[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
[jetty-dev] NPE in SpnegoLoginService
|
Dear devs,
I got this NPE exception when a client who logged in to his client machine using a smartcard.
Our inhouse tests using SPNEGO in a small ActiveDirectory setup with-out using smartcard we didn't face this issue.
I expect it has something to do with the SPN because "CT" isn't in the fqdn of the hostname ; "HTTP/aa.abc140.bb.net@xxxxxxxxx"
We're using jetty embedded/programmatically setup
Version: jetty-9.0.z-SNAPSHOT
I appreciate pointers in the right direction for solving this.
Jan 05, 2016 10:26:58 AM org.eclipse.jetty.util.log.JavaUtilLog debug
FINE: context=/auth||/test @ o.e.j.w.WebAppContext@4f1a55{/auth,file:/C:/Users/Public/ [..] /wap/webapps/auth/,AVAILABLE}{C:\Users\Public\ [..] \wap\webapps\auth}
Jan 05, 2016 10:26:58 AM org.eclipse.jetty.util.log.JavaUtilLog debug
FINE: sessionManager=org.eclipse.jetty.server.session.HashSessionManager@1c27487
Jan 05, 2016 10:26:58 AM org.eclipse.jetty.util.log.JavaUtilLog debug
FINE: session=null
Jan 05, 2016 10:26:58 AM org.eclipse.jetty.util.log.JavaUtilLog debug
FINE: servlet /auth|/test|null -> test@364492==spnego.TestServlet,-1,false
Jan 05, 2016 10:26:58 AM org.eclipse.jetty.util.log.JavaUtilLog debug
FINE: loaded class sun.security.provider.ConfigFile from null
Jan 05, 2016 10:26:58 AM org.eclipse.jetty.util.log.JavaUtilLog debug
FINE: loaded class com.sun.security.auth.module.Krb5LoginModule from null
Jan 05, 2016 10:26:58 AM org.eclipse.jetty.util.log.JavaUtilLog warn
WARNING: /auth/test
java.lang.NullPointerException
at org.eclipse.jetty.security.SpnegoLoginService.login(SpnegoLoginService.java:141)
at org.eclipse.jetty.security.authentication.LoginAuthenticator.login(LoginAuthenticator.java:52)
at org.eclipse.jetty.security.authentication.SpnegoAuthenticator.validateRequest(SpnegoAuthenticator.java:99)
at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:499)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:213)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1083)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:379)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:175)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1017)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:136)
at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:258)
at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:109)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
at org.eclipse.jetty.server.Server.handle(Server.java:445)
at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:260)
at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:225)
at org.eclipse.jetty.io.AbstractConnection$ReadCallback.run(AbstractConnection.java:358)
at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:596)
at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:527)
at java.lang.Thread.run(Thread.java:745)
the source as listed in http://download.eclipse.org/jetty/stable-9/xref/org/eclipse/jetty/security/SpnegoLoginService.html#134
points to
==SpnegoLoginService.java======================
140 if (gContext.isEstablished())
141 {
142 String clientName = gContext.getSrcName().toString();
143 String role = clientName.substring(clientName.indexOf('@') + 1);
144
-----------------------------------------------
I expect it to be the getSrcName().toString();
online I found a piece of software which tests for null, and replying the next warning message:
===unknown source==============================
if (gssContext.getSrcName() == null) {
log.warn("GSS Context accepted, but no context initiator recognized. Check your kerberos configuration and reverse DNS lookup configuration");
return false;
}
-----------------------------------------------
My configuration files are:
==spnego.conf=============================================
com.sun.security.jgss.initiate{
com.sun.security.auth.module.Krb5LoginModule required
useTicketCache="true"
doNotPrompt="false"
renewTGT="true"
debug="false";
};
com.sun.security.jgss.accept {
com.sun.security.auth.module.Krb5LoginModule required
principal="HTTP/aa.abc140.bb.net@xxxxxxxxx"
useKeyTab=true
keyTab="C:/Users/Public/Company/wap/webapps/auth/WEB-INF/ftsso.keytab"
storeKey=true
debug=true
isInitiator=false;
};
==krb5.ini=============================================
[libdefaults]
default_realm = CT.BB.NET
[realms]
CT.BB.NET = {
kdc = ct.bb.net
}
==web.xml=============================================
<auth-constraint>
<role-name>CT.BB.NET</role-name>
</auth-constraint>
===spnego.properties===========================
targetName = HTTP/aa.abc140.bb.net
-----------------------------------------------