NegotiateKerberos and JbossAdmin Group issue
adrien.loyat Mar 4, 2008 6:32 AMHello
I tried to use the NTLM authentification as described here http://wiki.jboss.org/wiki/Wiki.jsp?page=NegotiateKerberos.
I'm using jboss AS 4.2.2 GA.
I'm using the test case found on the wiki page.
My Activ Directory server traces my authentification. But jboss (or whatever it is) gives me the roles of JBossAdmin. In the AD, I'm not part of any group named like this. Thus if in the web.xml file of the test case I change JBossAdmin by one the the group I am a member of, I cannot access the ressources (code 403).
So my question is, where dose such a group come from ?
2008-03-03 17:03:26,857 TRACE [org.jboss.security.plugins.JaasSecurityManager.SPNEGO] defaultLogin, principal=1204560206854
2008-03-03 17:03:26,857 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] Begin getAppConfigurationEntry(SPNEGO), size=9
2008-03-03 17:03:26,857 TRACE [org.jboss.security.auth.login.XMLLoginConfigImpl] End getAppConfigurationEntry(SPNEGO), authInfo=AppConfigurationEntry[]:
[0]
LoginModule Class: org.jboss.security.auth.NegotiateLoginModule
ControlFlag: LoginModuleControlFlag : required
Options:name=defaultDomain, value=CIG.local
name=domainController, value=srv-cig.cigidf1.local
name=loadBalance, value=false
2008-03-03 17:03:26,858 TRACE [org.jboss.security.auth.NegotiateLoginModule] initialize, instance=@22758614
2008-03-03 17:03:26,858 TRACE [org.jboss.security.auth.NegotiateLoginModule] Security domain: SPNEGO
2008-03-03 17:03:26,868 TRACE [org.jboss.security.auth.NegotiateLoginModule] commit, loginOk=true
2008-03-03 17:03:26,868 TRACE [org.jboss.security.plugins.JaasSecurityManager.SPNEGO] defaultLogin, lc=javax.security.auth.login.LoginContext@1044daf, subject=Subject(25701656).principals=jcifs.smb.NtlmPasswordAuthentication@6207304(TOTO\loyat)org.jboss.
security.SimpleGroup@5440318(Roles(members:JBossAdmin(members:TOTO\loyat)))
2008-03-03 17:03:26,869 TRACE [org.jboss.security.plugins.JaasSecurityManager.SPNEGO] updateCache, inputSubject=Subject(25701656).principals=jcifs.smb.NtlmPasswordAuthentication@6207304(TOTO\loyat)
org.jboss.security.SimpleGroup@5440318(Roles(members:JBossAdmin(members:TOTO\loyat))), cacheSubject=Subject(21533658).principals=jcifs.smb.NtlmPasswordAuthentication@6207304(TOTO\loyat)
org.jboss.security.SimpleGroup@5440318(Roles(members:JBossAdmin(members:TOTO\loyat)))
2008-03-03 17:03:26,869 TRACE [org.jboss.security.plugins.JaasSecurityManager.SPNEGO] Inserted cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@1e30857[Subject(21533658).principals=
jcifs.smb.NtlmPasswordAuthentication@6207304(TOTO\loyat)org.jboss.security.SimpleGroup@5440318
(Roles(members:JBossAdmin(members:TOTO\loyat))),credential.class=java.lang.String@12759798,
expirationTime=1204561961713]
2008-03-03 17:03:26,869 TRACE [org.jboss.security.plugins.JaasSecurityManager.SPNEGO] End isValid, true
2008-03-03 17:03:26,870 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm] User: 1204560206854 is authenticated
2008-03-03 17:03:26,870 TRACE [org.jboss.security.SecurityAssociation] pushSubjectContext, subject=Objet :
Principal : TOTO\loyat
Principal : Roles(members:JBossAdmin(members:TOTO\loyat))
, sc=org.jboss.security.SecurityAssociation$SubjectContext@389922{principal=1204560206854,subject=30255134}
2008-03-03 17:03:26,871 TRACE [org.jboss.security.plugins.JaasSecurityManager.SPNEGO] getPrincipal, cache info: org.jboss.security.plugins.JaasSecurityManager$DomainInfo@1e30857[Subject(21533658).principals=jcifs.smb.NtlmPasswordAuthentication@6207304
(TOTO\loyat)org.jboss.security.SimpleGroup@5440318(Roles(members:JBossAdmin(members:TOTO\loyat))),credential.class=java.lang.String@
12759798,expirationTime=1204561961713]
Thanks for your answers.
Adrien