search

spring-projects / spring-security-kerberos

Spring Security Kerberos
https://spring.io/projects/spring-security-kerberos
179 stars 222 forks source link

Request is a replay (34) #189

Closed YangChaorix closed 1 month ago

YangChaorix commented 2 months ago

environment 1.webserver:centos jdk 17 ,spring-security-kerberos:latest ,branch is main 2.ad server: server 2012R2 3.client : window10

anybody can you me? thanks

error log :::::::

2024-04-29T14:21:21.908+08:00 INFO 1892 --- [ main] o.s.s.k.c.l.KerberosLdapContextSource : Configure with URL ldap://test.md.cn/ and root DN 2024-04-29T14:21:21.916+08:00 INFO 1892 --- [ main] o.s.l.c.support.AbstractContextSource : Property 'userDn' not set - anonymous context will be used for read-write operations 2024-04-29T14:21:22.927+08:00 INFO 1892 --- [ main] o.s.s.web.DefaultSecurityFilterChain : Will secure any request with [org.springframework.security.web.session.DisableEncodeUrlFilter@2fab4aff, org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter@ec0c838, org.springframework.security.web.context.SecurityContextHolderFilter@6fa590ba, org.springframework.security.web.header.HeaderWriterFilter@37ebc9d8, org.springframework.security.web.csrf.CsrfFilter@4a3e3e8b, org.springframework.security.web.authentication.logout.LogoutFilter@f9b7332, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter@6b5176f2, org.springframework.security.kerberos.web.authentication.SpnegoAuthenticationProcessingFilter@6e46d9f4, org.springframework.security.web.savedrequest.RequestCacheAwareFilter@72e34f77, org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@389adf1d, org.springframework.security.web.authentication.AnonymousAuthenticationFilter@5cc69cfe, org.springframework.security.web.access.ExceptionTranslationFilter@32232e55, org.springframework.security.web.access.intercept.AuthorizationFilter@c65a5ef] 2024-04-29T14:21:23.813+08:00 INFO 1892 --- [ main] o.s.b.w.embedded.tomcat.TomcatWebServer : Tomcat started on port(s): 80 (http) with context path '' 2024-04-29T14:21:23.886+08:00 INFO 1892 --- [ main] demo.app.Application : Started Application in 10.195 seconds (process running for 11.737) 2024-04-29T14:21:42.601+08:00 INFO 1892 --- [p-nio-80-exec-1] o.a.c.c.C.[Tomcat].[localhost].[/] : Initializing Spring DispatcherServlet 'dispatcherServlet' 2024-04-29T14:21:42.602+08:00 INFO 1892 --- [p-nio-80-exec-1] o.s.web.servlet.DispatcherServlet : Initializing Servlet 'dispatcherServlet' 2024-04-29T14:21:42.606+08:00 INFO 1892 --- [p-nio-80-exec-1] o.s.web.servlet.DispatcherServlet : Completed initialization in 2 ms Search Subject for SPNEGO ACCEPT cred (<>, sun.security.jgss.spnego.SpNegoCredElement) Entered SpNegoContext.acceptSecContext with state=STATE_NEW SpNegoContext.acceptSecContext: receiving token = a0 82 06 00 30 82 05 fc a0 30 30 2e 06 09 2a 86 48 82 f7 12 01 02 02 06 09 2a 86 48 86 f7 12 01 02 02 06 0a 2b 06 01 04 01 82 37 02 02 1e 06 0a 2b 06 01 04 01 82 37 02 02 0a a2 82 05 c6 04 82 05 c2 60 82 05 be 06 09 2a 86 48 86 f7 12 01 02 02 01 00 6e 82 05 ad 30 82 05 a9 a0 03 02 01 05 a1 03 02 01 0e a2 07 03 05 00 20 00 00 00 a3 82 04 49 61 82 04 45 30 82 04 41 a0 03 02 01 05 a1 0c 1b 0a 54 45 53 54 2e 4d 44 2e 43 4e a2 24 30 22 a0 03 02 01 02 a1 1b 30 19 1b 04 48 54 54 50 1b 11 74 6f 6d 63 61 74 2e 74 65 73 74 2e 6d 64 2e 63 6e a3 82 04 04 30 82 04 00 a0 03 02 01 17 a1 03 02 01 03 a2 82 03 f2 04 82 03 ee 35 05 c4 fe c9 14 b9 dc a0 e7 12 a0 2b 73 5b f7 9f b5 3b e4 00 a4 0f ad f8 21 bb 2c 51 29 4c cf 4f aa 19 fe c9 56 6f 8c b0 87 0c 09 ad 58 7d 9f 82 4d f4 46 b7 9c 3d bd 5f ab 89 45 22 3b ff 65 2a 6f bc e1 aa 8a e5 c9 91 74 8f d1 be 11 de f9 a9 96 67 ae af 86 f0 0c 52 99 83 b0 4d 50 3d ca 8f b1 bf 27 72 fb 45 93 1f 8b 58 1d ce 51 e2 f0 a8 56 a5 95 ea 31 4b 42 4b 6c 87 d8 1f 9c eb 3e 01 2f 55 74 3f 4a 0c 56 86 e9 37 3e fd 77 de 5e b8 4a f9 7d 56 b0 09 e6 08 1f 6c c7 03 1e c9 a1 0a 35 88 b7 05 bc 18 a8 e9 31 f0 c0 4a 99 33 ae 1d 10 b4 e5 f8 1e ba e2 ee 78 ec 2c 76 ef f9 e5 01 a2 dc 7e 23 74 58 a1 54 8e e4 db 76 e9 a1 43 51 b1 fc 60 6f 61 30 ad 86 4a e3 ba 67 32 6c 98 f7 53 4a a3 6a db 67 2e ea a2 62 ca 2b 16 06 8c c7 92 7a 0b 1d 49 60 db 13 e0 40 c6 c0 57 24 02 3f 65 fd 94 f4 ef 5c 66 37 f2 5f c5 31 04 36 d2 be 08 da 78 62 06 bf 0a 74 1d ab 1f ff 41 5c 60 0d f3 b1 18 c2 1b 83 d8 4e b5 e3 dd d1 76 af 2a 2a 36 c2 7c c8 81 df b3 45 67 9a 88 f8 c4 7c 7b e3 82 91 e3 db ca 77 f9 6b 4f 8e 7a f1 34 42 0a 2a 8b d7 29 05 1c 9e 50 2e d7 c5 42 b4 91 6d ce 7b 49 d0 0c 7f e3 7c 95 e4 32 dd 87 9e 21 0a 43 4a 94 6f 10 0e db a7 a2 e4 13 aa 82 cc 36 6b 8b 64 b3 4b 4e 7f cb 16 b9 c5 5e 27 99 39 eb b4 a6 8d 83 58 83 f6 22 bc 4d d5 69 81 8f 4b 41 d4 1a 5d 61 70 31 61 09 ed 13 08 26 e7 34 5c bd 60 4b 52 e7 87 6b ad f3 20 88 83 9a d6 c1 98 cc 7b b5 27 82 c2 76 4f 0d 85 19 3c 97 1a ac e9 e8 d1 5e 1e 97 8c 68 fc c9 76 98 dc 26 9f a6 ed 0a 9a c7 f7 e7 29 19 d0 a7 48 e5 5a 09 82 3f 5c e0 1c e6 cc 7f cd 24 9f cc 55 40 b6 11 5f e4 bc d9 f0 c8 d0 68 4c f7 ad a1 55 26 73 1b 4e 98 67 c1 b0 fe f3 21 80 a6 ff ee fd 84 9a 82 79 c3 53 45 6f 96 76 55 ea 80 61 a6 97 3d 01 6d 9e 72 d0 79 6c 6f 2e 61 a5 8c 62 41 06 22 11 d0 d6 1b 09 c5 c1 59 60 dc c2 09 2a 38 d6 9f 3c f8 8c ed a1 55 6a 01 0a b6 70 94 c1 6e 9b 1b 86 64 3a 34 15 55 2a f9 e4 dd 61 0e 7c 11 bb 68 b8 ad 3c 58 fe 5b 11 db 7a c7 d5 87 31 21 d6 1c 8a d0 c5 9b dd 2a 5d d8 93 9d 24 3a 3c eb 14 cc 8b c5 b0 13 7f 6c 90 24 24 fd 94 3e 21 ed 2b b4 41 23 2f 48 e3 89 ff df c6 70 57 66 82 8f 98 c8 f9 a5 5b 27 1f 04 d8 78 68 ab c7 99 96 63 44 7f db ff 57 77 dd 7b 81 f7 6b b0 ee f4 a1 af c5 3d e6 04 71 13 67 ad cc f0 53 65 13 4c 5f 13 20 a9 84 26 02 4c 87 eb a1 dd b9 8f 94 da 63 a6 54 27 66 d2 e5 b2 86 0c d9 4a 5e c0 11 3c 8b 9b 7d 16 a6 95 20 0c 15 60 59 ff 58 45 2d d9 f0 3b 5d e0 93 3d cc da 5d 5a 0a 53 de 87 c4 43 99 9d 7f d9 e3 ce e9 f2 e4 ee 89 63 51 8f 78 be 80 b5 36 52 89 ce 97 ba 77 48 73 a4 0f 3a bd 05 7c 8f 61 f8 a6 56 69 27 e2 43 74 d2 f1 7c 9c 10 7f 7e ca 8d 07 e2 26 2c 69 c5 cd 36 f9 33 45 cf f9 5b be 00 18 04 5e 9d 14 46 3b f4 28 ef 64 2d 35 fe b4 b9 0d ba 29 ec 54 2f 09 b2 4f 24 a8 38 64 21 b6 6b db 81 19 01 f3 ea bb fd 13 fd 01 41 15 6f 97 1f 69 89 4b 98 b8 f2 d4 7c 02 01 37 6b b2 5d 0a 86 19 7e 45 b3 7c 8f c5 9d cc 22 51 17 5b 24 87 b9 a5 e6 4e 3b 17 0d 82 28 92 e4 d2 f1 f9 4b 66 8d 23 b5 d8 24 ec 8d a9 81 24 83 45 6e 25 9c f1 fb 10 58 16 be ef 2e 10 01 c3 29 5d 2d aa f1 07 e4 56 6a f6 e6 59 ef 81 06 fa 8f 38 b0 6a 21 eb a6 86 d0 f4 35 fd 30 a4 82 01 45 30 82 01 41 a0 03 02 01 17 a2 82 01 38 04 82 01 34 b6 48 2f 0f a4 e5 e4 16 c8 2a a8 24 b2 16 1b 6b 71 9d 6d 70 e0 26 c7 be d6 6f 4d 24 79 2f 18 66 af 0d 3d c1 80 21 eb 63 99 31 6b da 0c 2a b6 8c e8 b0 a0 86 25 58 88 2a 1c 62 8b 86 0d 27 e2 5e ba 5e ec ac 1a 82 df 6e 00 8d a5 d3 a6 b8 e0 92 cf f0 32 13 e7 6d 8f 95 35 9b 72 3e 7c 1c 48 16 89 4a fa 65 dc ab c8 5f 82 b5 42 f9 4d 63 30 03 f1 e7 c8 1e 45 11 6f c2 b8 9d c6 06 87 dc b0 a4 b5 7d 41 5b 62 d7 b1 0e 8d a7 31 93 0d fa 15 b9 fa 21 2d fb 50 d4 96 a5 bb e4 af 65 c7 4f fd 75 10 0d 6d cc 94 7f a0 34 b6 fe af c0 f1 3b 63 fb 61 cb 2c 77 2b cf 07 ee ea f3 de 86 1d 43 fe 61 4b 15 30 87 11 27 1e 5b eb d5 dd 81 98 61 76 a3 15 a0 1d f5 03 da f3 68 d7 b7 25 88 8a c9 b4 36 50 a1 81 df 50 fe 46 8e 6f b9 a7 23 eb 9d d0 99 1a 67 8a 60 85 c5 b4 95 6d 64 4a 98 c2 6b a2 95 c7 b2 d2 ce d2 6a 93 64 e7 de 80 85 91 03 d4 64 57 33 8a 93 c5 5f 59 8f 81 c4 39 85 8d c2 74 d2 a5 81 74 57 c2 d2 89 b2 de 9a c6 48 bc d4 7d eb 51 7d d5 46 SpNegoToken NegTokenInit: reading Mechanism Oid = 1.2.840.48018.1.2.2 SpNegoToken NegTokenInit: reading Mechanism Oid = 1.2.840.113554.1.2.2 SpNegoToken NegTokenInit: reading Mechanism Oid = 1.3.6.1.4.1.311.2.2.30 SpNegoToken NegTokenInit: reading Mechanism Oid = 1.3.6.1.4.1.311.2.2.10 SpNegoToken NegTokenInit: reading Mech Token SpNegoContext.acceptSecContext: received token of type = SPNEGO NegTokenInit SpNegoContext: negotiated mechanism = 1.2.840.113554.1.2.2 SpNegoContext.acceptSecContext: negotiated mech adjusted to 1.2.840.48018.1.2.2 Search Subject for Kerberos V5 ACCEPT cred (<>, sun.security.jgss.krb5.Krb5AcceptCredential) Found KeyTab /root/java/tomcat.keytab for HTTP/tomcat.test.md.cn@TEST.MD.CN Found KeyTab /root/java/tomcat.keytab for HTTP/tomcat.test.md.cn@TEST.MD.CN Entered Krb5Context.acceptSecContext with state=STATE_NEW Java config name: krb5.ini Loading krb5 profile at /root/java/krb5.ini Loaded from Java config

