search

spring-projects / spring-security-kerberos

Spring Security Kerberos
https://spring.io/projects/spring-security-kerberos
182 stars 226 forks source link

Can you provide an example of a spring boot integrated kerberos? #140

Open zhengdayday opened 5 years ago

GyllingSW commented 5 years ago

I have a working example on my personal GitHub.

https://github.com/GyllingSW/kerberos-demo

It's against spring boot version 1.3.x, so a little rework must be expected

Peter Gylling Jørgensen Skovbakken 16 Vigersted 4100 Ringsted Mobil: 42442890

tir. 19. mar. 2019 08.19 skrev zhengdayday notifications@github.com:

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/spring-projects/spring-security-kerberos/issues/140, or mute the thread https://github.com/notifications/unsubscribe-auth/AK8YUQn8A0XLWXry56Qr_V48z9ogH39mks5vYI90gaJpZM4b7cFT .

zhengdayday commented 5 years ago

/usr/lib/jvm/jdk-11.0.1/bin/java -agentlib:jdwp=transport=dt_socket,address=127.0.0.1:43145,suspend=y,server=n -XX:TieredStopAtLevel=1 -noverify -Dspring.output.ansi.enabled=always -Dcom.sun.management.jmxremote -Dcom.sun.management.jmxremote.port=37917 -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false -Djava.rmi.server.hostname=localhost -Dspring.liveBeansView.mbeanDomain -Dspring.application.admin.enabled=true -javaagent:/opt/idea-IU-182.4892.20/lib/rt/debugger-agent.jar=file:/tmp/capture.props -Dfile.encoding=UTF-8 -classpath /home/dayday/Downloads/kerberos-demo/target/classes:/home/dayday/.m2/repository/org/springframework/boot/spring-boot-starter-web/1.5.4.RELEASE/spring-boot-starter-web-1.5.4.RELEASE.jar:/home/dayday/.m2/repository/org/springframework/boot/spring-boot-starter/1.5.4.RELEASE/spring-boot-starter-1.5.4.RELEASE.jar:/home/dayday/.m2/repository/org/springframework/boot/spring-boot/1.5.4.RELEASE/spring-boot-1.5.4.RELEASE.jar:/home/dayday/.m2/repository/org/springframework/boot/spring-boot-autoconfigure/1.5.4.RELEASE/spring-boot-autoconfigure-1.5.4.RELEASE.jar:/home/dayday/.m2/repository/org/yaml/snakeyaml/1.17/snakeyaml-1.17.jar:/home/dayday/.m2/repository/org/springframework/boot/spring-boot-starter-tomcat/1.5.4.RELEASE/spring-boot-starter-tomcat-1.5.4.RELEASE.jar:/home/dayday/.m2/repository/org/apache/tomcat/embed/tomcat-embed-websocket/8.5.15/tomcat-embed-websocket-8.5.15.jar:/home/dayday/.m2/repository/org/hibernate/hibernate-validator/5.3.5.Final/hibernate-validator-5.3.5.Final.jar:/home/dayday/.m2/repository/javax/validation/validation-api/1.1.0.Final/validation-api-1.1.0.Final.jar:/home/dayday/.m2/repository/org/jboss/logging/jboss-logging/3.3.1.Final/jboss-logging-3.3.1.Final.jar:/home/dayday/.m2/repository/com/fasterxml/classmate/1.3.3/classmate-1.3.3.jar:/home/dayday/.m2/repository/com/fasterxml/jackson/core/jackson