Skip to Main Content
Forums

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Kerberos auth and Java HTTPS server

843810Nov 9 2007 — edited Dec 20 2007
I'm trying to implement simple java HTTPS server which is use Kerberos authentication.
So I created login file:
-----
com.sun.security.jgss.krb5.accept {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=true
storeKey=true
keyTab=krb5.keytab
principal="myDomainUserName";
};
-----
keyTab contains only one principal with my domain user name.
I created GSS context:
-----
// Get own Kerberos credentials for accepting connection
Oid spnegoOid = new Oid("1.3.6.1.5.5.2");
serverCreds = manager.createCredential(null,GSSCredential.DEFAULT_LIFETIME, spnegoOid, GSSCredential.ACCEPT_ONLY);
GSSContext context =manager.createContext((GSSCredential)serverCreds);
-----
But after I get request from client with header:
-----
[Host=[Antares:8000], Content-type=[application/soap+xml;charset=UTF-16], Content-length=[0], Connection=[Keep-Alive], Authorization=[Kerberos YIIEygYJKoZIhvcSAQICAQBuggS5MIIEtaADAgEFoQMCAQ6iBwMFACAAAACjggN3YYIDczCCA2+gAwIBBaEKGwhCUS5MT0NBTKIaMBigAwIBAqERMA8bBEhUVFAbB0FudGFyZXOjggM+MIIDOqADAgEXoQMCAQ6iggMsBIIDKB9F0qVYIGkCRa3kuzCNYXWNuuqys+oaZFVxZ8Aqb9yM6N9pXuCd3t3vGQGJN81Z4D5IT1hKhEf3zKfdYU0QWSczPpojeglBI1abJud7l75DkZg00fejvZUJaUqhqr/LBplRccGow6MeWtRzg6ChJkiW8MiBmzwwIgCZC5GrgtwhnKfmCMV2UiKlskQ5MAxXYiSmpf84JWjPTqQBXHkOXigKvv0urbsDQt2HPTGayCVImNIJ96qRGw/TS+paIloB636aT/r9omh8kz8BbxId0wNicCejIcYviQ4WTq1QJlvhD7niiv2hVxFnt0EDmSKTUjdKKu++aUta7y+hP4e9SOV36FEwCLC+sw44UKl+oborFZn9KKPIToAeRZ1v3lohtdj0My4QNpeQ/VoQPyEK4a1dX39emGsqUp1bi3N3iDSaMkRKmM9JQppLKfCyrhvVlqncw7gssFZjdUDST0shWb8Bofj0PvSQuWDglFo4yo/3xOwzPm5kkINLjyl5AtBxEC7fc6briWGXa0fVPQfe80/6HNi9yX5mMF2zBp205RNewBBdITIciQp4Q8emxcrGU084BWnnqxh70AE9Mprc4m9+4jNYPfXuxyCqR789OKYFf+NgA4b8LMEUiND6D5wVZB6LflUJB2Fsnzxqj1+XXR0yChUH8ZN684RTba5OHI8JBY1tqGGDoLVIAgabRhGz6MLy82aBVdBziKMN//84/9zzgawfpWYdhFDbAWIYxz3+7Fv/rl4bmN3sqoyOe6SH5+pAJEtX0Hr4RLD3GXeoxAcITFM01d697H4YHF/ZSyPT5WZjezfQzw4LFjmpU8tE/ccBjJxXXZGuvbiyoQyuz+NhPFRbDlO7ViKsw7hLSlSyXgmGxhQ1HLDsAK7ynUPt5cD8GR0iiqT7ucSfsI8Oa0q6BpTdpNlT+rabJW3CxLu7AQGwKOGTbjPoGGw6WEzwDQhblEFY3X7xFGbNCh4IBK12wwdpLzsym0YTvokpusoWR1md4i8Q1JzWOPvT4Dm9Q8+4UwpKmJGiJ9v/m7OrvSMPTuyXCXndC3JTutMs9zjcK6xdR2uuo0CkggEjMIIBH6ADAgEXooIBFgSCARJAcFIQHux+/BlbHXfM57GvZKLrTe4Ba/SiaVzSVksZ3HQNUnZdCahPU+C+mPWfSL6Hgc/pHLrS46lMmGoOeu1OJGuwoZdPCWidsF6K7l2EW3yUycV0ihV12TsWK1KhbgnJHnfQnoCxeqylTwfqHrthtNiSsmV8aZRUp+7QiZXMpT60OxDEeIYPFbiVrxTBMNG/W7vviDaIiP4D0TvBeXqN4kb2ilgYyDViW1ELLOCx/fNNsfYflPE5bVUJbt4oWzhUqHrFru1NQESgO5+9u+5QXaPybFqYzcdYxWZiGq6aKrqtjrNOshDvMg0DeS1UU78dxqlf3S0C3nJwWgTz2a2+/F4ShchNlJNYIBbT3Fs236X6], User-agent=[Microsoft WinRM Client]]
-----
I try to create response with "WWW-Authenticate" header:
-----
token = Base64.decode(authToken);
token = context.acceptSecContext(token, 0, token.length);
// Kerberos token
responseHeaders.add("WWW-Authenticate", Base64.encode(token));
-----
But I get exception on "acceptSecContext" method:
-----
GSSException: No credential found for: 1.2.840.113554.1.2.21.2.840.113554.1.2.2 usage: Accept
-----
What's happen ?
It seems to me that I should add some principal(which is used by HTTPS Client) to keyTab file, but I don't know which principal is used :(
Or may be exists another reason of exception ?
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Jan 17 2008
Added on Nov 9 2007
#kerberos-java-gss-jgss
26 comments
4,399 views