spring-security-kerberos icon indicating copy to clipboard operation
spring-security-kerberos copied to clipboard

Published 20 hours ago verified publisher icon spring-projects

Added optional gss config file to GlobalSunJaasKerberosConfig

Open obersterhirte opened this issue 9 years ago • 0 comments

Moving from java 7 to java 8 suddenly the GSSContext.acceptSecContext(kerberosTicket, 0, kerberosTicket.length) raised an exception due to a missing file: gss.conf. Turns out the config lookup in ConfigFile$Spi.() now uses two environment variables to find a config file: 'policy.allowSystemProperty' and 'java.security.auth.login.config' and then fails if such defined file is not present.

As a result the SunJaasKerberosTicketValidator is now affeced by other services on the classpath setting 'java.security.auth.login.config' to non existing resources, like for example the Smack SASLGSSAPIMechanism which configures a non existing 'gss.conf' as 'java.se

This patch links the 'policy.allowSystemProperty' to an optional 'java.security.auth.login.config' managed by GlobalSunJaasKerberosConfig. This way the ConfigFile$Spi.() will omit any 'java.security.auth.login.config' that is unknown toGlobalSunJaasKerberosConf Configurations with custom config files are also still possible.

Change-Id: I07a1a2a2cc95c1338b981a2737f59b0517493526

obersterhirte avatar Oct 06 '16 14:10 obersterhirte