-databind/2.8.8/jackson-databind-2.8.8.jar:/home/dayday/.m2/repository/com/fasterxml/jackson/core/jackson-annotations/2.8.0/jackson-annotations-2.8.0.jar:/home/dayday/.m2/repository/com/fasterxml/jackson/core/jackson-core/2.8.8/jackson-core-2.8.8.jar:/home/dayday/.m2/repository/org/springframework/spring-web/4.3.9.RELEASE/spring-web-4.3.9.RELEASE.jar:/home/dayday/.m2/repository/org/springframework/spring-webmvc/4.3.9.RELEASE/spring-webmvc-4.3.9.RELEASE.jar:/home/dayday/.m2/repository/org/springframework/spring-expression/4.3.9.RELEASE/spring-expression-4.3.9.RELEASE.jar:/home/dayday/.m2/repository/org/springframework/boot/spring-boot-starter-security/1.5.4.RELEASE/spring-boot-starter-security-1.5.4.RELEASE.jar:/home/dayday/.m2/repository/org/springframework/spring-aop/4.3.9.RELEASE/spring-aop-4.3.9.RELEASE.jar:/home/dayday/.m2/repository/org/springframework/security/spring-security-config/4.2.3.RELEASE/spring-security-config-4.2.3.RELEASE.jar:/home/dayday/.m2/repository/org/springframework/security/spring-security-web/4.2.3.RELEASE/spring-security-web-4.2.3.RELEASE.jar:/home/dayday/.m2/repository/org/springframework/boot/spring-boot-starter-logging/1.5.4.RELEASE/spring-boot-starter-logging-1.5.4.RELEASE.jar:/home/dayday/.m2/repository/ch/qos/logback/logback-classic/1.1.11/logback-classic-1.1.11.jar:/home/dayday/.m2/repository/ch/qos/logback/logback-core/1.1.11/logback-core-1.1.11.jar:/home/dayday/.m2/repository/org/slf4j/slf4j-api/1.7.25/slf4j-api-1.7.25.jar:/home/dayday/.m2/repository/org/slf4j/jcl-over-slf4j/1.7.25/jcl-over-slf4j-1.7.25.jar:/home/dayday/.m2/repository/org/slf4j/jul-to-slf4j/1.7.25/jul-to-slf4j-1.7.25.jar:/home/dayday/.m2/repository/org/slf4j/log4j-over-slf4j/1.7.25/log4j-over-slf4j-1.7.25.jar:/home/dayday/.m2/repository/org/springframework/security/kerberos/spring-security-kerberos-core/1.0.1.RELEASE/spring-security-kerberos-core-1.0.1.RELEASE.jar:/home/dayday/.m2/repository/org/springframework/spring-core/4.3.9.RELEASE/spring-core-4.3.9.RELEASE.jar:/home/dayday/.m2/repository/commons-logging/commons-logging/1.2/commons-logging-1.2.jar:/home/dayday/.m2/repository/org/springframework/security/spring-security-core/4.2.3.RELEASE/spring-security-core-4.2.3.RELEASE.jar:/home/dayday/.m2/repository/aopalliance/aopalliance/1.0/aopalliance-1.0.jar:/home/dayday/.m2/repository/org/springframework/security/kerberos/spring-security-kerberos-client/1.0.1.RELEASE/spring-security-kerberos-client-1.0.1.RELEASE.jar:/home/dayday/.m2/repository/org/apache/httpcomponents/httpclient/4.5.3/httpclient-4.5.3.jar:/home/dayday/.m2/repository/org/apache/httpcomponents/httpcore/4.4.6/httpcore-4.4.6.jar:/home/dayday/.m2/repository/commons-codec/commons-codec/1.10/commons-codec-1.10.jar:/home/dayday/.m2/repository/org/springframework