KeyTabInputStream, readName(): TEST.MD.CN KeyTabInputStream, readName(): HTTP KeyTabInputStream, readName(): tomcat.test.md.cn KeyTab: load() entry length: 60; type: 1 KeyTabInputStream, readName(): TEST.MD.CN KeyTabInputStream, readName(): HTTP KeyTabInputStream, readName(): tomcat.test.md.cn KeyTab: load() entry length: 60; type: 3 KeyTabInputStream, readName(): TEST.MD.CN KeyTabInputStream, readName(): HTTP KeyTabInputStream, readName(): tomcat.test.md.cn KeyTab: load() entry length: 68; type: 23 KeyTabInputStream, readName(): TEST.MD.CN KeyTabInputStream, readName(): HTTP KeyTabInputStream, readName(): tomcat.test.md.cn KeyTab: load() entry length: 84; type: 18 KeyTabInputStream, readName(): TEST.MD.CN KeyTabInputStream, readName(): HTTP KeyTabInputStream, readName(): tomcat.test.md.cn KeyTab: load() entry length: 68; type: 17 Looking for keys for: HTTP/tomcat.test.md.cn@TEST.MD.CN Added key: 17, version: 3 Added key: 18, version: 3 Added key: 23, version: 3 Added key: 3, version: 3 Added key: 1, version: 3 EType: sun.security.krb5.internal.crypto.ArcFourHmacEType Using builtin default etypes for permitted_enctypes default etypes for permitted_enctypes: 18 17 20 19 16 23 1 3. EType: sun.security.krb5.internal.crypto.ArcFourHmacEType MemoryCache: add 1714371704/000107/DD744FDBFADC7AC8E3C81B2EA815FC8090090F1A823A8821BA2F6F8715EAB4F9/peter@TEST.MD.CN to peter@TEST.MD.CN|HTTP/tomcat.test.md.cn@TEST.MD.CN KrbApReq: authenticate succeed. Krb5Context setting peerSeqNumber to: 13911130 EType: sun.security.krb5.internal.crypto.ArcFourHmacEType Krb5Context setting mySeqNumber to: 461739313 Constrained deleg from GSSCaller{UNKNOWN} SPNEGO Negotiated Mechanism = 1.2.840.113554.1.2.2 Kerberos V5 SpNegoContext.acceptSecContext: mechanism wanted = 1.2.840.48018.1.2.2 SpNegoContext.acceptSecContext: negotiated result = ACCEPT_COMPLETE SpNegoContext.acceptSecContext: sending token of type = SPNEGO NegTokenTarg SpNegoContext.acceptSecContext: sending token = a1 7e 30 7c a0 03 0a 01 00 a1 0b 06 09 2a 86 48 82 f7 12 01 02 02 a2 68 04 66 60 64 06 09 2a 86 48 86 f7 12 01 02 02 02 00 6f 55 30 53 a0 03 02 01 05 a1 03 02 01 0f a2 47 30 45 a0 03 02 01 17 a2 3e 04 3c e1 03 61 42 c8 32 7c 78 ad fc 65 c1 60 e9 b8 ed bd 4d 10 5c 09 02 34 20 19 a6 73 12 f0 2d 83 e8 cf 82 3f 9b 49 49 93 1f 85 8a 79 e3 56 ee 74 ae 63 97 60 64 e4 52 09 a5 5b 4b 20 d3 Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt true ticketCache is null isInitiator true KeyTab is /root/java/tomcat.keytab refreshKrb5Config is false principal is HTTP/tomcat.test.md.cn@TEST.MD.CN tryFirstPass is false useFirstPass is false storePass is false clearPass is false Looking for keys for: HTTP/tomcat.test.md.cn@TEST.MD.CN Added key: 17, version: 3 Added key: 18, version: 3 Added key: 23, version: 3 Added key: 3, version: 3 Added key: 1, version: 3 KdcAccessibility: reset Looking for keys for: HTTP/tomcat.test.md.cn@TEST.MD.CN Added key: 17, version: 3 Added key: 18, version: 3 Added key: 23, version: 3 Added key: 3, version: 3 Added key: 1, version: 3 default etypes for default_tkt_enctypes: 23. KrbAsReq creating message KrbKdcReq send: kdc=TEST.MD.CN UDP:88, timeout=30000, number of retries =3, #bytes=150 KDCCommunication: kdc=TEST.MD.CN UDP:88, timeout=30000,Attempt =1, #bytes=150 KrbKdcReq send: #bytes read=177 Pre-Authentication Data: PA-DATA type = 11 PA-ETYPE-INFO etype = 23, salt =

