[jboss-user] [Security & JAAS/JBoss] - Re: Negotiate with Kerberos
AndiWausS
do-not-reply at jboss.com
Wed Nov 29 06:04:56 EST 2006
oh, yes, indeed, it does not work with 4.0.5 anymore like it did with 4.0.3sp1.
My errors are different though:
after the type one error i get
2006-11-29 09:16:26,320 TRACE [org.jboss.security.plugins.JaasSecurityManager.SPNEGO]::authenticate(560) - Login failure
| javax.security.auth.login.LoginException: Login Failure: all modules ignored
| at javax.security.auth.login.LoginContext.invoke(LoginContext.java:947)
| at javax.security.auth.login.LoginContext.access$000(LoginContext.java:209)
| at javax.security.auth.login.LoginContext$4.run(LoginContext.java:709)
| at java.security.AccessController.doPrivileged(AccessController.java:240)
| at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:706)
| at javax.security.auth.login.LoginContext.login(LoginContext.java:603)
Then there is no type3 handling, no login, but
2006-11-29 09:16:26,951 DEBUG [org.jboss.web.tomcat.security.HttpServletRequestResponseValve]::authenticate(114) - Realm returned: GenericPrincipal[domain\user(authenticated,)]
| 2006-11-29 09:16:26,981 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm]::hasResourcePermission(215) - Checking roles domain\user
| 2006-11-29 09:16:26,991 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm]::hasResourcePermission(248) - No role found: authenticated
| 2006-11-29 09:16:27,011 TRACE [org.jboss.web.tomcat.security.JBossSecurityMgrRealm]::hasResourcePermission(259) - Checking for all roles mode: authenticated
|
hm...
concerning:
anonymous wrote :
| The applicaiton is open for all the authenticated domain users.
did you see what I wrote in the wiki? (checking the domain..)
if you don´t do that, people might be able to login with domain null..
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3989638#3989638
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3989638
More information about the jboss-user
mailing list