BadCredentialsException: Kerberos validation not succesfull

Question

I would like to perform authentification with SPNEGO. I use:

• spring-core-3.1.0.RELEASE.jar
• spring-security-core-3.1.0.RELEASE.jar
• spring-sec

Answer 1

At least Java 7 is not (or, my version is not) able to handle the "file:" prefix: See this link. I had to make the same modification to Spring sources as you did. Thanks, this was helpful. Wasted half a week on trying different configurations.

Answer 2

I found the problem. Spring-security-kerbos requires path to keytab file as "Resource String" (details: http://static.springsource.org/spring/docs/3.0.x/reference/resources.html). When I set path as "file:/home/xxxxx/conf/krb5/krb5.keytab" then application runs but I think that it can't open the file later and Kerberos cant load any key. Unfortunately Log from Kerberos is not so clear.

When I set path as "/home/xxxxx/conf/krb5/krb5.keytab" I got the following exception

Caused by: java.io.FileNotFoundException: ServletContext resource [/home/xxxxx/conf/krb5/krb5.keytab] cannot be resolved to URL because it does not exist

Solution for this issue can be the fix in the file SunJaasKerberosTicketValidator.java:

private String keyTabLocation;

LoginConfig loginConfig = new LoginConfig(keyTabLocation, servicePrincipal, debug);

instead of:

private Resource keyTabLocation;

LoginConfig loginConfig = new LoginConfig(keyTabLocation.getURL().toExternalForm(), servicePrincipal, debug);

With this fix everything works. We can set path to file in format "/home/xxxxx/conf/krb5/krb5.keytab"

If someone knows more details about it, please write it here.