Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [jetty-dev] NPE in SpnegoLoginService

my first recommendation would be to try a more recent version of jetty, that is a very old version at this point, and a snapshot at that.

jetty 9.3.6 is a good recent version to try and if you still have issues we can work from there

cheers,
Jesse

--
jesse mcconnell
jesse.mcconnell@xxxxxxxxx

On Wed, Jan 6, 2016 at 4:26 AM, Houtman, Roland <Roland.Houtman@xxxxxxxxxxxxxxx> wrote:
Dear devs,

I got this NPE exception when a client who logged in to his client machine using a smartcard.
Our inhouse tests using SPNEGO in a small  ActiveDirectory setup with-out using smartcard we didn't face this issue.
I expect it has something to do with the SPN because "CT" isn't in the fqdn of the hostname ; "HTTP/aa.abc140.bb.net@xxxxxxxxx"

We're using jetty embedded/programmatically setup
Version: jetty-9.0.z-SNAPSHOT
I appreciate pointers in the right direction for solving this.


Jan 05, 2016 10:26:58 AM org.eclipse.jetty.util.log.JavaUtilLog debug
FINE: context=/auth||/test @ o.e.j.w.WebAppContext@4f1a55{/auth,file:/C:/Users/Public/ [..] /wap/webapps/auth/,AVAILABLE}{C:\Users\Public\ [..] \wap\webapps\auth}
Jan 05, 2016 10:26:58 AM org.eclipse.jetty.util.log.JavaUtilLog debug
FINE: sessionManager=org.eclipse.jetty.server.session.HashSessionManager@1c27487
Jan 05, 2016 10:26:58 AM org.eclipse.jetty.util.log.JavaUtilLog debug
FINE: session=null
Jan 05, 2016 10:26:58 AM org.eclipse.jetty.util.log.JavaUtilLog debug
FINE: servlet /auth|/test|null -> test@364492==spnego.TestServlet,-1,false
Jan 05, 2016 10:26:58 AM org.eclipse.jetty.util.log.JavaUtilLog debug
FINE: loaded class sun.security.provider.ConfigFile from null
Jan 05, 2016 10:26:58 AM org.eclipse.jetty.util.log.JavaUtilLog debug
FINE: loaded class com.sun.security.auth.module.Krb5LoginModule from null
Jan 05, 2016 10:26:58 AM org.eclipse.jetty.util.log.JavaUtilLog warn
WARNING: /auth/test
java.lang.NullPointerException
        at org.eclipse.jetty.security.SpnegoLoginService.login(SpnegoLoginService.java:141)
        at org.eclipse.jetty.security.authentication.LoginAuthenticator.login(LoginAuthenticator.java:52)
        at org.eclipse.jetty.security.authentication.SpnegoAuthenticator.validateRequest(SpnegoAuthenticator.java:99)
        at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:499)
        at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:213)
        at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1083)
        at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:379)
        at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:175)
        at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1017)
        at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:136)
        at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:258)
        at org.eclipse.jetty.server.handler.HandlerCollection.handle(HandlerCollection.java:109)
        at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:97)
        at org.eclipse.jetty.server.Server.handle(Server.java:445)
        at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:260)
        at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:225)
        at org.eclipse.jetty.io.AbstractConnection$ReadCallback.run(AbstractConnection.java:358)
        at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:596)
        at org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:527)
        at java.lang.Thread.run(Thread.java:745)

the source as listed in http://download.eclipse.org/jetty/stable-9/xref/org/eclipse/jetty/security/SpnegoLoginService.html#134
points to

==SpnegoLoginService.java======================
140                 if (gContext.isEstablished())
141                 {
142                     String clientName = gContext.getSrcName().toString();
143                     String role = clientName.substring(clientName.indexOf('@') + 1);
144
-----------------------------------------------
I expect it to be the     getSrcName().toString();


online I found a piece of software which tests for null, and replying the next warning message:
===unknown source==============================
    if (gssContext.getSrcName() == null) {
        log.warn("GSS Context accepted, but no context initiator recognized. Check your kerberos configuration and reverse DNS lookup configuration");
        return false;
    }
-----------------------------------------------


My configuration files are:
==spnego.conf=============================================
com.sun.security.jgss.initiate{
   com.sun.security.auth.module.Krb5LoginModule required
   useTicketCache="true"
   doNotPrompt="false"
   renewTGT="true"
   debug="false";
  };

com.sun.security.jgss.accept {
     com.sun.security.auth.module.Krb5LoginModule required
     principal="HTTP/aa.abc140.bb.net@xxxxxxxxx"
     useKeyTab=true
     keyTab="C:/Users/Public/Company/wap/webapps/auth/WEB-INF/ftsso.keytab"
     storeKey=true
     debug=true
     isInitiator=false;
};
==krb5.ini=============================================
[libdefaults]
default_realm = CT.BB.NET
[realms]
CT.BB.NET = {
    kdc = ct.bb.net
}
==web.xml=============================================
    <auth-constraint>
      <role-name>CT.BB.NET</role-name>
    </auth-constraint>
===spnego.properties===========================
targetName = HTTP/aa.abc140.bb.net
-----------------------------------------------



_______________________________________________
jetty-dev mailing list
jetty-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/jetty-dev


Back to the top