SES-164: Support Java 8

[spring-projects-issues]

Jiri Novak (Migrated from SES-164) said:

Hi guys, I wanted to use Kerberos on Windows server with Java 8 (u45), so I tried your sample sec-server-spnego-form-auth-xml from github. It works perfectly on Java 1.7, but I ended with following error on Java 8.

2015-04-28 16:37:00.200 DEBUG 1228 --- [nio-8080-exec-3] o.s.s.authentication.ProviderManager : Authentication attempt using org.springframework.security.kerberos.authentication.KerberosServiceAuthenticationProvider 2015-04-28 16:37:00.200 DEBUG 1228 --- [nio-8080-exec-3] .a.KerberosServiceAuthenticationProvider : Try to validate Kerberos Token 2015-04-28 16:37:00.293 WARN 1228 --- [nio-8080-exec-3] w.a.SpnegoAuthenticationProcessingFilter : Negotiate Header was invalid: Negotiate YIIGDQYGKwYBBQUCoIIGATCCBf2gJDAiBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICCqKCBdMEggXPYIIFywYJKoZIhvcSAQICAQBuggW6MIIFtqADAgEFoQMCAQ6iBwMFACAAAACjggS1YYIEsTCCBK2gAwIBBaERGw9WSVJUVUFMLkdNQy5ORVSiLDAqoAMCAQKhIzAhGwRIVFRQGxlrdWtzZXJ2ZXIudmlydHVhbC5nbWMubmV0o4IEYzCCBF+gAwIBF6EDAgEMooIEUQSCBE3fzOuoWu/S/2jOWEyS/rpzgDmrV6kKPFMs1odeHDRmq5Y8DZXPOQ/d2itM61r6CoqSvcnsP0sxdcmLwVWtEHdgTWZNtfCWLQl0O2pNVNhgRZb0W/hlyntpiU/cxJY1MmblFSNKIC+BZjvcsMXxqaT2mLBNSFuzmuTKxY7m6ipfHyUXyhey0uSWEm18DTY3YPlXReWmuQBgDXJZJLu2G8W26nEiAu8K0/RcVqQdimBQLAQpipW54/gle0xxdHAmpaVUI3j/atDMXgxCS2UYz27mSOmLjm9KmvzxGeajEjelwfiOOI1G/OOl16nb0xguEzoqYHmIVC1D8XDuOLt0LwACFcfEe65Yv3Z8qYpxvyeeiMOyl8+hNqcPYS/tgTFozf7j1AXdkSAE4po6VC1/Ipi7RF3uTWSes1BbOD6lv9tBa7z/5Ru1pfRFsta3iSNkZGa4PM99a3i+O81AdB2pDHHrIPr/O5/LbOJS3L5ZScYHvefuPEQ5WhUscyYAAfOjbUbv9HGOV4UfM+YjDSI1ApFZ7THsriOumUTuXR7vOKaJFOxtQrnURXL2ahTvmNgcIcYDURtr4TE7iIfpxh4SydFy1C26uSriH13u5tE8v6Pgjk6a4zTJji7ySvGQC/Yrp27kS7uOaME4lstaA4ZIpFOXYBK3UaUDCxHlxOOYmQ9JNXvE+nf1WXw/tO7WMeJ23reWwcDptq1POl5Sx+Xt7dgMo6871H0XDDENMBrvfsSmkeMYP7vAoqqdTzy+/huq74gIvDyG405E6ihniLRzcNvLiAPbU3+Vpeofx0ZN59wZHG8vEhe9km1Dm7Hr/hqYB1FhDPTWNKHGOIB9iBm7IoVlC5u2qB4Fa0oE3AaKbX7dztVF1DuFhQOsXwXF1qmu8ERnzqaGXIUoH8XuHx65NOz4ofFXzMNCGB5xOPZlvhhxSaPkKyUYz3LqsUgnJ5v6Vv205OQ1lXJ/ekn82XECwwmYY+srimE4OM9fO21aatpcO95TzVxABJbmYuncb5Ey4/5zJ80hf681h+3zCuxqwjhpDejo+daPYt5sXYmsSQ+F1ie1t6EnCF0vFlWtcoWntn4rW9W9b2zRe3mMlpscebes2pbe/u4QnHGdweoH3QPU17eRNQWhE9m3qvnqyHkCVXWQhtifIdgVQH60IxTbfDN1JDSpg1cPtgS7AydZx8zyu+e2Aost1/H9Xia8Uy/p6vTx1BeB35a46lGw+vrQyP5RspJIpnGBeJoV/ewtkoi3xa6OvREg1hDCYMDGxcHgGyHpcuFlFtClK9UPgHQttR27WiRkYiGLN4qCqgfa4OHHjWztIKkd/KrnVNlzAmjwNTMYyG4f4r1ecsxPLU5EfxyaW+6pbsYFA9zsB4g5qU0K73AQEgBdGYr3ik6nonw/gLkhxXrCRzC1ll3HQvGj5deksY6dqO9o6842EHj7WiWP1Bax9sxYeP6ycdCkFF6kgecwgeSgAwIBF6KB3ASB2bEvXKxTGj5pXk2e3SSft+wsygXmbFAscqiQAtzYasYsSxy/XiwsQwp3Av/mIe7Wh2YfIre2bsCKNYo6n0Ki4CR9ZUY3FpBwHi/4Wzh8ng3KXW5zNegZD2MgpH4nJyPoraSJzwW9GLrE+tOSLPUdyJMvNnHBIOleWdmJVXo+SAeGkCF366uOLO1UgQKRaZyHXtAa/bE/mrGTUQXLjyeCiHOMQ+xIS5De3shATU62TYjge+YnlY4w5+QqXjqKYYAufrC0ZfIhOGJaUfRW0+XTEiCVe79e6KB5UIs= org.springframework.security.authentication.BadCredentialsException: