NTLM Handshake(NegotiateKerberos)
ramesh4u Nov 2, 2006 6:32 AMI have a windows network (samba domain controller which intern uses the flat file system for datastore), I wanted my j2ee web application to authenticate using NegotiateKerberos. so i followed http://wiki.jboss.org/wiki/Wiki.jsp?page=NegotiateKerberos link to setup the test application. But i suppose
NTLM Handshake is not happening, So i think there is some problem in my configuration settings. Basically handle method inside "AdvancedWebCallbackHandler.java" is not getting called.
When i start Jboss i see following logs which suggest CallbackHandler is configured properly but it is not getting called.
DEBUG [ServiceConfigurator] CallbackHandlerClassName set to org.jboss.web.tomcat.security.AdvancedWebCallbackHandler in jboss.security:service=JaasSecurityManager
Can someone please suggest what may be the problem? I am pasting all the configuration settings below.
My configuration setup as follows:
Windows network domain name is LK
Samba domain controller ip 192.168.1.7
/conf/jboss-service.xml
<!-- JAAS security manager and realm mapping -->
<mbean code="org.jboss.security.plugins.JaasSecurityManagerService" name="jboss.security:service=JaasSecurityManager"
<attribute name="CallbackHandlerClassName" org.jboss.web.tomcat.security.AdvancedWebCallbackHandler
<attribute name="SecurityManagerClassName" org.jboss.security.plugins.JaasSecurityManager
<attribute name="DefaultUnauthenticatedPrincipal" anonymous
<!-- DefaultCacheTimeout: Specifies the default timed cache policy timeout
in seconds.
If you want to disable caching of security credentials, set this to 0 to
force authentication to occur every time. This has no affect if the
AuthenticationCacheJndiName has been changed from the default value.
-->
<attribute name="DefaultCacheTimeout" 1800
<!-- DefaultCacheResolution: Specifies the default timed cache policy
resolution in seconds. This controls the interval at which the cache
current timestamp is updated and should be less than the DefaultCacheTimeout
in order for the timeout to be meaningful. This has no affect if the
AuthenticationCacheJndiName has been changed from the default value.
-->
<attribute name="DefaultCacheResolution" 60
/mbean>
/conf/login-config.xml
<!-- SPNEGO test -->
<application-policy name = "SPNEGO">
<login-module code="org.jboss.security.auth.NegotiateLoginModule" flag = "required">
<module-option name="loadBalance">false</module-option>
<module-option name="domainController">192.168.1.7</module-option>
<module-option name="defaultDomain">LK</module-option>
</login-module>
</application-policy>
/WEB-INF/web.xml
<login-config>
<auth-method>Negotiate</auth-method>
<realm-name>SPNEGO</realm-name>
</login-config>
<security-role>
<role-name>LK</role-name>
</security-role>
WEB-INF/jboss-web.xml
<jboss-web>
<security-domain>java:/jaas/SPNEGO</security-domain>
</jboss-web>
WEB-INF/context.xml
<Context
<Valve className="org.jboss.web.tomcat.security.HttpServletRequestResponseValve"
/Context>
Thanks
Ramesh S