/security/kerberos/spring-security-kerberos-web/1.0.1.RELEASE/spring-security-kerberos-web-1.0.1.RELEASE.jar:/home/dayday/.m2/repository/org/springframework/security/spring-security-ldap/4.2.3.RELEASE/spring-security-ldap-4.2.3.RELEASE.jar:/home/dayday/.m2/repository/org/springframework/ldap/spring-ldap-core/2.3.1.RELEASE/spring-ldap-core-2.3.1.RELEASE.jar:/home/dayday/.m2/repository/org/springframework/spring-beans/4.3.9.RELEASE/spring-beans-4.3.9.RELEASE.jar:/home/dayday/.m2/repository/org/springframework/spring-context/4.3.9.RELEASE/spring-context-4.3.9.RELEASE.jar:/home/dayday/.m2/repository/org/springframework/spring-tx/4.3.9.RELEASE/spring-tx-4.3.9.RELEASE.jar:/home/dayday/.m2/repository/javax/servlet/jstl/1.2/jstl-1.2.jar:/home/dayday/.m2/repository/org/apache/tomcat/embed/tomcat-embed-jasper/8.5.15/tomcat-embed-jasper-8.5.15.jar:/home/dayday/.m2/repository/org/apache/tomcat/embed/tomcat-embed-core/8.5.15/tomcat-embed-core-8.5.15.jar:/home/dayday/.m2/repository/org/apache/tomcat/embed/tomcat-embed-el/8.5.15/tomcat-embed-el-8.5.15.jar:/home/dayday/.m2/repository/org/eclipse/jdt/ecj/3.12.3/ecj-3.12.3.jar:/home/dayday/.m2/repository/org/springframework/boot/spring-boot-starter-test/1.5.4.RELEASE/spring-boot-starter-test-1.5.4.RELEASE.jar:/home/dayday/.m2/repository/org/springframework/boot/spring-boot-test/1.5.4.RELEASE/spring-boot-test-1.5.4.RELEASE.jar:/home/dayday/.m2/repository/org/springframework/boot/spring-boot-test-autoconfigure/1.5.4.RELEASE/spring-boot-test-autoconfigure-1.5.4.RELEASE.jar:/home/dayday/.m2/repository/com/jayway/jsonpath/json-path/2.2.0/json-path-2.2.0.jar:/home/dayday/.m2/repository/net/minidev/json-smart/2.2.1/json-smart-2.2.1.jar:/home/dayday/.m2/repository/net/minidev/accessors-smart/1.1/accessors-smart-1.1.jar:/home/dayday/.m2/repository/org/ow2/asm/asm/5.0.3/asm-5.0.3.jar:/home/dayday/.m2/repository/org/assertj/assertj-core/2.6.0/assertj-core-2.6.0.jar:/home/dayday/.m2/repository/org/mockito/mockito-core/1.10.19/mockito-core-1.10.19.jar:/home/dayday/.m2/repository/org/objenesis/objenesis/2.1/objenesis-2.1.jar:/home/dayday/.m2/repository/org/hamcrest/hamcrest-core/1.3/hamcrest-core-1.3.jar:/home/dayday/.m2/repository/org/hamcrest/hamcrest-library/1.3/hamcrest-library-1.3.jar:/home/dayday/.m2/repository/org/skyscreamer/jsonassert/1.4.0/jsonassert-1.4.0.jar:/home/dayday/.m2/repository/com/vaadin/external/google/android-json/0.0.20131108.vaadin1/android-json-0.0.20131108.vaadin1.jar:/home/dayday/.m2/repository/org/springframework/spring-test/4.3.9.RELEASE/spring-test-4.3.9.RELEASE.jar:/home/dayday/.m2/repository/junit/junit/4.12/junit-4.12.jar:/opt/idea-IU-182.4892.20/lib/idea_rt.jar com.findwise.kerberos.App Connected to the target VM, address: '127.0.0.1:43145', transport: 'socket'

