Error reading configuration file for JAAS Authentication Provider in Spring

StackOverflow https://stackoverflow.com/questions/1065684

  •  21-08-2019
  •  | 
  •  

Question

Really ripping my hair out on this one. I have a JAAS Authentication Provider configured for my Spring webapp. I've created a bean definition for it as follows:

 <beans:bean id="jaasAuthenticationProvider"
     class="org.springframework.security.providers.jaas.JaasAuthenticationProvider">
    <custom-authentication-provider />
    <beans:property name="loginConfig" value="file:webapps/mywebapp/WEB-INF/login.conf"/>
    <beans:property name="loginContextName" value="myWebapp"/>
    <beans:property name="callbackHandlers">
       <beans:list>
          <beans:bean class="org.springframework.security.providers.jaas.JaasNameCallbackHandler"/>
          <beans:bean class="org.springframework.security.providers.jaas.JaasPasswordCallbackHandler"/>
       </beans:list>
    </beans:property>
 </beans:bean>

My login.conf file for JAAS:

myWebapp {
    com.sun.security.auth.module.Krb5LoginModule 
    required  
    doNotPrompt=false
    useTicketCache=true
    debug=true;
};

com.sun.security.jgss.initiate {
    com.sun.security.auth.module.Krb5LoginModule 
    required;
};

When Spring initializes, it configures the bean correctly. When I attempt to log into my webapp, however, I get the following error:

DEBUG webapp.AuthenticationProcessingFilter - Authentication request failed: org.springframework.security.AuthenticationServiceException: I/O error while reading configuration file.; nested exception is javax.security.auth.login.LoginException: I/O error while reading configuration file.

I can't find this error message anywhere in the Spring source code, and the error message itself is not helpful at all. Any idea what could be causing this?

Was it helpful?

Solution 2

Found the answer. JAAS was actually loading the configuration file correctly, but I was missing a krb5.conf file in my local JDK. This file must live in:

$JAVA_HOME/lib/security

Example:

[libdefaults]
  default_realm = DOMAIN.NET
  dns_lookup_kdc = true

[domain_realm]
  .domain.net = DOMAIN.NET

where domain.net is the name of the Kerberos domain, and DOMAIN.NET is the same only capitalized.

OTHER TIPS

Put your file on the classpath rather then trying to read it from the WEB-INF directory. /webapps/myapp/WEB-INF/classes/login.conf - then in your Spring config change the line to:

    <beans:property name="loginConfig" value="classpath:login.conf"/>

I don't think you are getting a Spring error, but getting a filesystem/java error, you are not allowed to read from the directory WEB-INF.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top