0 Replies Latest reply on Oct 3, 2012 10:09 PM by Tristan Collins

    Jboss Negotiation in Seam Application

    Tristan Collins Newbie

      Hi All,

      Wondering if I can get some help with this one. I'm trying to get Kerberos/SPNEGO authentication working in my Seam app.

       

      Environment:

      JBoss AS 5.0.0.GA

      JBoss Negotiation 2.0.3 (SP02?) built from source as per https://community.jboss.org/message/142148#142148

      JBoss Seam 2.1.0

      Java 1.6.0_35

         

      I've got the Negotiation toolkit running successfully with all 3 Servlets returning as they should.

       

      When I try and implement in my Seam App all I get is a nice "HTTP Status 401 - The request requires HTTP Authentication ()."

       

      I've followed the steps as outlined in http://seamframework.org/128602.lace

      i.e.

      1. configured the web.xml to handle the security

      2. added <security:identity jaas-config-name="SPNEGO" /> to components.xml

      3. disable the Identity httprequestwrapper <web:identity-filter disabled="true"/>

      4. Created the custom Identity component.

       

       

      I made a couple of minor alterations in web.xml -

       

       

      1. Instead of bundling all the web-resource-collections together as in the example I've separated the SEAM resource into it's own constraint:

      <security-constraint>

      <web-resource-collection>

        <web-resource-name>SEAM</web-resource-name>

        <url-pattern>*.do</url-pattern>

        </web-resource-collection>

        <auth-constraint>

        <role-name>*</role-name>

        </auth-constraint>

      </security-constraint>

       

       

      2. Added the SPENGO realm-name to the login config

      <login-config>

        <auth-method>SPNEGO</auth-method>

        <realm-name>SPNEGO</realm-name>

      </login-config>

          

       

      Now when I try to access the app I get the following in the log file:

       

      DEBUG [org.jboss.security.integration.JNDIBasedSecurityManagement.createSecurityDomainContext():341] Creating SDC for domain=jboss-web-policy

      DEBUG [org.jboss.security.plugins.auth.JaasSecurityManagerBase.<init>():253] CallbackHandler: org.jboss.security.auth.callback.JBossCallbackHandler@142cc1e

      DEBUG [org.jboss.security.plugins.auth.JaasSecurityManagerBase.setCachePolicy():264] CachePolicy set to: org.jboss.util.TimedCachePolicy@f2b289

      DEBUG [org.jboss.security.integration.JNDIBasedSecurityManagement.setSecurityDomainCache():473] setCachePolicy, c=org.jboss.util.TimedCachePolicy@f2b289

      DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator.authenticate():78] Header - null

      DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator.authenticate():82] No Authorization Header, sending 401

      DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator.authenticate():78] Header - Negotiate YIIGVQYGKwYBBQUCoIIGSTCCBkWgMDAuBgkqhkiC9xIBAgIGCS.....

      INFO  [org.jboss.seam.contexts.Contexts.startup():303] starting up: org.jboss.seam.security.ruleBasedPermissionResolver

      INFO  [org.jboss.seam.drools.RuleBase.compileRuleBase():47] parsing rules: /security.drl

      INFO  [org.jboss.seam.contexts.Contexts.startup():303] starting up: org.jboss.seam.security.identity

      INFO  [org.jboss.seam.contexts.Contexts.startup():303] starting up: org.jboss.seam.web.session

      DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator.authenticate():103] Creating new NegotiationContext

       

       

      So it looks like it's at least trying work? However it wont forward on to the Identity component and I get the "request requires HTTP Authentication ()" message in the browser.

      I know the keytab info is correct as I'm using it for the toolkit configuration and like I say all that works fine.

           

      Any ideas?

       

       

      Cheers,

      Tristan