0 Replies Latest reply on Oct 3, 2012 10:09 PM by Tristan Collins

    Jboss Negotiation in Seam Application

    Tristan Collins Newbie

      Hi All,

      Wondering if I can get some help with this one. I'm trying to get Kerberos/SPNEGO authentication working in my Seam app.



      JBoss AS 5.0.0.GA

      JBoss Negotiation 2.0.3 (SP02?) built from source as per https://community.jboss.org/message/142148#142148

      JBoss Seam 2.1.0

      Java 1.6.0_35


      I've got the Negotiation toolkit running successfully with all 3 Servlets returning as they should.


      When I try and implement in my Seam App all I get is a nice "HTTP Status 401 - The request requires HTTP Authentication ()."


      I've followed the steps as outlined in http://seamframework.org/128602.lace


      1. configured the web.xml to handle the security

      2. added <security:identity jaas-config-name="SPNEGO" /> to components.xml

      3. disable the Identity httprequestwrapper <web:identity-filter disabled="true"/>

      4. Created the custom Identity component.



      I made a couple of minor alterations in web.xml -



      1. Instead of bundling all the web-resource-collections together as in the example I've separated the SEAM resource into it's own constraint:












      2. Added the SPENGO realm-name to the login config







      Now when I try to access the app I get the following in the log file:


      DEBUG [org.jboss.security.integration.JNDIBasedSecurityManagement.createSecurityDomainContext():341] Creating SDC for domain=jboss-web-policy

      DEBUG [org.jboss.security.plugins.auth.JaasSecurityManagerBase.<init>():253] CallbackHandler: org.jboss.security.auth.callback.JBossCallbackHandler@142cc1e

      DEBUG [org.jboss.security.plugins.auth.JaasSecurityManagerBase.setCachePolicy():264] CachePolicy set to: org.jboss.util.TimedCachePolicy@f2b289

      DEBUG [org.jboss.security.integration.JNDIBasedSecurityManagement.setSecurityDomainCache():473] setCachePolicy, c=org.jboss.util.TimedCachePolicy@f2b289

      DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator.authenticate():78] Header - null

      DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator.authenticate():82] No Authorization Header, sending 401

      DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator.authenticate():78] Header - Negotiate YIIGVQYGKwYBBQUCoIIGSTCCBkWgMDAuBgkqhkiC9xIBAgIGCS.....

      INFO  [org.jboss.seam.contexts.Contexts.startup():303] starting up: org.jboss.seam.security.ruleBasedPermissionResolver

      INFO  [org.jboss.seam.drools.RuleBase.compileRuleBase():47] parsing rules: /security.drl

      INFO  [org.jboss.seam.contexts.Contexts.startup():303] starting up: org.jboss.seam.security.identity

      INFO  [org.jboss.seam.contexts.Contexts.startup():303] starting up: org.jboss.seam.web.session

      DEBUG [org.jboss.security.negotiation.NegotiationAuthenticator.authenticate():103] Creating new NegotiationContext



      So it looks like it's at least trying work? However it wont forward on to the Identity component and I get the "request requires HTTP Authentication ()" message in the browser.

      I know the keytab info is correct as I'm using it for the toolkit configuration and like I say all that works fine.


      Any ideas?