Pre-Authentication Data: PA-DATA type = 19 PA-ETYPE-INFO2 etype = 23, salt = null, s2kparams = null

Pre-Authentication Data: PA-DATA type = 2 PA-ENC-TIMESTAMP Pre-Authentication Data: PA-DATA type = 16

Pre-Authentication Data: PA-DATA type = 15

KdcAccessibility: remove TEST.MD.CN KDCRep: init() encoding tag is 126 req type is 11 KRBError: sTime is Mon Apr 29 14:21:45 CST 2024 1714371705000 suSec is 422461 error code is 25 error Message is Additional pre-authentication required sname is krbtgt/TEST.MD.CN@TEST.MD.CN eData provided. msgType is 30 Pre-Authentication Data: PA-DATA type = 11 PA-ETYPE-INFO etype = 23, salt =

Pre-Authentication Data: PA-DATA type = 19 PA-ETYPE-INFO2 etype = 23, salt = null, s2kparams = null

Pre-Authentication Data: PA-DATA type = 2 PA-ENC-TIMESTAMP Pre-Authentication Data: PA-DATA type = 16

Pre-Authentication Data: PA-DATA type = 15

KrbAsReqBuilder: PREAUTH FAILED/REQ, re-send AS-REQ default etypes for default_tkt_enctypes: 23. Looking for keys for: HTTP/tomcat.test.md.cn@TEST.MD.CN Added key: 17, version: 3 Added key: 18, version: 3 Added key: 23, version: 3 Added key: 3, version: 3 Added key: 1, version: 3 Looking for keys for: HTTP/tomcat.test.md.cn@TEST.MD.CN Added key: 17, version: 3 Added key: 18, version: 3 Added key: 23, version: 3 Added key: 3, version: 3 Added key: 1, version: 3 default etypes for default_tkt_enctypes: 23.

EType: sun.security.krb5.internal.crypto.ArcFourHmacEType KrbAsReq creating message KrbKdcReq send: kdc=TEST.MD.CN UDP:88, timeout=30000, number of retries =3, #bytes=233 KDCCommunication: kdc=TEST.MD.CN UDP:88, timeout=30000,Attempt =1, #bytes=233 KrbKdcReq send: #bytes read=1414 KdcAccessibility: remove TEST.MD.CN Looking for keys for: HTTP/tomcat.test.md.cn@TEST.MD.CN Added key: 17, version: 3 Added key: 18, version: 3 Added key: 23, version: 3 Added key: 3, version: 3 Added key: 1, version: 3 EType: sun.security.krb5.internal.crypto.ArcFourHmacEType KrbAsRep cons in KrbAsReq.getReply HTTP/tomcat.test.md.cn principal is HTTP/tomcat.test.md.cn@TEST.MD.CN Will use keytab Commit Succeeded

Search Subject for Kerberos V5 INIT cred (<>, sun.security.jgss.krb5.Krb5InitCredential) Found ticket for HTTP/tomcat.test.md.cn@TEST.MD.CN to go to krbtgt/TEST.MD.CN@TEST.MD.CN expiring on Tue Apr 30 00:21:45 CST 2024 Entered Krb5Context.initSecContext with state=STATE_NEW Found ticket for HTTP/tomcat.test.md.cn@TEST.MD.CN to go to krbtgt/TEST.MD.CN@TEST.MD.CN expiring on Tue Apr 30 00:21:45 CST 2024 Service ticket not found in the subject