. _ _ /\ / '_ () \ \ \ \ ( ( )\ | ' | '| | ' \/ ` | \ \ \ \ \/ _)| |)| | | | | || (| | ) ) ) ) ' |__| .|| ||| |\, | / / / / =========|_|==============|__/=//// :: Spring Boot :: (v1.5.4.RELEASE)

2019-03-19 16:05:55,432 [ INFO ] c.f.kerberos.App : Starting App on dayday-All-Series with PID 28836 (/home/dayday/Downloads/kerberos-demo/target/classes started by dayday in /home/dayday/Downloads/kerberos-demo) 2019-03-19 16:05:55,433 [ INFO ] c.f.kerberos.App : No active profile set, falling back to default profiles: default 2019-03-19 16:05:55,502 [ INFO ] o.s.b.c.e.AnnotationConfigEmbeddedWebApplicationContext : Refreshing org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext@3243b914: startup date [Tue Mar 19 16:05:55 CST 2019]; root of context hierarchy 2019-03-19 16:05:55,708 [ INFO ] o.h.v.i.u.Version : HV000001: Hibernate Validator 5.3.5.Final WARNING: An illegal reflective access operation has occurred WARNING: Illegal reflective access by org.springframework.cglib.core.ReflectUtils$1 (file:/home/dayday/.m2/repository/org/springframework/spring-core/4.3.9.RELEASE/spring-core-4.3.9.RELEASE.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int,java.security.ProtectionDomain) WARNING: Please consider reporting this to the maintainers of org.springframework.cglib.core.ReflectUtils$1 WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations WARNING: All illegal access operations will be denied in a future release 2019-03-19 16:05:56,351 [ INFO ] o.s.c.s.PostProcessorRegistrationDelegate$BeanPostProcessorChecker : Bean 'kerberosGlobalConfig' of type [com.findwise.kerberos.config.KerberosGlobalConfig$$EnhancerBySpringCGLIB$$78a29934] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying) 2019-03-19 16:05:56,592 [ INFO ] o.s.b.c.e.t.TomcatEmbeddedServletContainer : Tomcat initialized with port(s): 8080 (http) 2019-03-19 16:05:56,603 [ INFO ] o.a.c.c.StandardService : Starting service [Tomcat] 2019-03-19 16:05:56,604 [ INFO ] o.a.c.c.StandardEngine : Starting Servlet Engine: Apache Tomcat/8.5.15 2019-03-19 16:05:56,665 [ INFO ] o.a.c.c.C.[.[.[/] : Initializing Spring embedded WebApplicationContext 2019-03-19 16:05:56,665 [ INFO ] o.s.w.c.ContextLoader : Root WebApplicationContext: initialization completed in 1175 ms 2019-03-19 16:05:56,845 [ INFO ] o.s.s.k.c.l.KerberosLdapContextSource : URL 'ldap://adserver.dev.local/', root DN is '' 2019-03-19 16:05:56,858 [ INFO ] o.s.l.c.s.AbstractContextSource : Property 'userDn' not set - anonymous context will be used for read-write operations Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt true ticketCache is null isInitiator false KeyTab is /home/dayday/Downloads/kerberos-demo/e:%5Csvc_user.keytab refreshKrb5Config is false principal is HTTP/server.dev.local@DEV.LOCAL tryFirstPass is false useFirstPass is false storePass is false clearPass is false principal is HTTP/server.dev.local@DEV.LOCAL Will use keytab Commit Succeeded

