gss-api context java_java – 带有SrcName的GSSContext

我正在使用基于Windows域登录的SSO进行Web应用程序,为此我选择验证Kerberos票证.但是现在我遇到了一个我无法找到解决方案的问题.我设法验证没有异常的票证,但是当我试图获取userName时,抛出NullPointerException,因为用户名为null,我不知道问题出在哪里.

如果在验证期间没有出现任何异常,为什么用户名为null？

我如何获得userName：

String clientName = gssContext.getSrcName().toString();

我基于此创建了我的客户端：

更新1：

final Oid spnegoOid = new Oid("1.3.6.1.5.5.2");

GSSManager gssmgr = GSSManager.getInstance();

// tell the GSSManager the Kerberos name of the service

GSSName serviceName = gssmgr.createName(this.servicePrincipal, GSSName.NT_USER_NAME);

// get the service's credentials. note that this run() method was called by Subject.doAs(),

// so the service's credentials (Service Principal Name and password) are already

// available in the Subject

GSSCredential serviceCredentials = gssmgr.createCredential(serviceName,

GSSCredential.INDEFINITE_LIFETIME, spnegoOid, GSSCredential.ACCEPT_ONLY);

// create a security context for decrypting the service ticket

GSSContext gssContext = gssmgr.createContext(serviceCredentials);

// decrypt the service ticket

System.out.println("Entering accpetSecContext...");

System.out.println( new String (Base64.encodeBase64( gssContext.acceptSecContext(this.kerberosTicket, 0,

this.kerberosTicket.length) ) ));

// get the client name from the decrypted service ticket

// note that Active Directory created the service ticket, so we can trust it

String clientName = gssContext.getSrcName().toString();

更新2：

java.lang.NullPointerException at

org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator$KerberosValidateAction.run(SunJaasKerberosTicketValidator.java:136)

at

org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator$KerberosValidateAction.run(SunJaasKerberosTicketValidator.java:125)

at java.security.AccessController.doPrivileged(Native Method) at

javax.security.auth.Subject.doAs(Subject.java:422)

private static class KerberosValidateAction implements PrivilegedExceptionAction {

byte[] kerberosTicket;

public KerberosValidateAction(byte[] kerberosTicket) {

this.kerberosTicket = kerberosTicket;

}

@Override

public String run() throws Exception {

GSSContext context = GSSManager.getInstance().createContext((GSSCredential) null);

context.acceptSecContext(kerberosTicket, 0, kerberosTicket.length);

String user = context.getSrcName().toString(); // ERROR!

context.dispose();

return user;

}

}

更新3：

更新4：

首先.不要使用Java 1.8 b40和b45,它们都破坏了.并且不要在本地PC上测试它,它不起作用(我不知道为什么).

更改了最新的(b65)Java版本后,我得到了关于encription的异常(无法找到适当类型的密钥来解密AP REP – AES256 ……).我已经通过Java Cryptography Extension(JCE)修复了Java 1.8,并在我得到异常之后用/ crypto AES256-SHA1重新创建了keytab：

GSSException: Failure unspecified at GSS-API level (Mechanism level:

Checksum failed) at

sun.security.jgss.krb5.Krb5Context.acceptSecContext(Unknown Source) at

sun.security.jgss.GSSContextImpl.acceptSecContext(Unknown Source) at

sun.security.jgss.GSSContextImpl.acceptSecContext(Unknown Source) at

GssServer$GssServerAction.run(GssServer.java:159)

… 4 more

Caused by: KrbException: Checksum failed at

sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(Unknown

Source) at

sun.security.krb5.internal.crypto.ArcFourHmacEType.decrypt(Unknown

Source) at sun.security.krb5.EncryptedData.decrypt(Unknown Source) at

sun.security.krb5.KrbApReq.authenticate(Unknown Source) at

sun.security.krb5.KrbApReq.(Unknown Source) at

sun.security.jgss.krb5.InitSecContextToken.(Unknown Source)

… 8 more

Caused by: java.security.GeneralSecurityException: Checksum

failed at

sun.security.krb5.internal.crypto.dk.ArcFourCrypto.decrypt(Unknown

Source) at

sun.security.krb5.internal.crypto.ArcFourHmac.decrypt(Unknown Source)

… 14 more

我尝试了this tutorial和其他方式来创建keytabfile,但我仍然没有解决方案.