Credentials serviceCredsSingle: same realm default etypes for default_tgs_enctypes: 23. EType: sun.security.krb5.internal.crypto.ArcFourHmacEType CksumType: sun.security.krb5.internal.crypto.HmacMd5ArcFourCksumType EType: sun.security.krb5.internal.crypto.ArcFourHmacEType KrbKdcReq send: kdc=TEST.MD.CN UDP:88, timeout=30000, number of retries =3, #bytes=1413 KDCCommunication: kdc=TEST.MD.CN UDP:88, timeout=30000,Attempt =1, #bytes=1413 KrbKdcReq send: #bytes read=90 KdcAccessibility: remove TEST.MD.CN KDCRep: init() encoding tag is 126 req type is 13 KRBError: sTime is Mon Apr 29 14:21:45 CST 2024 1714371705000 suSec is 609641 error code is 7 error Message is Server not found in Kerberos database sname is ldap/test.md.cn@TEST.MD.CN msgType is 30 Credentials serviceCredsSingle: same realm default etypes for default_tgs_enctypes: 23. EType: sun.security.krb5.internal.crypto.ArcFourHmacEType CksumType: sun.security.krb5.internal.crypto.HmacMd5ArcFourCksumType EType: sun.security.krb5.internal.crypto.ArcFourHmacEType KrbKdcReq send: kdc=TEST.MD.CN UDP:88, timeout=30000, number of retries =3, #bytes=1413 KDCCommunication: kdc=TEST.MD.CN UDP:88, timeout=30000,Attempt =1, #bytes=1413 KrbKdcReq send: #bytes read=90 KdcAccessibility: remove TEST.MD.CN KDCRep: init() encoding tag is 126 req type is 13 KRBError: sTime is Mon Apr 29 14:21:45 CST 2024 1714371705000 suSec is 609641 error code is 7 error Message is Server not found in Kerberos database sname is ldap/test.md.cn@TEST.MD.CN msgType is 30 KrbException: Server not found in Kerberos database (7) at java.security.jgss/sun.security.krb5.KrbTgsRep.(KrbTgsRep.java:69) at java.security.jgss/sun.security.krb5.KrbTgsReq.getReply(KrbTgsReq.java:224) at java.security.jgss/sun.security.krb5.KrbTgsReq.sendAndGetCreds(KrbTgsReq.java:235) at java.security.jgss/sun.security.krb5.internal.CredentialsUtil.serviceCredsSingle(CredentialsUtil.java:477) at java.security.jgss/sun.security.krb5.internal.CredentialsUtil.serviceCreds(CredentialsUtil.java:340) at java.security.jgss/sun.security.krb5.internal.CredentialsUtil.serviceCreds(CredentialsUtil.java:314) at java.security.jgss/sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(CredentialsUtil.java:169) at java.security.jgss/sun.security.krb5.Credentials.acquireServiceCreds(Credentials.java:493) at java.security.jgss/sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:700) at java.security.jgss/sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:266) at java.security.jgss/sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:196) at jdk.security.jgss/com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:209) at java.naming/com.sun.jndi.ldap.sasl.LdapSasl.saslBind(LdapSasl.java:172) at java.naming/com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:236) at java.naming/com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2896) at java.naming/com.sun.jndi.ldap.LdapCtx.(LdapCtx.java:348) at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxFromUrl(LdapCtxFactory.java:225) at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:189) at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:243) at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154) at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84) at java.naming/javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:732) at java.naming/javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:305) at java.naming/javax.naming.InitialContext.init(InitialContext.java:236) at java.naming/javax.naming.ldap.InitialLdapContext.(InitialLdapContext.java:154) at org.springframework.ldap.core.support.LdapContextSource.getDirContextInstance(LdapContextSource.java:44) at org.springframework.security.kerberos.client.ldap.KerberosLdapContextSource.access$001(KerberosLdapContextSource.java:66) at org.springframework.security.kerberos.client.ldap.KerberosLdapContextSource$1.run(KerberosLdapContextSource.java:118) at org.springframework.security.kerberos.client.ldap.KerberosLdapContextSource$1.run(KerberosLdapContextSource.java:113) at java.base/java.security.AccessController.doPrivileged(AccessController.java:399) at java.base/javax.security.auth.Subject.doAs(Subject.java:376) at org.springframework.security.kerberos.client.ldap.KerberosLdapContextSource.getDirContextInstance(KerberosLdapContextSource.java:113) at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:350) at org.springframework.ldap.core.support.AbstractContextSource.getReadOnlyContext(AbstractContextSource.java:172) at org.springframework.ldap.core.LdapTemplate.executeReadOnly(LdapTemplate.java:796) at org.springframework.security.ldap.SpringSecurityLdapTemplate.searchForSingleEntry(SpringSecurityLdapTemplate.java:260) at org.springframework.security.ldap.search.FilterBasedLdapUserSearch.searchForUser(FilterBasedLdapUserSearch.java:100) at org.springframework.security.ldap.userdetails.LdapUserDetailsService.loadUserByUsername(LdapUserDetailsService.java:59) at org.springframework.security.kerberos.authentication.KerberosServiceAuthenticationProvider.authenticate(KerberosServiceAuthenticationProvider.java:67) at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:182) at org.springframework.security.kerberos.web.authentication.SpnegoAuthenticationProcessingFilter.doFilter(SpnegoAuthenticationProcessingFilter.java:153) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:227) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:221) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:107) at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:93) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:117) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:90) at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:75) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) at org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:82) at org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:69) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) at org.springframework.security.web.session.DisableEncodeUrlFilter.doFilterInternal(DisableEncodeUrlFilter.java:42) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:233) at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:191) at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:352) at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:268) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:166) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:482) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:115) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:341) at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:390) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:894) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1741) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52) at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.base/java.lang.Thread.run(Thread.java:842) Caused by: KrbException: Identifier doesn't match expected value (906) at java.security.jgss/sun.security.krb5.internal.KDCRep.init(KDCRep.java:140) at java.security.jgss/sun.security.krb5.internal.TGSRep.init(TGSRep.java:65) at java.security.jgss/sun.security.krb5.internal.TGSRep.(TGSRep.java:60) at java.security.jgss/sun.security.krb5.KrbTgsRep.(KrbTgsRep.java:54) ... 97 more 2024-04-29T14:21:45.299+08:00 ERROR 1892 --- [p-nio-80-exec-2] o.a.c.c.C.[.[.[/].[dispatcherServlet] : Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception

org.springframework.ldap.AuthenticationException: GSSAPI at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:193) ~[spring-ldap-core-3.1.0.jar!/:3.1.0] at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:362) ~[spring-ldap-core-3.1.0.jar!/:3.1.0] at org.springframework.ldap.core.support.AbstractContextSource.getReadOnlyContext(AbstractContextSource.java:172) ~[spring-ldap-core-3.1.0.jar!/:3.1.0] at org.springframework.ldap.core.LdapTemplate.executeReadOnly(LdapTemplate.java:796) ~[spring-ldap-core-3.1.0.jar!/:3.1.0] at org.springframework.security.ldap.SpringSecurityLdapTemplate.searchForSingleEntry(SpringSecurityLdapTemplate.java:260) ~[spring-security-ldap-6.1.0.jar!/:6.1.0] at org.springframework.security.ldap.search.FilterBasedLdapUserSearch.searchForUser(FilterBasedLdapUserSearch.java:100) ~[spring-security-ldap-6.1.0.jar!/:6.1.0] at org.springframework.security.ldap.userdetails.LdapUserDetailsService.loadUserByUsername(LdapUserDetailsService.java:59) ~[spring-security-ldap-6.1.0.jar!/:6.1.0] at org.springframework.security.kerberos.authentication.KerberosServiceAuthenticationProvider.authenticate(KerberosServiceAuthenticationProvider.java:67) ~[spring-security-kerberos-core-2.0.1-SNAPSHOT.jar!/:2.0.1-SNAPSHOT] at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:182) ~[spring-security-core-6.1.0.jar!/:6.1.0] at org.springframework.security.kerberos.web.authentication.SpnegoAuthenticationProcessingFilter.doFilter(SpnegoAuthenticationProcessingFilter.java:153) ~[spring-security-kerberos-web-2.0.1-SNAPSHOT.jar!/:2.0.1-SNAPSHOT] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar!/:6.1.0] at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:227) ~[spring-security-web-6.1.0.jar!/:6.1.0] at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:221) ~[spring-security-web-6.1.0.jar!/:6.1.0] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar!/:6.1.0] at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:107) ~[spring-security-web-6.1.0.jar!/:6.1.0] at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:93) ~[spring-security-web-6.1.0.jar!/:6.1.0] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar!/:6.1.0] at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:117) ~[spring-security-web-6.1.0.jar!/:6.1.0] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.0.9.jar!/:6.0.9] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar!/:6.1.0] at org.springframework.security.web.header.HeaderWriterFilter.doHeadersAfter(HeaderWriterFilter.java:90) ~[spring-security-web-6.1.0.jar!/:6.1.0] at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:75) ~[spring-security-web-6.1.0.jar!/:6.1.0] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.0.9.jar!/:6.0.9] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar!/:6.1.0] at org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:82) ~[spring-security-web-6.1.0.jar!/:6.1.0] at org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:69) ~[spring-security-web-6.1.0.jar!/:6.1.0] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar!/:6.1.0] at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:62) ~[spring-security-web-6.1.0.jar!/:6.1.0] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.0.9.jar!/:6.0.9] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar!/:6.1.0] at org.springframework.security.web.session.DisableEncodeUrlFilter.doFilterInternal(DisableEncodeUrlFilter.java:42) ~[spring-security-web-6.1.0.jar!/:6.1.0] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.0.9.jar!/:6.0.9] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar!/:6.1.0] at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:233) ~[spring-security-web-6.1.0.jar!/:6.1.0] at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:191) ~[spring-security-web-6.1.0.jar!/:6.1.0] at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:352) ~[spring-web-6.0.9.jar!/:6.0.9] at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:268) ~[spring-web-6.0.9.jar!/:6.0.9] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[tomcat-embed-core-10.1.8.jar!/:na] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[tomcat-embed-core-10.1.8.jar!/:na] at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) ~[spring-web-6.0.9.jar!/:6.0.9] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.0.9.jar!/:6.0.9] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[tomcat-embed-core-10.1.8.jar!/:na] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[tomcat-embed-core-10.1.8.jar!/:na] at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) ~[spring-web-6.0.9.jar!/:6.0.9] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.0.9.jar!/:6.0.9] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[tomcat-embed-core-10.1.8.jar!/:na] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[tomcat-embed-core-10.1.8.jar!/:na] at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) ~[spring-web-6.0.9.jar!/:6.0.9] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.0.9.jar!/:6.0.9] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[tomcat-embed-core-10.1.8.jar!/:na] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[tomcat-embed-core-10.1.8.jar!/:na] at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:166) ~[tomcat-embed-core-10.1.8.jar!/:na] at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90) ~[tomcat-embed-core-10.1.8.jar!/:na] at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:482) ~[tomcat-embed-core-10.1.8.jar!/:na] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:115) ~[tomcat-embed-core-10.1.8.jar!/:na] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93) ~[tomcat-embed-core-10.1.8.jar!/:na] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) ~[tomcat-embed-core-10.1.8.jar!/:na] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:341) ~[tomcat-embed-core-10.1.8.jar!/:na] at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:390) ~[tomcat-embed-core-10.1.8.jar!/:na] at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63) ~[tomcat-embed-core-10.1.8.jar!/:na] at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:894) ~[tomcat-embed-core-10.1.8.jar!/:na] at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1741) ~[tomcat-embed-core-10.1.8.jar!/:na] at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52) ~[tomcat-embed-core-10.1.8.jar!/:na] at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) ~[tomcat-embed-core-10.1.8.jar!/:na] at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) ~[tomcat-embed-core-10.1.8.jar!/:na] at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-embed-core-10.1.8.jar!/:na] at java.base/java.lang.Thread.run(Thread.java:842) ~[na:na] Caused by: javax.naming.AuthenticationException: GSSAPI at java.naming/com.sun.jndi.ldap.sasl.LdapSasl.saslBind(LdapSasl.java:216) ~[na:na] at java.naming/com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:236) ~[na:na] at java.naming/com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2896) ~[na:na] at java.naming/com.sun.jndi.ldap.LdapCtx.(LdapCtx.java:348) ~[na:na] at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxFromUrl(LdapCtxFactory.java:225) ~[na:na] at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:189) ~[na:na] at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:243) ~[na:na] at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154) ~[na:na] at java.naming/com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84) ~[na:na] at java.naming/javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:732) ~[na:na] at java.naming/javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:305) ~[na:na] at java.naming/javax.naming.InitialContext.init(InitialContext.java:236) ~[na:na] at java.naming/javax.naming.ldap.InitialLdapContext.(InitialLdapContext.java:154) ~[na:na] at org.springframework.ldap.core.support.LdapContextSource.getDirContextInstance(LdapContextSource.java:44) ~[spring-ldap-core-3.1.0.jar!/:3.1.0] at org.springframework.security.kerberos.client.ldap.KerberosLdapContextSource.access$001(KerberosLdapContextSource.java:66) ~[spring-security-kerberos-client-2.0.1-SNAPSHOT.jar!/:2.0.1-SNAPSHOT] at org.springframework.security.kerberos.client.ldap.KerberosLdapContextSource$1.run(KerberosLdapContextSource.java:118) ~[spring-security-kerberos-client-2.0.1-SNAPSHOT.jar!/:2.0.1-SNAPSHOT] at org.springframework.security.kerberos.client.ldap.KerberosLdapContextSource$1.run(KerberosLdapContextSource.java:113) ~[spring-security-kerberos-client-2.0.1-SNAPSHOT.jar!/:2.0.1-SNAPSHOT] at java.base/java.security.AccessController.doPrivileged(AccessController.java:399) ~[na:na] at java.base/javax.security.auth.Subject.doAs(Subject.java:376) ~[na:na] at org.springframework.security.kerberos.client.ldap.KerberosLdapContextSource.getDirContextInstance(KerberosLdapContextSource.java:113) ~[spring-security-kerberos-client-2.0.1-SNAPSHOT.jar!/:2.0.1-SNAPSHOT] at org.springframework.ldap.core.support.AbstractContextSource.createContext(AbstractContextSource.java:350) ~[spring-ldap-core-3.1.0.jar!/:3.1.0] ... 65 common frames omitted Caused by: javax.security.sasl.SaslException: GSS initiate failed at jdk.security.jgss/com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:228) ~[jdk.security.jgss:na] at java.naming/com.sun.jndi.ldap.sasl.LdapSasl.saslBind(LdapSasl.java:172) ~[na:na] ... 85 common frames omitted Caused by: org.ietf.jgss.GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7)) at java.security.jgss/sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:778) ~[java.security.jgss:na] at java.security.jgss/sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:266) ~[java.security.jgss:na] at java.security.jgss/sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:196) ~[java.security.jgss:na] at jdk.security.jgss/com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:209) ~[jdk.security.jgss:na] ... 86 common frames omitted Caused by: sun.security.krb5.KrbException: Server not found in Kerberos database (7) at java.security.jgss/sun.security.krb5.KrbTgsRep.(KrbTgsRep.java:69) ~[java.security.jgss:na] at java.security.jgss/sun.security.krb5.KrbTgsReq.getReply(KrbTgsReq.java:224) ~[java.security.jgss:na] at java.security.jgss/sun.security.krb5.KrbTgsReq.sendAndGetCreds(KrbTgsReq.java:235) ~[java.security.jgss:na] at java.security.jgss/sun.security.krb5.internal.CredentialsUtil.serviceCredsSingle(CredentialsUtil.java:477) ~[java.security.jgss:na] at java.security.jgss/sun.security.krb5.internal.CredentialsUtil.serviceCreds(CredentialsUtil.java:340) ~[java.security.jgss:na] at java.security.jgss/sun.security.krb5.internal.CredentialsUtil.serviceCreds(CredentialsUtil.java:314) ~[java.security.jgss:na] at java.security.jgss/sun.security.krb5.internal.CredentialsUtil.acquireServiceCreds(CredentialsUtil.java:169) ~[java.security.jgss:na] at java.security.jgss/sun.security.krb5.Credentials.acquireServiceCreds(Credentials.java:493) ~[java.security.jgss:na] at java.security.jgss/sun.security.jgss.krb5.Krb5Context.initSecContext(Krb5Context.java:700) ~[java.security.jgss:na] ... 89 common frames omitted Caused by: sun.security.krb5.Asn1Exception: Identifier doesn't match expected value (906) at java.security.jgss/sun.security.krb5.internal.KDCRep.init(KDCRep.java:140) ~[java.security.jgss:na] at java.security.jgss/sun.security.krb5.internal.TGSRep.init(TGSRep.java:65) ~[java.security.jgss:na] at java.security.jgss/sun.security.krb5.internal.TGSRep.(TGSRep.java:60) ~[java.security.jgss:na] at java.security.jgss/sun.security.krb5.KrbTgsRep.(KrbTgsRep.java:54) ~[java.security.jgss:na] ... 97 common frames omitted