2019-03-19 16:05:56,941 [ INFO ] o.s.b.w.s.FilterRegistrationBean : Mapping filter: 'characterEncodingFilter' to: [/] 2019-03-19 16:05:56,941 [ INFO ] o.s.b.w.s.FilterRegistrationBean : Mapping filter: 'hiddenHttpMethodFilter' to: [/] 2019-03-19 16:05:56,941 [ INFO ] o.s.b.w.s.FilterRegistrationBean : Mapping filter: 'httpPutFormContentFilter' to: [/] 2019-03-19 16:05:56,941 [ INFO ] o.s.b.w.s.FilterRegistrationBean : Mapping filter: 'requestContextFilter' to: [/] 2019-03-19 16:05:56,942 [ INFO ] o.s.b.w.s.DelegatingFilterProxyRegistrationBean : Mapping filter: 'springSecurityFilterChain' to: [/] 2019-03-19 16:05:56,942 [ INFO ] o.s.b.w.s.FilterRegistrationBean : Mapping filter: 'localhostAuthFilter' to: [/] 2019-03-19 16:05:56,942 [ INFO ] o.s.b.w.s.FilterRegistrationBean : Mapping filter: 'spnegoAuthenticationProcessingFilter' to: [/*] 2019-03-19 16:05:56,942 [ INFO ] o.s.b.w.s.ServletRegistrationBean : Mapping servlet: 'dispatcherServlet' to [/] 2019-03-19 16:05:57,086 [ INFO ] o.s.s.w.DefaultSecurityFilterChain : Creating filter chain: org.springframework.security.web.util.matcher.AnyRequestMatcher@1, [org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@37ad042b, org.springframework.security.web.context.SecurityContextPersistenceFilter@2f4ba1ae, org.springframework.security.web.header.HeaderWriterFilter@7a45d714, org.springframework.security.web.csrf.CsrfFilter@c017175, org.springframework.security.web.authentication.logout.LogoutFilter@516462cc, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@3003827c, com.findwise.kerberos.localhost.LocalhostAuthFilter@667fa9ab, org.springframework.security.kerberos.web.authentication.SpnegoAuthenticationProcessingFilter@46cdbcc8, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@77ab22be, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@2ae62bb6, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@43bdaa1b, org.springframework.security.web.session.SessionManagementFilter@204abeff, org.springframework.security.web.access.ExceptionTranslationFilter@63d5874f, org.springframework.security.web.access.intercept.FilterSecurityInterceptor@6e3ecf5c] 2019-03-19 16:05:57,222 [ INFO ] o.s.w.s.m.m.a.RequestMappingHandlerAdapter : Looking for @ControllerAdvice: org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext@3243b914: startup date [Tue Mar 19 16:05:55 CST 2019]; root of context hierarchy 2019-03-19 16:05:57,287 [ INFO ] o.s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/]}" onto public java.lang.String com.findwise.kerberos.controller.ProtectedResourceController.home() 2019-03-19 16:05:57,288 [ INFO ] o.s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/protected]}" onto public java.lang.String com.findwise.kerberos.controller.ProtectedResourceController.protectedPage(org.springframework.ui.Model) 2019-03-19 16:05:57,289 [ INFO ] o.s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/login]}" onto public java.lang.String com.findwise.kerberos.controller.ProtectedResourceController.helloWorld(org.springframework.ui.Model) 2019-03-19 16:05:57,291 [ INFO ] o.s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/error]}" onto public org.springframework.http.ResponseEntity<java.util.Map<java.lang.String, java.lang.Object>> org.springframework.boot.autoconfigure.web.BasicErrorController.error(javax.servlet.http.HttpServletRequest) 2019-03-19 16:05:57,292 [ INFO ] o.s.w.s.m.m.a.RequestMappingHandlerMapping : Mapped "{[/error],produces=[text/html]}" onto public org.springframework.web.servlet.ModelAndView org.springframework.boot.autoconfigure.web.BasicErrorController.errorHtml(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse) 2019-03-19 16:05:57,314 [ INFO ] o.s.w.s.h.SimpleUrlHandlerMapping : Mapped URL path [/webjars/] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler] 2019-03-19 16:05:57,314 [ INFO ] o.s.w.s.h.SimpleUrlHandlerMapping : Mapped URL path [/] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler] 2019-03-19 16:05:57,341 [ INFO ] o.s.w.s.h.SimpleUrlHandlerMapping : Mapped URL path [/**/favicon.ico] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler] 2019-03-19 16:05:57,513 [ INFO ] o.s.j.e.a.AnnotationMBeanExporter : Registering beans for JMX exposure on startup 2019-03-19 16:05:57,527 [ INFO ] o.a.c.h.Http11NioProtocol : Initializing ProtocolHandler ["http-nio-8080"] 2019-03-19 16:05:57,543 [ INFO ] o.a.c.h.Http11NioProtocol : Starting ProtocolHandler ["http-nio-8080"] 2019-03-19 16:05:57,547 [ INFO ] o.a.t.u.n.NioSelectorPool : Using a shared selector for servlet write/read 2019-03-19 16:05:57,568 [ INFO ] o.s.b.c.e.t.TomcatEmbeddedServletContainer : Tomcat started on port(s): 8080 (http) 2019-03-19 16:05:57,573 [ INFO ] c.f.kerberos.App : Started App in 2.364 seconds (JVM running for 3.301) 2019-03-19 16:05:57,573 [ INFO ] c.f.kerberos.App : Application startup completed 2019-03-19 16:06:16,397 [ INFO ] o.a.c.c.C.[.[.[/] : Initializing Spring FrameworkServlet 'dispatcherServlet' 2019-03-19 16:06:16,397 [ INFO ] o.s.w.s.DispatcherServlet : FrameworkServlet 'dispatcherServlet': initialization started 2019-03-19 16:06:16,406 [ INFO ] o.s.w.s.DispatcherServlet : FrameworkServlet 'dispatcherServlet': initialization completed in 9 ms 2019-03-19 16:06:16,415 [ INFO ] c.f.k.l.LocalhostAuthFilter : Request is local Debug is true storeKey true useTicketCache true useKeyTab true doNotPrompt true ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is false principal is HTTP/server.dev.local@DEV.LOCAL tryFirstPass is false useFirstPass is false storePass is false clearPass is false Acquire TGT from Cache

