Spring Security Kerberos/SPNEGO 扩展错误“访问被拒绝”
[英]Spring Security Kerberos/SPNEGO Extension Error "Access is denied"
问题描述
I am getting trouble with Spring Security Kerberos/SPNEGO Extension example.
我在使用 Spring Security Kerberos/SPNEGO 扩展示例时遇到了麻烦。 I am using:我在用:
- windows 2008视窗 2008
- Tomcat 7雄猫 7
- Spring Security Kerberos/SPNEGO Extension Spring Security Kerberos/SPNEGO 扩展
- 1.7 jdk1.7.0_09 1.7 jdk1.7.0_09
I was using this blog for setting example: http://blog.springsource.com/2009/09/28/spring-security-kerberos/ So I begin: In windows 2008 server I created principal using command:我使用这个博客来设置示例: http : //blog.springsource.com/2009/09/28/spring-security-kerberos/所以我开始:在 windows 2008 服务器中,我使用命令创建了主体:
C:\>ktpass -princ HTTP/XENA2.mydomain.org@MYDOMAIN.ORG -pass xena2 -mapuser MYDOMAIN\xena2 -out c:\xena2.keytab -kvno 0 -ptype KRB5_NT_PRINCIPAL -mapop set -crypto All
and got this result:并得到了这个结果:
Targeting domain controller: SERVAS.mydomain.org
Using legacy password setting method
Successfully mapped HTTP/XENA2.mydomain.org to xena2.
Key created.
Key created.
Key created.
Key created.
Key created.
Output keytab to c:\xena2.keytab:
Keytab version: 0x502
keysize 59 HTTP/XENA2.mydomain.org@MYDOMAIN.ORG ptype 1 (KRB5_NT_PRINCIPAL) vno 0 etype 0x1 (DES-CBC-CRC) keylength 8 (0xa8fbb6cde346579e)
keysize 59 HTTP/XENA2.mydomain.org@MYDOMAIN.ORG ptype 1 (KRB5_NT_PRINCIPAL) vno 0 etype 0x3 (DES-CBC-MD5) keylength 8 (0xa8fbb6cde346579e)
keysize 67 HTTP/XENA2.mydomain.org@MYDOMAIN.ORG ptype 1 (KRB5_NT_PRINCIPAL) vno 0 etype 0x17 (RC4-HMAC) keylength 16 (0x9200ac342847bbeb60bdc8a5821a5fac)
keysize 83 HTTP/XENA2.mydomain.org@MYDOMAIN.ORG ptype 1 (KRB5_NT_PRINCIPAL) vno 0 etype 0x12 (AES256-SHA1) keylength 32 (0x904dbaf53675f18254aaacdcef91cd29f5bb0a3d10919b983c76b9f00014d966)
keysize 67 HTTP/XENA2.mydomain.org@MYDOMAIN.ORG ptype 1 (KRB5_NT_PRINCIPAL) vno 0 etype 0x11 (AES128-SHA1) keylength 16 (0x56fd36768f184efeb729eb8b22c4c168)
After that I copied xena2.keytab file to computer (XENA2) and tested connection to server:之后,我将 xena2.keytab 文件复制到计算机(XENA2)并测试了与服务器的连接:
C:\>kinit HTTP/XENA2.mydomain.org@MYDOMAIN.ORG -k -t xena2.keytab
New ticket is stored in cache file C:\Users\xena2\krb5cc_xena2
Looks good for me until now.到目前为止对我来说看起来不错。
Added variables to Tomcat startup:为Tomcat启动添加变量:
-Djava.security.krb5.conf=C:\krb5.conf
-Djava.security.krb5.realm=MYDOMAIN.ORG
-Djava.security.krb5.kdc=servas.MYDOMAIN.ORG
Created file krb5.conf in C: disk:在 C: 磁盘中创建文件krb5.conf :
[libdefaults]
default_realm = MYDOMAIN.ORG
default_tkt_enctypes = aes128-cts rc4-hmac des3-cbc-sha1 des-cbc-md5 des-cbc-crc
default_tgs_enctypes = aes128-cts rc4-hmac des3-cbc-sha1 des-cbc-md5 des-cbc-crc
permitted_enctypes = aes128-cts rc4-hmac des3-cbc-sha1 des-cbc-md5 des-cbc-crc
[realms]
MYDOMAIN.ORG = {
kdc = servas.mydomain.org
default_domain = MYDOMAIN.ORG
}
[domain_realm]
.MYDOMAIN.ORG = MYDOMAIN.ORG
Updated spnego.xml file like this:像这样更新spnego.xml文件:
<property name="servicePrincipal" value="HTTP/XENA2.mydomain.org@MYDOMAIN.ORG" />
<property name="keyTabLocation" value="classpath:xena2.keytab" />
Also tried:还试过:
<property name="keyTabLocation" value="FILE:C:/xena2.keytab" />
Deployed project to tomcat ran it (in different computer than server), went to restricted place, wrote user and pass and got HTTP 500 error.将项目部署到 tomcat 运行它(在与服务器不同的计算机上),转到受限制的地方,写入用户并通过并收到 HTTP 500 错误。 Log file looks like this (a bit cleaned):日志文件看起来像这样(有点清理):
2012-10-26 15:48:25 Commons Daemon procrun stdout initialized
Root WebApplicationContext: initialization started
Refreshing Root WebApplicationContext: startup date [Fri Oct 26 15:48:28 EEST 2012]; root of context hierarchy
Loading XML bean definitions from ServletContext resource [/WEB-INF/spnego.xml]
Using JAXP provider [com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderFactoryImpl]