Search Subject for SPNEGO ACCEPT cred (<>, sun.security.jgss.spnego.SpNegoCredElement) Entered SpNegoContext.acceptSecContext with state=STATE_NEW SpNegoContext.acceptSecContext: receiving token = a0 82 06 00 30 82 05 fc a0 30 30 2e 06 09 2a 86 48 82 f7 12 01 02 02 06 09 2a 86 48 86 f7 12 01 02 02 06 0a 2b 06 01 04 01 82 37 02 02 1e 06 0a 2b 06 01 04 01 82 37 02 02 0a a2 82 05 c6 04 82 05 c2 60 82 05 be 06 09 2a 86 48 86 f7 12 01 02 02 01 00 6e 82 05 ad 30 82 05 a9 a0 03 02 01 05 a1 03 02 01 0e a2 07 03 05 00 20 00 00 00 a3 82 04 49 61 82 04 45 30 82 04 41 a0 03 02 01 05 a1 0c 1b 0a 54 45 53 54 2e 4d 44 2e 43 4e a2 24 30 22 a0 03 02 01 02 a1 1b 30 19 1b 04 48 54 54 50 1b 11 74 6f 6d 63 61 74 2e 74 65 73 74 2e 6d 64 2e 63 6e a3 82 04 04 30 82 04 00 a0 03 02 01 17 a1 03 02 01 03 a2 82 03 f2 04 82 03 ee 35 05 c4 fe c9 14 b9 dc a0 e7 12 a0 2b 73 5b f7 9f b5 3b e4 00 a4 0f ad f8 21 bb 2c 51 29 4c cf 4f aa 19 fe c9 56 6f 8c b0 87 0c 09 ad 58 7d 9f 82 4d f4 46 b7 9c 3d bd 5f ab 89 45 22 3b ff 65 2a 6f bc e1 aa 8a e5 c9 91 74 8f d1 be 11 de f9 a9 96 67 ae af 86 f0 0c 52 99 83 b0 4d 50 3d ca 8f b1 bf 27 72 fb 45 93 1f 8b 58 1d ce 51 e2 f0 a8 56 a5 95 ea 31 4b 42 4b 6c 87 d8 1f 9c eb 3e 01 2f 55 74 3f 4a 0c 56 86 e9 37 3e fd 77 de 5e b8 4a f9 7d 56 b0 09 e6 08 1f 6c c7 03 1e c9 a1 0a 35 88 b7 05 bc 18 a8 e9 31 f0 c0 4a 99 33 ae 1d 10 b4 e5 f8 1e ba e2 ee 78 ec 2c 76 ef f9 e5 01 a2 dc 7e 23 74 58 a1 54 8e e4 db 76 e9 a1 43 51 b1 fc 60 6f 61 30 ad 86 4a e3 ba 67 32 6c 98 f7 53 4a a3 6a db 67 2e ea a2 62 ca 2b 16 06 8c c7 92 7a 0b 1d 49 60 db 13 e0 40 c6 c0 57 24 02 3f 65 fd 94 f4 ef 5c 66 37 f2 5f c5 31 04 36 d2 be 08 da 78 62 06 bf 0a 74 1d ab 1f ff 41 5c 60 0d f3 b1 18 c2 1b 83 d8 4e b5 e3 dd d1 76 af 2a 2a 36 c2 7c c8 81 df b3 45 67 9a 88 f8 c4 7c 7b e3 82 91 e3 db ca 77 f9 6b 4f 8e 7a f1 34 42 0a 2a 8b d7 29 05 1c 9e 50 2e d7 c5 42 b4 91 6d ce 7b 49 d0 0c 7f e3 7c 95 e4 32 dd 87 9e 21 0a 43 4a 94 6f 10 0e db a7 a2 e4 13 aa 82 cc 36 6b 8b 64 b3 4b 4e 7f cb 16 b9 c5 5e 27 99 39 eb b4 a6 8d 83 58 83 f6 22 bc 4d d5 69 81 8f 4b 41 d4 1a 5d 61 70 31 61 09 ed 13 08 26 e7 34 5c bd 60 4b 52 e7 87 6b ad f3 20 88 83 9a d6 c1 98 cc 7b b5 27 82 c2 76 4f 0d 85 19 3c 97 1a ac e9 e8 d1 5e 1e 97 8c 68 fc c9 76 98 dc 26 9f a6 ed 0a 9a c7 f7 e7 29 19 d0 a7 48 e5 5a 09 82 3f 5c e0 1c e6 cc 7f cd 24 9f cc 55 40 b6 11 5f e4 bc d9 f0 c8 d0 68 4c f7 ad a1 55 26 73 1b 4e 98 67 c1 b0 fe f3 21 80 a6 ff ee fd 84 9a 82 79 c3 53 45 6f 96 76 55 ea 80 61 a6 97 3d 01 6d 9e 72 d0 79 6c 6f 2e 61 a5 8c 62 41 06 22 11 d0 d6 1b 09 c5 c1 59 60 dc c2 09 2a 38 d6 9f 3c f8 8c ed a1 55 6a 01 0a b6 70 94 c1 6e 9b 1b 86 64 3a 34 15 55 2a f9 e4 dd 61 0e 7c 11 bb 68 b8 ad 3c 58 fe 5b 11 db 7a c7 d5 87 31 21 d6 1c 8a d0 c5 9b dd 2a 5d d8 93 9d 24 3a 3c eb 14 cc 8b c5 b0 13 7f 6c 90 24 24 fd 94 3e 21 ed 2b b4 41 23 2f 48 e3 89 ff df c6 70 57 66 82 8f 98 c8 f9 a5 5b 27 1f 04 d8 78 68 ab c7 99 96 63 44 7f db ff 57 77 dd 7b 81 f7 6b b0 ee f4 a1 af c5 3d e6 04 71 13 67 ad cc f0 53 65 13 4c 5f 13 20 a9 84 26 02 4c 87 eb a1 dd b9 8f 94 da 63 a6 54 27 66 d2 e5 b2 86 0c d9 4a 5e c0 11 3c 8b 9b 7d 16 a6 95 20 0c 15 60 59 ff 58 45 2d d9 f0 3b 5d e0 93 3d cc da 5d 5a 0a 53 de 87 c4 43 99 9d 7f d9 e3 ce e9 f2 e4 ee 89 63 51 8f 78 be 80 b5 36 52 89 ce 97 ba 77 48 73 a4 0f 3a bd 05 7c 8f 61 f8 a6 56 69 27 e2 43 74 d2 f1 7c 9c 10 7f 7e ca 8d 07 e2 26 2c 69 c5 cd 36 f9 33 45 cf f9 5b be 00 18 04 5e 9d 14 46 3b f4 28 ef 64 2d 35 fe b4 b9 0d ba 29 ec 54 2f 09 b2 4f 24 a8 38 64 21 b6 6b db 81 19 01 f3 ea bb fd 13 fd 01 41 15 6f 97 1f 69 89 4b 98 b8 f2 d4 7c 02 01 37 6b b2 5d 0a 86 19 7e 45 b3 7c 8f c5 9d cc 22 51 17 5b 24 87 b9 a5 e6 4e 3b 17 0d 82 28 92 e4 d2 f1 f9 4b 66 8d 23 b5 d8 24 ec 8d a9 81 24 83 45 6e 25 9c f1 fb 10 58 16 be ef 2e 10 01 c3 29 5d 2d aa f1 07 e4 56 6a f6 e6 59 ef 81 06 fa 8f 38 b0 6a 21 eb a6 86 d0 f4 35 fd 30 a4 82 01 45 30 82 01 41 a0 03 02 01 17 a2 82 01 38 04 82 01 34 b6 48 2f 0f a4 e5 e4 16 c8 2a a8 24 b2 16 1b 6b 71 9d 6d 70 e0 26 c7 be d6 6f 4d 24 79 2f 18 66 af 0d 3d c1 80 21 eb 63 99 31 6b da 0c 2a b6 8c e8 b0 a0 86 25 58 88 2a 1c 62 8b 86 0d 27 e2 5e ba 5e ec ac 1a 82 df 6e 00 8d a5 d3 a6 b8 e0 92 cf f0 32 13 e7 6d 8f 95 35 9b 72 3e 7c 1c 48 16 89 4a fa 65 dc ab c8 5f 82 b5 42 f9 4d 63 30 03 f1 e7 c8 1e 45 11 6f c2 b8 9d c6 06 87 dc b0 a4 b5 7d 41 5b 62 d7 b1 0e 8d a7 31 93 0d fa 15 b9 fa 21 2d fb 50 d4 96 a5 bb e4 af 65 c7 4f fd 75 10 0d 6d cc 94 7f a0 34 b6 fe af c0 f1 3b 63 fb 61 cb 2c 77 2b cf 07 ee ea f3 de 86 1d 43 fe 61 4b 15 30 87 11 27 1e 5b eb d5 dd 81 98 61 76 a3 15 a0 1d f5 03 da f3 68 d7 b7 25 88 8a c9 b4 36 50 a1 81 df 50 fe 46 8e 6f b9 a7 23 eb 9d d0 99 1a 67 8a 60 85 c5 b4 95 6d 64 4a 98 c2 6b a2 95 c7 b2 d2 ce d2 6a 93 64 e7 de 80 85 91 03 d4 64 57 33 8a 93 c5 5f 59 8f 81 c4 39 85 8d c2 74 d2 a5 81 74 57 c2 d2 89 b2 de 9a c6 48 bc d4 7d eb 51 7d d5 46 SpNegoToken NegTokenInit: reading Mechanism Oid = 1.2.840.48018.1.2.2 SpNegoToken NegTokenInit: reading Mechanism Oid = 1.2.840.113554.1.2.2 SpNegoToken NegTokenInit: reading Mechanism Oid = 1.3.6.1.4.1.311.2.2.30 SpNegoToken NegTokenInit: reading Mechanism Oid = 1.3.6.1.4.1.311.2.2.10 SpNegoToken NegTokenInit: reading Mech Token SpNegoContext.acceptSecContext: received token of type = SPNEGO NegTokenInit SpNegoContext: negotiated mechanism = 1.2.840.113554.1.2.2 SpNegoContext.acceptSecContext: negotiated mech adjusted to 1.2.840.48018.1.2.2 Search Subject for Kerberos V5 ACCEPT cred (<>, sun.security.jgss.krb5.Krb5AcceptCredential) Found KeyTab /root/java/tomcat.keytab for HTTP/tomcat.test.md.cn@TEST.MD.CN Found KeyTab /root/java/tomcat.keytab for HTTP/tomcat.test.md.cn@TEST.MD.CN Entered Krb5Context.acceptSecContext with state=STATE_NEW Looking for keys for: HTTP/tomcat.test.md.cn@TEST.MD.CN Added key: 17, version: 3 Added key: 18, version: 3 Added key: 23, version: 3 Added key: 3, version: 3 Added key: 1, version: 3