KinitOptions cache name is /tmp/krb5cc_1000 Principal is HTTP/server.dev.local@DEV.LOCAL null credentials from Ticket Cache Java config name: $PATH_TO_GLOBAL_KERBEROS_CONF_FILE Loaded from Java config Looking for keys for: HTTP/server.dev.local@DEV.LOCAL Key for the principal HTTP/server.dev.local@DEV.LOCAL not available in default key tab [Krb5LoginModule] authentication failed Unable to obtain password from user

2019-03-19 16:06:16,449 [ ERROR ] o.a.c.c.C.[.[.[.[dispatcherServlet] : Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception org.springframework.ldap.AuthenticationException: Unable to obtain password from user ; nested exception is javax.naming.AuthenticationException: Unable to obtain password from user [Root exception is javax.security.auth.login.LoginException: Unable to obtain password from user ] at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:191) at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:355) at org.springframework.ldap.core.support.AbstractContextSource.doGetContext(AbstractContextSource.java:139) at org.springframework.ldap.core.support.AbstractContextSource.getReadOnlyContext(AbstractContextSource.java:158) at org.springframework.ldap.core.LdapTemplate.executeReadOnly(LdapTemplate.java:802) at org.springframework.security.ldap.SpringSecurityLdapTemplate.searchForSingleEntry(SpringSecurityLdapTemplate.java:316) at org.springframework.security.ldap.search.FilterBasedLdapUserSearch.searchForUser(FilterBasedLdapUserSearch.java:127) at org.springframework.security.ldap.userdetails.LdapUserDetailsService.loadUserByUsername(LdapUserDetailsService.java:56) at com.findwise.kerberos.localhost.LocalhostAuthProvider.authenticate(LocalhostAuthProvider.java:45) at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174) at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:199) at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$AuthenticationManagerDelegator.authenticate(WebSecurityConfigurerAdapter.java:504) at com.findwise.kerberos.localhost.LocalhostAuthFilter.doFilter(LocalhostAuthFilter.java:90) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:100) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214) at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:105) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:81) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342) at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:861) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.base/java.lang.Thread.run(Thread.java:834) Caused by: javax.naming.AuthenticationException: Unable to obtain password from user

at org.springframework.security.kerberos.client.ldap.KerberosLdapContextSource.login(KerberosLdapContextSource.java:151)
at org.springframework.security.kerberos.client.ldap.KerberosLdapContextSource.getDirContextInstance(KerberosLdapContextSource.java:110)
at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:343)
... 65 common frames omitted

Caused by: javax.security.auth.login.LoginException: Unable to obtain password from user

at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5LoginModule.java:874)
at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:737)
at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:592)
at java.base/javax.security.auth.login.LoginContext.invoke(LoginContext.java:726)
at java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:665)
at java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:663)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at java.base/javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:663)
at java.base/javax.security.auth.login.LoginContext.login(LoginContext.java:574)
at org.springframework.security.kerberos.client.ldap.KerberosLdapContextSource.login(KerberosLdapContextSource.java:147)
... 67 common frames omitted

2019-03-19 16:06:16,716 [ INFO ] c.f.k.l.LocalhostAuthFilter : Request is local Debug is true storeKey true useTicketCache true useKeyTab true doNotPrompt true ticketCache is null isInitiator true KeyTab is null refreshKrb5Config is false principal is HTTP/server.dev.local@DEV.LOCAL tryFirstPass is false useFirstPass is false storePass is false clearPass is false Acquire TGT from Cache

