spring-security-kerberos icon indicating copy to clipboard operation
spring-security-kerberos copied to clipboard
verified publisher icon spring-projects

spring-security-kerberos doesn't support https

Open zjffdu opened this issue 8 years ago • 2 comments

This is my sample code for using spring-security-kerberos under https. But I got 401 ERROR. I have verified the scenario of using kerberos + http and non-kerberos + https. Both of them works, but when I use it under kerberos + https, it would fail. Could anyone help on this ? Thanks

        SSLConnectionSocketFactory csf = new SSLConnectionSocketFactory(sslContext);
        httpClient = HttpClients.custom().setSSLSocketFactory(csf).build();
        return new KerberosRestTemplate(keytabLocation, principal, httpClient);

<head>
<meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1"/>
<title>Error 401 </title>
</head>
<body>
<h2>HTTP ERROR: 401</h2>
<p>Problem accessing /sessions. Reason:
<pre>    Authentication required</pre></p>
<hr /><i><small>Powered by Jetty://</small></i>
</body>
</html>

zjffdu avatar May 25 '17 03:05 zjffdu

KerberosRestTemplate creates its own HttpClient which has Kerberos support. If you pass your httpClient when you create an instance, it's replaced and the negotiation logic will be gone. The solution is referring to buildHttpClient() method in KerberosRestTemplate and adjust it when you create your HttpClient.

nunojun avatar Aug 23 '18 22:08 nunojun

@nunojun Thanks for your response. I will give some time to see if there is any additional problems and if not, close this.

rwinch avatar Aug 24 '18 14:08 rwinch