Java 当客户端和服务器在同一台计算机上时,Kerberos身份验证未运行
在试图从运行jboss服务器的同一台机器上访问应用程序时,我遇到了以下错误Java 当客户端和服务器在同一台计算机上时,Kerberos身份验证未运行,java,spring-security,single-sign-on,kerberos,spnego,Java,Spring Security,Single Sign On,Kerberos,Spnego,在试图从运行jboss服务器的同一台机器上访问应用程序时,我遇到了以下错误 org.springframework.security.authentication.BadCredentialsException: Kerberos validation not succesfull at org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator.validateTicke
org.springframework.security.authentication.BadCredentialsException: Kerberos validation not succesfull at org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator.validateTicket(SunJaasKerberosTicketValidator.java:69) at org.springframework.security.extensions.kerberos.KerberosServiceAuthenticationProvider.authenticate(KerberosServiceAuthenticationProvider.java:86)
at org.springframework.security.authentication.ProviderManager.doAuthentication(ProviderManager.java:120) at org.springframework.security.authentication.AbstractAuthenticationManager.authenticate(AbstractAuthenticationManager.java:48)
at org.springframework.security.extensions.kerberos.web.SpnegoAuthenticationProcessingFilter.doFilter(SpnegoAuthenticationProcessingFilter.java:131)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:149)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:190)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:567)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:662)
Caused by: java.security.PrivilegedActionException: GSSException: Defective token detected (Mechanism level: G
SSHeader did not find the right tag)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:396)
at org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator.validateTicket(SunJ
当客户端和服务器都在同一台输入代码的机器上时,有没有办法让它工作?我在Win7上使用IE9,如何确认令牌是NTLM而不是kerberos?在这种情况下,IE和所有使用SSPI的浏览器默认发送NTLM令牌
看。此问题已在中描述,并提供了可能的解决方案。其适用于内部网应用程序,不幸的是,仅使用IE,是否有任何方法可以绕过身份验证?我所知不多。也许其他人知道得更清楚。我正在Firefox中尝试,但遇到401错误,我正在尝试进行kerberos身份验证。当从Java测试类调用时,它可以正常工作,所以它与一些浏览器设置有关?如何配置浏览器以执行kerberose身份验证您必须启用它,
关于:配置
网络。协商身份验证受信任URI
和网络。协商身份验证委派URI
。谢谢Michael,做了更改,Firefox现在正在尝试进行身份验证,但得到与IE中相同的错误,原因是:java.security.PrivilegedActionException:gssexException:检测到有缺陷的令牌(机制级别:GSSHeader未找到正确的标记),是否有其他浏览器设置使其在本地运行Jboss as的本地主机/机器名下工作?