spring-security-kerberos

spring-security-kerberos copied to clipboard

environment 1.webserver:centos jdk 17 ,spring-security-kerberos:latest ,branch is main 2.ad server: server 2012R2 3.client : window10 anybody can you me? thanks error log ::::::: 2024-04-29T14:21:21.908+08:00 INFO 1892 --- [ main] o.s.s.k.c.l.KerberosLdapContextSource...

YangChaorix

After switching to Spring-Boot 3, the Kerberos connection no longer worked. After lengthy analysis and debugging, it turned out that the problem was not the Kerberos API (with its encryption...

mau-gog

# Upgrade Enterprise Gradle Plugin ## Bumps - [com.gradle.enterprise](https://plugins.gradle.org/plugin/com.gradle.enterprise) from 3.10.3 to 3.16.2 - [io.spring.ge.conventions](https://github.com/spring-io/gradle-enterprise-conventions) from 0.0.13 to 0.0.15 ## Compatibility Based on commits in spring-framework repo, internally spring team...

theqeeqez

SpnegoAuthenticationProcessingFilter does not save the SecurityContext in the Session

2

Hi, Kerberos Authentication is done on each request because SpnegoAuthenticationProcessingFilter does not save the SecurityContext in the Session. Since Spring Security 6, we must explicitly save the SecurityContext after modification...

JosephThibaultSIB

It would be nice to have the [spring-security-kerberos-samples](https://github.com/spring-projects/spring-security-kerberos/tree/main/spring-security-kerberos-samples) working with spring-security version 6.x. Some adaptations are required. E.g. in `WebSecurityConfig.filterChain()` the following changes worked for me in the [sec-server-spnego-form-auth](https://github.com/spring-projects/spring-security-kerberos/tree/main/spring-security-kerberos-samples/sec-server-spnego-form-auth) sample:...

StephMirabel

This pull request adds a badge to the project's README to indicate that it uses the Develocity instance hosted at https://ge.spring.io/. Other Spring projects, such as [Spring Boot](https://github.com/spring-projects/spring-boot?tab=readme-ov-file#spring-boot---) and [Spring...

erichaagdev

NotSerializableException on JaasSubjectHolder

4

**Summary** With version `2.0.0` a serialization exception is introduced. **Explanation** The `org.springframework.security.kerberos.authentication.KerberosServiceRequestToken` extends the `AbstractAuthenticationToken `which implements `Authentication `(extends `Serializable`). The `KerberosServiceRequestToken `holds an `org.springframework.security.kerberos.authentication.JaasSubjectHolder` which is not `Serializable` (and...

ogoedhart

Fixes spring-projects/spring-security-kerberos#178

rstribrn

Hi The documentation[1] indicates to configure policies that are not present in https://chromeenterprise.google/policies/. I think that `AuthServerWhitelist` and `AuthNegotiateDelegateWhitelist` were replaced with `AuthServerAllowlist` and `AuthNegotiateDelegateAllowlist` respectively. I couldn't find if...

ignaciovacca

What is the difference between actualToken and token in the getTokenValue method, and why does the value I pass in keep returning null

1

spring security version: 6.1.2 spring boot version :3.1.2 XorCsrfTokenRequestAttributeHandler class method getTokenValue ` public String resolveCsrfTokenValue(HttpServletRequest request, CsrfToken csrfToken) { String actualToken = super.resolveCsrfTokenValue(request, csrfToken); return getTokenValue(actualToken, csrfToken.getToken()); } private...

mhiStrat