Loading schema mappings from [META-INF/spring.schemas]
Loaded schema mappings: {http://www.springframework.org/schema/util/spring-util.xsd=org/springframework/beans/factory/xml/spring-util-3.0.xsd, http://www.springframework.org/schema/task/spring-task.xsd=org/springframework/scheduling/config/spring-task-3.0.xsd, http://www.springframework.org/schema/security/spring-security-2.0.2.xsd=org/springframework/security/config/spring-security-2.0.2.xsd, http://www.springframework.org/schema/aop/spring-aop-3.0.xsd=org/springframework/aop/config/spring-aop-3.0.xsd, http://www.springframework.org/schema/aop/spring-aop-2.0.xsd=org/springframework/aop/config/spring-aop-2.0.xsd, http://www.springframework.org/schema/tool/spring-tool-2.5.xsd=org/springframework/beans/factory/xml/spring-tool-2.5.xsd, http://www.springframework.org/schema/beans/spring-beans.xsd=org/springframework/beans/factory/xml/spring-beans-3.0.xsd, http://www.springframework.org/schema/jee/spring-jee-2.5.xsd=org/springframework/ejb/config/spring-jee-2.5.xsd, http://www.springframework.org/schema/aop/spring-aop.xsd=org/springframework/aop/config/spring-aop-3.0.xsd, http://www.springframework.org/schema/beans/spring-beans-2.0.xsd=org/springframework/beans/factory/xml/spring-beans-2.0.xsd, http://www.springframework.org/schema/beans/spring-beans-3.0.xsd=org/springframework/beans/factory/xml/spring-beans-3.0.xsd, http://www.springframework.org/schema/security/spring-security-2.0.1.xsd=org/springframework/security/config/spring-security-2.0.1.xsd, http://www.springframework.org/schema/task/spring-task-3.0.xsd=org/springframework/scheduling/config/spring-task-3.0.xsd, http://www.springframework.org/schema/security/spring-security-2.0.xsd=org/springframework/security/config/spring-security-2.0.xsd, http://www.springframework.org/schema/security/spring-security-3.0.xsd=org/springframework/security/config/spring-security-3.0.xsd, http://www.springframework.org/schema/tx/spring-tx-2.5.xsd=org/springframework/transaction/config/spring-tx-2.5.xsd, http://www.springframework.org/schema/context/spring-context-2.5.xsd=org/springframework/context/config/spring-context-2.5.xsd, http://www.springframework.org/schema/tool/spring-tool-3.0.xsd=org/springframework/beans/factory/xml/spring-tool-3.0.xsd, http://www.springframework.org/schema/tx/spring-tx.xsd=org/springframework/transaction/config/spring-tx-3.0.xsd, http://www.springframework.org/schema/tool/spring-tool-2.0.xsd=org/springframework/beans/factory/xml/spring-tool-2.0.xsd, http://www.springframework.org/schema/util/spring-util-2.5.xsd=org/springframework/beans/factory/xml/spring-util-2.5.xsd, http://www.springframework.org/schema/lang/spring-lang.xsd=org/springframework/scripting/config/spring-lang-3.0.xsd, http://www.springframework.org/schema/lang/spring-lang-2.5.xsd=org/springframework/scripting/config/spring-lang-2.5.xsd, http://www.springframework.org/schema/security/spring-security-2.0.4.xsd=org/springframework/security/config/spring-security-2.0.4.xsd, http://www.springframework.org/schema/jee/spring-jee-3.0.xsd=org/springframework/ejb/config/spring-jee-3.0.xsd, http://www.springframework.org/schema/jee/spring-jee-2.0.xsd=org/springframework/ejb/config/spring-jee-2.0.xsd, http://www.springframework.org/schema/security/spring-security.xsd=org/springframework/security/config/spring-security-3.0.xsd, http://www.springframework.org/schema/context/spring-context.xsd=org/springframework/context/config/spring-context-3.0.xsd, http://www.springframework.org/schema/jee/spring-jee.xsd=org/springframework/ejb/config/spring-jee-3.0.xsd, http://www.springframework.org/schema/aop/spring-aop-2.5.xsd=org/springframework/aop/config/spring-aop-2.5.xsd, http://www.springframework.org/schema/tx/spring-tx-2.0.xsd=org/springframework/transaction/config/spring-tx-2.0.xsd, http://www.springframework.org/schema/tx/spring-tx-3.0.xsd=org/springframework/transaction/config/spring-tx-3.0.xsd, http://www.springframework.org/schema/context/spring-context-3.0.xsd=org/springframework/context/config/spring-context-3.0.xsd, http://www.springframework.org/schema/tool/spring-tool.xsd=org/springframework/beans/factory/xml/spring-tool-3.0.xsd, http://www.springframework.org/schema/util/spring-util-3.0.xsd=org/springframework/beans/factory/xml/spring-util-3.0.xsd, http://www.springframework.org/schema/lang/spring-lang-3.0.xsd=org/springframework/scripting/config/spring-lang-3.0.xsd, http://www.springframework.org/schema/util/spring-util-2.0.xsd=org/springframework/beans/factory/xml/spring-util-2.0.xsd, http://www.springframework.org/schema/lang/spring-lang-2.0.xsd=org/springframework/scripting/config/spring-lang-2.0.xsd, http://www.springframework.org/schema/beans/spring-beans-2.5.xsd=org/springframework/beans/factory/xml/spring-beans-2.5.xsd}
Found XML schema [http://www.springframework.org/schema/beans/spring-beans-2.0.xsd] in classpath: org/springframework/beans/factory/xml/spring-beans-2.0.xsd
Found XML schema [http://www.springframework.org/schema/security/spring-security-3.0.xsd] in classpath: org/springframework/security/config/spring-security-3.0.xsd
Loading bean definitions
Loaded NamespaceHandler mappings: {http://www.springframework.org/schema/p=org.springframework.beans.factory.xml.SimplePropertyNamespaceHandler, http://www.springframework.org/schema/util=org.springframework.beans.factory.xml.UtilNamespaceHandler, http://www.springframework.org/schema/jee=org.springframework.ejb.config.JeeNamespaceHandler, http://www.springframework.org/schema/aop=org.springframework.aop.config.AopNamespaceHandler, http://www.springframework.org/schema/security=org.springframework.security.config.SecurityNamespaceHandler, http://www.springframework.org/schema/tx=org.springframework.transaction.config.TxNamespaceHandler, http://www.springframework.org/schema/task=org.springframework.scheduling.config.TaskNamespaceHandler, http://www.springframework.org/schema/lang=org.springframework.scripting.config.LangNamespaceHandler, http://www.springframework.org/schema/context=org.springframework.context.config.ContextNamespaceHandler}
Checking sorted filter chain: [Root bean: class [org.springframework.security.web.context.SecurityContextPersistenceFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 300, <spnegoAuthenticationProcessingFilter>, order = 1200, Root bean: class [org.springframework.security.web.savedrequest.RequestCacheAwareFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 1300, Root bean: class [org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 1400, Root bean: class [org.springframework.security.web.authentication.AnonymousAuthenticationFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 1600, Root bean: class [org.springframework.security.web.session.SessionManagementFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 1700, Root bean: class [org.springframework.security.web.access.ExceptionTranslationFilter]; scope=; abstract=false; lazyInit=false; autowireMode=0; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=null; factoryMethodName=null; initMethodName=null; destroyMethodName=null, order = 1800, <org.springframework.security.web.access.intercept.FilterSecurityInterceptor#0>, order = 1900]
Neither XML 'id' nor 'name' specified - using generated bean name [org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator#1a40cf5]
Neither XML 'id' nor 'name' specified - using generated bean name [org.springframework.security.extensions.kerberos.GlobalSunJaasKerberosConfig#0]
Loaded 18 bean definitions from location pattern [/WEB-INF/spnego.xml]
...
