Spnego keytab test gives a java security exception

Question

I cannot get the following program running:

import java.net.URL;

import net.sourceforge.spnego.SpnegoHttpURLConnection;

public class HelloKeytab {

    public static void main(final String[] args) throws Exception {
        System.setProperty("java.security.krb5.conf", "krb5.conf");
        System.setProperty("sun.security.krb5.debug", "true");
        System.setProperty("java.security.auth.login.config", "login.conf");

        SpnegoHttpURLConnection spnego = null;

        try {
            spnego = new SpnegoHttpURLConnection("spnego-client");
            spnego.connect(new URL("http://as1.test.local/hello_spnego.jsp"));

            System.out.println("HTTP Status Code: " 
                    + spnego.getResponseCode());

            System.out.println("HTTP Status Message: "
                    + spnego.getResponseMessage());

        } finally {
            if (null != spnego) {
                spnego.disconnect();
            }
        }
    }
}

I installed JDK7 and set the JAVA_HOME environment variable as an Administrator. I am working on a Windows XP machine as a regular domain user while compiling and running.

I have the spnego-r7.jar in the same directory as the HelloKeytab.java and I compiled with:

javac -cp .;spnego-r7.jar HelloKeytab.java 

which succesfully creates the class.

When I run the program with:

java -cp .;spengo-r7.jar HelloKeytab

I get the following error:

Exception in thread "main" java.lang.SecurityException: Configuration Error:
        Line 2: expected [controlFlag]
        at com.sun.security.auth.login.ConfigFile.<init>(Unknown Source)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)

        at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)

        at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Sou
rce)
        at java.lang.reflect.Constructor.newInstance(Unknown Source)
        at java.lang.Class.newInstance(Unknown Source)
        at javax.security.auth.login.Configuration$3.run(Unknown Source)
        at javax.security.auth.login.Configuration$3.run(Unknown Source)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.login.Configuration.getConfiguration(Unknown Sour
ce)
        at javax.security.auth.login.LoginContext$1.run(Unknown Source)
        at javax.security.auth.login.LoginContext$1.run(Unknown Source)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.login.LoginContext.init(Unknown Source)
        at javax.security.auth.login.LoginContext.<init>(Unknown Source)
        at net.sourceforge.spnego.SpnegoHttpURLConnection.<init>(SpnegoHttpURLCo
nnection.java:206)
        at HelloKeytab.main(HelloKeytab.java:15)
Caused by: java.io.IOException: Configuration Error:
        Line 2: expected [controlFlag]
        at com.sun.security.auth.login.ConfigFile.match(Unknown Source)
        at com.sun.security.auth.login.ConfigFile.parseLoginEntry(Unknown Source
)
        at com.sun.security.auth.login.ConfigFile.readConfig(Unknown Source)
        at com.sun.security.auth.login.ConfigFile.init(Unknown Source)
        at com.sun.security.auth.login.ConfigFile.init(Unknown Source)
        ... 17 more

The spnego-r7.jar can be found here: http://sourceforge.net/projects/spnego/files/

What is wrong that I am getting this error?

Answer 1

I had an error in the login.conf.

spnego-client {
    com.sun.security.auth.module.Krb5LoginModule required;
    storeKey=true
    useKeyTab=true
    keyTab="file:///C:/sys-spn.keytab"
    principal=sys-spn;
};

The semicolon after required should not be there!