EType: sun.security.krb5.internal.crypto.ArcFourHmacEType Using builtin default etypes for permitted_enctypes default etypes for permitted_enctypes: 18 17 20 19 16 23 1 3. EType: sun.security.krb5.internal.crypto.ArcFourHmacEType 2024-04-29T14:21:45.364+08:00 WARN 1892 --- [p-nio-80-exec-2] w.a.SpnegoAuthenticationProcessingFilter : Negotiate Header was invalid: Negotiate YIIGDAYGKwYBBQUCoIIGADCCBfygMDAuBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICHgYKKwYBBAGCNwICCqKCBcYEggXCYIIFvgYJKoZIhvcSAQICAQBuggWtMIIFqaADAgEFoQMCAQ6iBwMFACAAAACjggRJYYIERTCCBEGgAwIBBaEMGwpURVNULk1ELkNOoiQwIqADAgECoRswGRsESFRUUBsRdG9tY2F0LnRlc3QubWQuY26jggQEMIIEAKADAgEXoQMCAQOiggPyBIID7jUFxP7JFLncoOcSoCtzW/eftTvkAKQPrfghuyxRKUzPT6oZ/slWb4ywhwwJrVh9n4JN9Ea3nD29X6uJRSI7/2Uqb7zhqorlyZF0j9G+Ed75qZZnrq+G8AxSmYOwTVA9yo+xvydy+0WTH4tYHc5R4vCoVqWV6jFLQktsh9gfnOs+AS9VdD9KDFaG6Tc+/XfeXrhK+X1WsAnmCB9sxwMeyaEKNYi3BbwYqOkx8MBKmTOuHRC05fgeuuLueOwsdu/55QGi3H4jdFihVI7k23bpoUNRsfxgb2EwrYZK47pnMmyY91NKo2rbZy7qomLKKxYGjMeSegsdSWDbE+BAxsBXJAI/Zf2U9O9cZjfyX8UxBDbSvgjaeGIGvwp0Hasf/0FcYA3zsRjCG4PYTrXj3dF2ryoqNsJ8yIHfs0Vnmoj4xHx744KR49vKd/lrT4568TRCCiqL1ykFHJ5QLtfFQrSRbc57SdAMf+N8leQy3YeeIQpDSpRvEA7bp6LkE6qCzDZri2SzS05/yxa5xV4nmTnrtKaNg1iD9iK8TdVpgY9LQdQaXWFwMWEJ7RMIJuc0XL1gS1Lnh2ut8yCIg5rWwZjMe7UngsJ2Tw2FGTyXGqzp6NFeHpeMaPzJdpjcJp+m7Qqax/fnKRnQp0jlWgmCP1zgHObMf80kn8xVQLYRX+S82fDI0GhM962hVSZzG06YZ8Gw/vMhgKb/7v2EmoJ5w1NFb5Z2VeqAYaaXPQFtnnLQeWxvLmGljGJBBiIR0NYbCcXBWWDcwgkqONafPPiM7aFVagEKtnCUwW6bG4ZkOjQVVSr55N1hDnwRu2i4rTxY/lsR23rH1YcxIdYcitDFm90qXdiTnSQ6POsUzIvFsBN/bJAkJP2UPiHtK7RBIy9I44n/38ZwV2aCj5jI+aVbJx8E2Hhoq8eZlmNEf9v/V3fde4H3a7Du9KGvxT3mBHETZ63M8FNlE0xfEyCphCYCTIfrod25j5TaY6ZUJ2bS5bKGDNlKXsARPIubfRamlSAMFWBZ/1hFLdnwO13gkz3M2l1aClPeh8RDmZ1/2ePO6fLk7oljUY94voC1NlKJzpe6d0hzpA86vQV8j2H4plZpJ+JDdNLxfJwQf37KjQfiJixpxc02+TNFz/lbvgAYBF6dFEY79CjvZC01/rS5Dbop7FQvCbJPJKg4ZCG2a9uBGQHz6rv9E/0BQRVvlx9piUuYuPLUfAIBN2uyXQqGGX5Fs3yPxZ3MIlEXWySHuaXmTjsXDYIokuTS8flLZo0jtdgk7I2pgSSDRW4lnPH7EFgWvu8uEAHDKV0tqvEH5FZq9uZZ74EG+o84sGoh66aG0PQ1/TCkggFFMIIBQaADAgEXooIBOASCATS2SC8PpOXkFsgqqCSyFhtrcZ1tcOAmx77Wb00keS8YZq8NPcGAIetjmTFr2gwqtozosKCGJViIKhxii4YNJ+Jeul7srBqC324AjaXTprjgks/wMhPnbY+VNZtyPnwcSBaJSvpl3KvIX4K1QvlNYzAD8efIHkURb8K4ncYGh9ywpLV9QVti17EOjacxkw36Fbn6IS37UNSWpbvkr2XHT/11EA1tzJR/oDS2/q/A8Ttj+2HLLHcrzwfu6vPehh1D/mFLFTCHESceW+vV3YGYYXajFaAd9QPa82jXtyWIism0NlChgd9Q/kaOb7mnI+ud0JkaZ4pghcW0lW1kSpjCa6KVx7LSztJqk2Tn3oCFkQPUZFczipPFX1mPgcQ5hY3CdNKlgXRXwtKJst6axki81H3rUX3VRg==