Eagerly caching bean 'kerberosServiceAuthenticationProvider' to allow for resolving potential circular references
Creating instance of bean 'org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator#1a40cf5'
Invoking afterPropertiesSet() on bean with name 'org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator#1a40cf5'
Your keytab is in the classpath. This file needs special protection and shouldn't be in the classpath. JAAS may also not be able to load this file from classpath.
Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt true ticketCache is null isInitiator false KeyTab is file:/C:/Program%20Files/Apache%20Software%20Foundation/Tomcat%207.0/webapps/spring-security-kerberos-sample-1.0.0.M2/WEB-INF/classes/xena2.keytab refreshKrb5Config is false principal is HTTP/XENA2.mydomain.org@MYDOMAIN.ORG tryFirstPass is false useFirstPass is false storePass is false clearPass is false
principal is HTTP/XENA2.mydomain.org@MYDOMAIN.ORG
Will use keytab
Ordering keys wrt default_tkt_enctypes list
Config name: classpath:krb5.conf
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 17 16 23 1 3.
Commit Succeeded
Finished creating instance of bean 'org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator#1a40cf5'
Creating shared instance of singleton bean 'dummyUserDetailsService'
Creating instance of bean 'dummyUserDetailsService'
Eagerly caching bean 'dummyUserDetailsService' to allow for resolving potential circular references
Finished creating instance of bean 'dummyUserDetailsService'
...
HttpSession returned null object for SPRING_SECURITY_CONTEXT
No SecurityContext was available from the HttpSession: org.apache.catalina.session.StandardSessionFacade@12ef3bb. A new one will be created.
/secure/index.jsp at position 2 of 8 in additional filter chain; firing Filter: 'org.springframework.security.extensions.kerberos.web.SpnegoAuthenticationProcessingFilter@2b7684'
/secure/index.jsp at position 3 of 8 in additional filter chain; firing Filter: 'org.springframework.security.web.savedrequest.RequestCacheAwareFilter@171ff47'
/secure/index.jsp at position 4 of 8 in additional filter chain; firing Filter: 'org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter@12ec880'
/secure/index.jsp at position 5 of 8 in additional filter chain; firing Filter: 'org.springframework.security.web.authentication.AnonymousAuthenticationFilter@2a3db5'
Populated SecurityContextHolder with anonymous token: 'org.springframework.security.authentication.AnonymousAuthenticationToken@6faeba70: Principal: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffbcba8: RemoteIpAddress: 192.168.189.1; SessionId: 3FBB484FF373A965218474C88211DFA7; Granted Authorities: ROLE_ANONYMOUS'
/secure/index.jsp at position 6 of 8 in additional filter chain; firing Filter: 'org.springframework.security.web.session.SessionManagementFilter@139406a'
/secure/index.jsp at position 7 of 8 in additional filter chain; firing Filter: 'org.springframework.security.web.access.ExceptionTranslationFilter@1b42103'
/secure/index.jsp at position 8 of 8 in additional filter chain; firing Filter: 'org.springframework.security.web.access.intercept.FilterSecurityInterceptor@e38854'
Converted URL to lowercase, from: '/secure/index.jsp'; to: '/secure/index.jsp'
Candidate is: '/secure/index.jsp'; pattern is /secure/**; matched=true
Secure object: FilterInvocation: URL: /secure/index.jsp; Attributes: [IS_AUTHENTICATED_FULLY]
Previously Authenticated: org.springframework.security.authentication.AnonymousAuthenticationToken@6faeba70: Principal: anonymousUser; Password: [PROTECTED]; Authenticated: true; Details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffbcba8: RemoteIpAddress: 192.168.189.1; SessionId: 3FBB484FF373A965218474C88211DFA7; Granted Authorities: ROLE_ANONYMOUS