KinitOptions cache name is /tmp/krb5cc_1000 Principal is HTTP/server.dev.local@DEV.LOCAL null credentials from Ticket Cache Looking for keys for: HTTP/server.dev.local@DEV.LOCAL Key for the principal HTTP/server.dev.local@DEV.LOCAL not available in default key tab [Krb5LoginModule] authentication failed Unable to obtain password from user

2019-03-19 16:06:16,720 [ ERROR ] o.a.c.c.C.[.[.[.[dispatcherServlet] : Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception org.springframework.ldap.AuthenticationException: Unable to obtain password from user ; nested exception is javax.naming.AuthenticationException: Unable to obtain password from user [Root exception is javax.security.auth.login.LoginException: Unable to obtain password from user ] at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:191) at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:355) at org.springframework.ldap.core.support.AbstractContextSource.doGetContext(AbstractContextSource.java:139) at org.springframework.ldap.core.support.AbstractContextSource.getReadOnlyContext(AbstractContextSource.java:158) at org.springframework.ldap.core.LdapTemplate.executeReadOnly(LdapTemplate.java:802) at org.springframework.security.ldap.SpringSecurityLdapTemplate.searchForSingleEntry(SpringSecurityLdapTemplate.java:316) at org.springframework.security.ldap.search.FilterBasedLdapUserSearch.searchForUser(FilterBasedLdapUserSearch.java:127) at org.springframework.security.ldap.userdetails.LdapUserDetailsService.loadUserByUsername(LdapUserDetailsService.java:56) at com.findwise.kerberos.localhost.LocalhostAuthProvider.authenticate(LocalhostAuthProvider.java:45) at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:174) at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:199) at org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter$AuthenticationManagerDelegator.authenticate(WebSecurityConfigurerAdapter.java:494) at com.findwise.kerberos.localhost.LocalhostAuthFilter.doFilter(LocalhostAuthFilter.java:90) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:200) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:116) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:100) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:105) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:56) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:331) at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:214) at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:177) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:105) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:81) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:197) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:198) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:478) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:140) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:80) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:87) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:342) at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:799) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:66) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:861) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1455) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.base/java.lang.Thread.run(Thread.java:834) Caused by: javax.naming.AuthenticationException: Unable to obtain password from user

at org.springframework.security.kerberos.client.ldap.KerberosLdapContextSource.login(KerberosLdapContextSource.java:151)
at org.springframework.security.kerberos.client.ldap.KerberosLdapContextSource.getDirContextInstance(KerberosLdapContextSource.java:110)
at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:343)
... 65 common frames omitted

Caused by: javax.security.auth.login.LoginException: Unable to obtain password from user

at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5LoginModule.java:874)
at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:737)
at jdk.security.auth/com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:592)
at java.base/javax.security.auth.login.LoginContext.invoke(LoginContext.java:726)
at java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:665)
at java.base/javax.security.auth.login.LoginContext$4.run(LoginContext.java:663)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at java.base/javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:663)
at java.base/javax.security.auth.login.LoginContext.login(LoginContext.java:574)
at org.springframework.security.kerberos.client.ldap.KerberosLdapContextSource.login(KerberosLdapContextSource.java:147)
... 67 common frames omitted
GyllingSW commented 5 years ago

Caused by: javax.security.auth.login.LoginException: Unable to obtain password from user

Is a message to you, that the path to the keytab file is wrong or the service principal in the keytab file isn't matching the settings in your code configuration.

KinitOptions cache name is /tmp/krb5cc_1000
Principal is HTTP/server.dev.local@DEV.LOCAL
null credentials from Ticket Cache
Java config name: $PATH_TO_GLOBAL_KERBEROS_CONF_FILE
Loaded from Java config
Looking for keys for: HTTP/server.dev.local@DEV.LOCAL
Key for the principal HTTP/server.dev.local@DEV.LOCAL not available in default key tab
[Krb5LoginModule] authentication failed
Unable to obtain password from user

You will have to adapt to your working environment - And generate a valid keytab file.