GSSContextname of the context initiator is null at org.springframework.security.kerberos.authentication.sun.SunJaasKerberosTicketValidator$KerberosValidateAction.run(SunJaasKerberosTicketValidator.java:165) at org.springframework.security.kerberos.authentication.sun.SunJaasKerberosTicketValidator$KerberosValidateAction.run(SunJaasKerberosTicketValidator.java:152) at java.security.AccessController.doPrivileged(Native Method) at javax.security.auth.Subject.doAs(Subject.java:422) at org.springframework.security.kerberos.authentication.sun.SunJaasKerberosTicketValidator.validateTicket(SunJaasKerberosTicketValidator.java:67) at org.springframework.security.kerberos.authentication.KerberosServiceAuthenticationProvider.authenticate(KerberosServiceAuthenticationProvider.java:64) at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156) at org.springframework.security.kerberos.web.authentication.SpnegoAuthenticationProcessingFilter.doFilter(SpnegoAuthenticationProcessingFilter.java:145) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87) at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342) at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192) at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:85) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:239) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:219) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:142) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:537) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1085) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:658) at org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:222) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1556) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1513) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:745)

[spanishkangaroo]

I found this issue and could not solve it. Does anyone know I could try to solve it? I do not mind coding the fix myself and sending it as a pull request.

[jupie]

Hello @spanishkangaroo,

after some tries i found out, that the tweakJdkRegression() function causes the problem. For me it worked with Java 8u181 and removing the function.

[rwinch]

Thanks @jupie! Would you be interested in submitting a PR to fix this?

[spanishkangaroo]

Thanks @jupie. Didn't try with Java 8u181... I think latest version at the moment was about 151...

[koraktor]

@spanishkangaroo Looking at the stacktrace you’re using version 1.0.0. You should probably update to the current 1.0.1 first (which introduced the regression fix mentioned by @jupie, although this would mean that it’s still required for your JRE/JDK).

The current version works on both Java 8 and 10 (and I guess 9 as well).