Voter: org.springframework.security.access.vote.RoleVoter@183b617, returned: 0
Voter: org.springframework.security.access.vote.AuthenticatedVoter@27cff7, returned: -1
Access is denied (user is anonymous); redirecting to authentication entry point
org.springframework.security.access.AccessDeniedException: Access is denied
at org.springframework.security.access.vote.AffirmativeBased.decide(AffirmativeBased.java:71)
at org.springframework.security.access.intercept.AbstractSecurityInterceptor.beforeInvocation(AbstractSecurityInterceptor.java:203)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:106)
at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:97)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:100)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:78)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:35)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
at org.springframework.security.extensions.kerberos.web.SpnegoAuthenticationProcessingFilter.doFilter(SpnegoAuthenticationProcessingFilter.java:152)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:79)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:355)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:149)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:237)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:167)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:929)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1002)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:585)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
at java.lang.Thread.run(Thread.java:722)
So question is Why I am getting this error: org.springframework.security.access.AccessDeniedException: Access is denied所以问题是为什么我会收到这个错误: org.springframework.security.access.AccessDeniedException: Access is denied
Could it be that keytab file wasn't used successfully?会不会是keytab文件没有成功使用? If yes so Why?如果是,为什么? Also I think this error produced another error: Caused by: GSSException: Defective token detected (Mechanism level: GSSHeader did not find the right tag)另外我认为这个错误产生了另一个错误:引起:GSSException:检测到有缺陷的令牌(机制级别:GSSHeader没有找到正确的标签)
I hope this is enough information and someone will help me.我希望这是足够的信息,有人会帮助我。
Thanks in advance.提前致谢。
1 个解决方案
解决方案1
0 2012-11-23 21:03:16
Besides that this extension is crap, your client sends you a NTLM token instead of a Kerberos one.除了这个扩展是废话之外,您的客户端会向您发送 NTLM 令牌而不是 Kerberos 令牌。 This behavior is absolutely correct because the client can negotiate (which it does here as fallback).这种行为是绝对正确的,因为客户端可以协商(它在这里作为后备)。 Check your entire Kerberos, DNS, AD setup.检查您的整个 Kerberos、DNS、AD 设置。 Use Wireshark!使用 Wireshark!
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
Spring Security Kerberos,Kerberos + AD-错误:访问被拒绝,没有密钥可存储 - Spring Security Kerberos, Kerberos + AD - Error: Access Denied, No key to store
Spring Security,Kerberos扩展和AD - Spring Security, Kerberos extension and AD
如何使用Spring Rest模板访问经过kerberos SPNEGO认证的资源 - How to access kerberos SPNEGO authenticated resource using spring rest template
尝试重定向“访问被拒绝”时出现Spring Security错误 - Spring Security error on try redirect “Access is Denied”
Spring Security OAuth-访问被拒绝 - Spring Security OAuth - Access is denied
为什么我收到 Spring Security 和 Keycloak 的“访问被拒绝”错误? - Why I get a "Access is denied" error by Spring Security and Keycloak?
Spring Security hasRole()提供错误403-访问被拒绝 - Spring security hasRole() giving Error 403 - Access is denied
错误403-使用Spring Security拒绝访问-ManyToMany注释问题? - Error 403 - Access denied using Spring security - ManyToMany annotation issue?
Spring Security / SPNEGO身份验证问题:校验和失败 - Spring Security/SPNEGO authentication issue: Checksum failed
Spnego / Kerberos支持与粗麻布 - Spnego / Kerberos support with hessian
相关标签