Error reading configuration file for JAAS Authentication Provider in Spring
Question
Really ripping my hair out on this one. I have a JAAS Authentication Provider configured for my Spring webapp. I've created a bean definition for it as follows:
<beans:bean id="jaasAuthenticationProvider"
class="org.springframework.security.providers.jaas.JaasAuthenticationProvider">
<custom-authentication-provider />
<beans:property name="loginConfig" value="file:webapps/mywebapp/WEB-INF/login.conf"/>
<beans:property name="loginContextName" value="myWebapp"/>
<beans:property name="callbackHandlers">
<beans:list>
<beans:bean class="org.springframework.security.providers.jaas.JaasNameCallbackHandler"/>
<beans:bean class="org.springframework.security.providers.jaas.JaasPasswordCallbackHandler"/>
</beans:list>
</beans:property>
</beans:bean>
My login.conf file for JAAS:
myWebapp {
com.sun.security.auth.module.Krb5LoginModule
required
doNotPrompt=false
useTicketCache=true
debug=true;
};
com.sun.security.jgss.initiate {
com.sun.security.auth.module.Krb5LoginModule
required;
};
When Spring initializes, it configures the bean correctly. When I attempt to log into my webapp, however, I get the following error:
DEBUG webapp.AuthenticationProcessingFilter - Authentication request failed: org.springframework.security.AuthenticationServiceException: I/O error while reading configuration file.; nested exception is javax.security.auth.login.LoginException: I/O error while reading configuration file.
I can't find this error message anywhere in the Spring source code, and the error message itself is not helpful at all. Any idea what could be causing this?
Solution 2
Found the answer. JAAS was actually loading the configuration file correctly, but I was missing a krb5.conf file in my local JDK. This file must live in:
$JAVA_HOME/lib/security
Example:
[libdefaults]
default_realm = DOMAIN.NET
dns_lookup_kdc = true
[domain_realm]
.domain.net = DOMAIN.NET
where domain.net is the name of the Kerberos domain, and DOMAIN.NET is the same only capitalized.
OTHER TIPS
Put your file on the classpath rather then trying to read it from the WEB-INF directory. /webapps/myapp/WEB-INF/classes/login.conf - then in your Spring config change the line to:
<beans:property name="loginConfig" value="classpath:login.conf"/>
I don't think you are getting a Spring error, but getting a filesystem/java error, you are not allowed to read from the directory WEB-INF.