收到错误Exception,因此它可以正常工作。
但是,当我尝试将该教程用于Tomcat时,它就坏了。Tomcat ROOT / index.jsp变为空白,并且在监视时我看到它返回404。log \ host-manager.2013-02-22.log具有以下内容:
Fev 22, 2013 1:39:03 PM org.apache.catalina.core.StandardContext filterStart
SEVERE: Exception starting filter SpnegoHttpFilter
javax.servlet.ServletException: javax.security.auth.login.LoginException: Cannot locate default realm
at net.sourceforge.spnego.SpnegoHttpFilter.init(SpnegoHttpFilter.java:198)
at org.apache.catalina.core.ApplicationFilterConfig.initFilter(ApplicationFilterConfig.java:281)
at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:262)
at org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:107)
at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:4656)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5309)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:901)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:877)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:633)
at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1114)
at org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1673)
at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: javax.security.auth.login.LoginException: Cannot locate default realm
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Unknown Source)
at com.sun.security.auth.module.Krb5LoginModule.login(Unknown Source)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at javax.security.auth.login.LoginContext.invoke(Unknown Source)
at javax.security.auth.login.LoginContext.access$000(Unknown Source)
at javax.security.auth.login.LoginContext$4.run(Unknown Source)
at javax.security.auth.login.LoginContext$4.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(Unknown Source)
at javax.security.auth.login.LoginContext.login(Unknown Source)
at net.sourceforge.spnego.SpnegoAuthenticator.<init>(SpnegoAuthenticator.java:161)
at net.sourceforge.spnego.SpnegoHttpFilter.init(SpnegoHttpFilter.java:196)
... 17 more
Caused by: KrbException: Cannot locate default realm
at sun.security.krb5.PrincipalName.<init>(Unknown Source)
... 32 more
Caused by: KrbException: Cannot locate default realm
at sun.security.krb5.Config.getDefaultRealm(Unknown Source)
... 33 more
Caused by: KrbException: Generic error (description in e-text) (60) - Unable to locate Kerberos realm
at sun.security.krb5.Config.getRealmFromDNS(Unknown Source)
... 34 more
这是在tomcat启动期间发生的,然后才从浏览器加载任何页面。当我尝试加载页面时,未添加任何日志。
在krb5.conf中,我尝试使用主机名和IP并得到相同的错误。位于krb5.conf和login.conf,因为如果删除它们,则会得到以下日志:
Fev 22, 2013 1:46:05 PM org.apache.catalina.core.StandardContext filterStart
SEVERE: Exception starting filter SpnegoHttpFilter
java.lang.SecurityException: login.conf (tal arquivo ou diretório não existe)
at com.sun.security.auth.login.ConfigFile.<init>(Unknown Source)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at java.lang.Class.newInstance0(Unknown Source)
at java.lang.Class.newInstance(Unknown Source)
at javax.security.auth.login.Configuration$3.run(Unknown Source)
at javax.security.auth.login.Configuration$3.run(Unknown Source)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.Configuration.getConfiguration(Unknown Source)
at net.sourceforge.spnego.SpnegoFilterConfig.doClientModule(SpnegoFilterConfig.java:176)
at net.sourceforge.spnego.SpnegoFilterConfig.<init>(SpnegoFilterConfig.java:138)
at net.sourceforge.spnego.SpnegoFilterConfig.getInstance(SpnegoFilterConfig.java:314)
at net.sourceforge.spnego.SpnegoHttpFilter.init(SpnegoHttpFilter.java:193)
at org.apache.catalina.core.ApplicationFilterConfig.initFilter(ApplicationFilterConfig.java:281)
at org.apache.catalina.core.ApplicationFilterConfig.getFilter(ApplicationFilterConfig.java:262)
at org.apache.catalina.core.ApplicationFilterConfig.<init>(ApplicationFilterConfig.java:107)
at org.apache.catalina.core.StandardContext.filterStart(StandardContext.java:4656)
at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5309)
at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:150)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:901)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:877)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:633)
at org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1114)
at org.apache.catalina.startup.HostConfig$DeployDirectory.run(HostConfig.java:1673)
at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.util.concurrent.FutureTask$Sync.innerRun(Unknown Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.io.IOException: login.conf (tal arquivo ou diretório não existe)
at com.sun.security.auth.login.ConfigFile.init(Unknown Source)
... 32 more
知道会发生什么吗?
异常的一个可能原因KrbException: Cannot locate default realm是登录模块无法找到您的krb5.conf.
为 Windows 集成身份验证配置 Tomcat的说明指出,krb5.conf应该将 Tomcat 放置在 Tomcat 主目录中,例如 C:\Tomcat\ 如果您使用的是 Windows。
然而,一般来说,(即不是特定于您所指的 Sourceforge 项目)登录模块将查找的默认位置在此处krb5.conf定义:
如果设置了系统属性 java.security.krb5.conf,则假定其值指定路径和文件名。
如果未设置该系统属性值,则在目录中查找配置文件:
- \lib\security (Windows)
- /lib/security(Solaris 和 Linux)
如果仍未找到该文件,则尝试按如下方式定位它:
- /etc/krb5/krb5.conf (Solaris)
- c:\winnt\krb5.ini (Windows)
- /etc/krb5.conf (Linux)
设置一些附加属性以激活调试日志记录有助于确定您的特定应用程序在何处查找 krb5.conf:
System.setProperty("sun.security.krb5.debug", "true");
根据您的情况,调试输出可以打印以下部分或全部内容:
系统属性 java.security.krb5.conf 未设置,因此模块在默认的系统特定位置查找:
Java config name: null
Native config name: /etc/krb5.conf
Loaded from native config
设置系统属性 java.security.krb5.conf 并找到文件:
Java config name: krb5.conf
Loaded from Java config
系统属性 java.security.krb5.conf 已设置但未找到文件:
Java config name: krb5.conf
请注意,在最后一个示例中,没有确认已加载配置。在这种情况下,您将看到异常消息:KrbException: Cannot locate default realm)
这可能意味着两件事:
这是一个示例krb5.conf供参考。请注意,在这种情况下,我的tomcat托管计算机位于KERBOS.COM上
[libdefaults]
default_realm = KERBOS.COM
ticket_lifetime = 36000
[realms]
KERBOS.COM = {
kdc = 10.1.2.3
admin_server = INQS28KERB01
default_domain = KERBOS.COM
}
[domain_realm]
.mycompany.com = KERBOS.COM
[appdefaults]
autologin = true
forward = true
forwardable = true
encrypt = true
对我来说,这有效。请提供您的krb5.conf以获得详细信息。此外,还请提供您所做的tomcat过滤器编辑,这可能是错误的配置。
| 归档时间: |
|
| 查看次数: |
26572 次 |
| 最近记录: |