single sign on - authenticate user on server side for Swing clients using kerberos/spnego -

i using kerberos protocol authenticate users java swing applications. able authenticate @ client side, having problems when getting user credentials , roles on server side, have got ejbs require roles create ejbs.

jboss-app.xml looks like

 <jboss-app>     <security-domain>java:/jaas/spnego-server</security-domain>            <loader-repository>paymenttracker:loader=paymenttracker.ear</loader-repository>  </jboss-app>

the client class calling subject.doas(s, lv); lv class extends privilegedexceptionaction.

on server side login-config.xml in jboss server got following setting

     <application-policy name="spnego-server"><authentication>      <login-module code="com.sun.security.auth.module.krb5loginmodule" flag="required" > <module-option name="storekey">true</module-option>  <module-option name="debug">true</module-option>  <module-option name="usekeytab">true</module-option>  <module-option name="keytab">file://c:/ker/tem.keytab</module-option>  <module-option name="principal">http/ws6421.ebrd.com</module-option>  <module-option name="donotprompt">true</module-option>  <module-option name="isinitiator">false</module-option>  </login-module></authentication> </application-policy>

getting following error :

16:09:28,990 info  [stdout] debug  true storekey true useticketcache false usekeytab true donotprompt true ticketcache null isinitiator false keytab file://c:/kerberos/ws6421.keytab refreshkrb5config false pr incipal http/ws6421.my.com tryfirstpass false usefirstpass false storepass false clearpass fa lse 16:09:29,087 info  [stdout] principal's key obtained keytab 16:09:29,087 info  [stdout] principal http/ws6421.my.com@my.com 16:09:29,088 info  [stdout] encryptionkey: keytype=23 keybytes (hex dump)=0000: a9 dd 6c ab c5 d3 a0 9d   c8 4 4 18 52 78 3e ab 82  ..l......d.rx>.. 16:09:29,094 info  [stdout] added server's keykerberos principal http/ws6421.ebrd.com@my.comkey version 0key  encryptionkey: keytype=23 keybytes (hex dump)= 0000: a9 dd 6c ab c5 d3 a0 9d   c8 44 18 52 78 3e ab 82  ..l......d.rx>.. 16:09:29,095 info  [stdout]             [krb5loginmodule] added krb5principal  http/ws6421.my.com@my.com t o subject 16:09:29,098 info  [stdout] commit succeeded 16:09:29,135 error [securityinterceptor] error in security interceptor java.lang.securityexception: denied: caller subject=subject:         principal: http/ws6421.my.com@my.com         private credential: kerberos principal http/ws6421.my.com@my.comkey version 0key encryptionkey: ke ytype=23 keybytes (hex dump)= 0000: a9 dd 6c ab c5 d3 a0 9d   c8 44 18 52 78 3e ab 82  ..l......d.rx>..    , security context post-mapping roles=null: ejbmethod=public abstract services.ejb.login.sblogin services.e jb.login.sbloginhome.create() throws javax.ejb.createexception,java.rmi.remoteexception         @ org.jboss.ejb.plugins.securityinterceptor.checksecuritycontext(securityinterceptor.java:368)         @ org.jboss.ejb.plugins.securityinterceptor.process(securityinterceptor.java:243)

Search This Blog

Brazell

single sign on - authenticate user on server side for Swing clients using kerberos/spnego -

Comments

Post a Comment

Popular posts from this blog

html - How to style widget with post count different than without post count -

How to remove text and logo OR add Overflow on Android ActionBar using AppCompat on API 8? -

IIS->Tomcat Redirect: multiple worker with default -