org.springframework.security.authentication.BadCredentialsException: Kerberos validation not successful at org.springframework.security.kerberos.authentication.sun.SunJaasKerberosTicketValidator.validateTicket(SunJaasKerberosTicketValidator.java:86) ~[spring-security-kerberos-core-2.0.1-SNAPSHOT.jar!/:2.0.1-SNAPSHOT] at org.springframework.security.kerberos.authentication.KerberosServiceAuthenticationProvider.authenticate(KerberosServiceAuthenticationProvider.java:65) ~[spring-security-kerberos-core-2.0.1-SNAPSHOT.jar!/:2.0.1-SNAPSHOT] at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:182) ~[spring-security-core-6.1.0.jar!/:6.1.0] at org.springframework.security.kerberos.web.authentication.SpnegoAuthenticationProcessingFilter.doFilter(SpnegoAuthenticationProcessingFilter.java:153) ~[spring-security-kerberos-web-2.0.1-SNAPSHOT.jar!/:2.0.1-SNAPSHOT] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar!/:6.1.0] at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:227) ~[spring-security-web-6.1.0.jar!/:6.1.0] at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:221) ~[spring-security-web-6.1.0.jar!/:6.1.0] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar!/:6.1.0] at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:107) ~[spring-security-web-6.1.0.jar!/:6.1.0] at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:93) ~[spring-security-web-6.1.0.jar!/:6.1.0] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar!/:6.1.0] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101) ~[spring-web-6.0.9.jar!/:6.0.9] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar!/:6.1.0] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101) ~[spring-web-6.0.9.jar!/:6.0.9] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar!/:6.1.0] at org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:82) ~[spring-security-web-6.1.0.jar!/:6.1.0] at org.springframework.security.web.context.SecurityContextHolderFilter.doFilter(SecurityContextHolderFilter.java:69) ~[spring-security-web-6.1.0.jar!/:6.1.0] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar!/:6.1.0] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101) ~[spring-web-6.0.9.jar!/:6.0.9] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar!/:6.1.0] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101) ~[spring-web-6.0.9.jar!/:6.0.9] at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:374) ~[spring-security-web-6.1.0.jar!/:6.1.0] at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:233) ~[spring-security-web-6.1.0.jar!/:6.1.0] at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:191) ~[spring-security-web-6.1.0.jar!/:6.1.0] at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:352) ~[spring-web-6.0.9.jar!/:6.0.9] at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:268) ~[spring-web-6.0.9.jar!/:6.0.9] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[tomcat-embed-core-10.1.8.jar!/:na] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[tomcat-embed-core-10.1.8.jar!/:na] at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) ~[spring-web-6.0.9.jar!/:6.0.9] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:116) ~[spring-web-6.0.9.jar!/:6.0.9] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[tomcat-embed-core-10.1.8.jar!/:na] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[tomcat-embed-core-10.1.8.jar!/:na] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101) ~[spring-web-6.0.9.jar!/:6.0.9] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[tomcat-embed-core-10.1.8.jar!/:na] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[tomcat-embed-core-10.1.8.jar!/:na] at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:101) ~[spring-web-6.0.9.jar!/:6.0.9] at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:174) ~[tomcat-embed-core-10.1.8.jar!/:na] at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:149) ~[tomcat-embed-core-10.1.8.jar!/:na] at org.apache.catalina.core.ApplicationDispatcher.invoke(ApplicationDispatcher.java:642) ~[tomcat-embed-core-10.1.8.jar!/:na] at org.apache.catalina.core.ApplicationDispatcher.processRequest(ApplicationDispatcher.java:410) ~[tomcat-embed-core-10.1.8.jar!/:na] at org.apache.catalina.core.ApplicationDispatcher.doForward(ApplicationDispatcher.java:340) ~[tomcat-embed-core-10.1.8.jar!/:na] at org.apache.catalina.core.ApplicationDispatcher.forward(ApplicationDispatcher.java:277) ~[tomcat-embed-core-10.1.8.jar!/:na] at org.apache.catalina.core.StandardHostValve.custom(StandardHostValve.java:358) ~[tomcat-embed-core-10.1.8.jar!/:na] at org.apache.catalina.core.StandardHostValve.status(StandardHostValve.java:222) ~[tomcat-embed-core-10.1.8.jar!/:na] at org.apache.catalina.core.StandardHostValve.throwable(StandardHostValve.java:304) ~[tomcat-embed-core-10.1.8.jar!/:na] at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:149) ~[tomcat-embed-core-10.1.8.jar!/:na] at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93) ~[tomcat-embed-core-10.1.8.jar!/:na] at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) ~[tomcat-embed-core-10.1.8.jar!/:na] at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:341) ~[tomcat-embed-core-10.1.8.jar!/:na] at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:390) ~[tomcat-embed-core-10.1.8.jar!/:na] at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63) ~[tomcat-embed-core-10.1.8.jar!/:na] at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:894) ~[tomcat-embed-core-10.1.8.jar!/:na] at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1741) ~[tomcat-embed-core-10.1.8.jar!/:na] at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52) ~[tomcat-embed-core-10.1.8.jar!/:na] at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1191) ~[tomcat-embed-core-10.1.8.jar!/:na] at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) ~[tomcat-embed-core-10.1.8.jar!/:na] at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) ~[tomcat-embed-core-10.1.8.jar!/:na] at java.base/java.lang.Thread.run(Thread.java:842) ~[na:na] Caused by: java.security.PrivilegedActionException: null at java.base/java.security.AccessController.doPrivileged(AccessController.java:716) ~[na:na] at java.base/javax.security.auth.Subject.doAs(Subject.java:439) ~[na:na] at org.springframework.security.kerberos.authentication.sun.SunJaasKerberosTicketValidator.validateTicket(SunJaasKerberosTicketValidator.java:75) ~[spring-security-kerberos-core-2.0.1-SNAPSHOT.jar!/:2.0.1-SNAPSHOT] ... 57 common frames omitted Caused by: org.ietf.jgss.GSSException: Failure unspecified at GSS-API level (Mechanism level: Request is a replay (34)) at java.security.jgss/sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:864) ~[java.security.jgss:na] at java.security.jgss/sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:361) ~[java.security.jgss:na] at java.security.jgss/sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:303) ~[java.security.jgss:na] at java.security.jgss/sun.security.jgss.spnego.SpNegoContext.GSS_acceptSecContext(SpNegoContext.java:908) ~[java.security.jgss:na] at java.security.jgss/sun.security.jgss.spnego.SpNegoContext.acceptSecContext(SpNegoContext.java:555) ~[java.security.jgss:na] at java.security.jgss/sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:361) ~[java.security.jgss:na] at java.security.jgss/sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:303) ~[java.security.jgss:na] at org.springframework.security.kerberos.authentication.sun.SunJaasKerberosTicketValidator$KerberosValidateAction.run(SunJaasKerberosTicketValidator.java:255) ~[spring-security-kerberos-core-2.0.1-SNAPSHOT.jar!/:2.0.1-SNAPSHOT] at org.springframework.security.kerberos.authentication.sun.SunJaasKerberosTicketValidator$KerberosValidateAction.run(SunJaasKerberosTicketValidator.java:241) ~[spring-security-kerberos-core-2.0.1-SNAPSHOT.jar!/:2.0.1-SNAPSHOT] at java.base/java.security.AccessController.doPrivileged(AccessController.java:712) ~[na:na] ... 59 common frames omitted Caused by: sun.security.krb5.internal.KrbApErrException: Request is a replay (34) at java.security.jgss/sun.security.krb5.internal.rcache.AuthList.put(AuthList.java:88) ~[java.security.jgss:na] at java.security.jgss/sun.security.krb5.internal.rcache.MemoryCache.checkAndStore(MemoryCache.java:60) ~[java.security.jgss:na] at java.security.jgss/sun.security.krb5.KrbApReq.authenticate(KrbApReq.java:325) ~[java.security.jgss:na] at java.security.jgss/sun.security.krb5.KrbApReq.(KrbApReq.java:149) ~[java.security.jgss:na] at java.security.jgss/sun.security.jgss.krb5.InitSecContextToken.(InitSecContextToken.java:139) ~[java.security.jgss:na] at java.security.jgss/sun.security.jgss.krb5.Krb5Context.acceptSecContext(Krb5Context.java:837) ~[java.security.jgss:na] ... 68 common frames omitted

rwinch commented 1 month ago

Marking as duplicate in favor of the pull request gh-97