stackoom
  简体   繁体   中英

Making HTTP call with Kerberos keytab in Java

 原文  2019-11-25 06:33:59       java/ http/ authentication/ kerberos/ spnego

Question

I'm trying to make a GET request to a HTTP endpoint that's protected by Kerberos authentication. I'm able to successfully initialize a LoginContext using my keytab and I can see the KerberosTicket that is being generated and successfully assigned to my Subject , but for some reason my HTTP requests are still coming back with a 401 error. My suspicion is that the ticket itself isn't being attached to the HTTP request, but I'm not sure how to enable this properly.

For reference, here is the code I'm running. I'm using the Krb5LoginModule:

        String keyTab = "~/kerberos.keytab";
        String principal = "myself@WEBSITE.COM";
        Subject subject = null;
        try {
            LoginContext context = new LoginContext("", new Subject(), null,
                    new Configuration() {
                        @Override
                        public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
                            Map<String, String> options = new HashMap<String, String>();
                            options.put("useKeyTab", "true");
                            options.put("storeKey", "true");
                            options.put("doNotPrompt", "false");
                            options.put("useTicketCache", "true");
                            options.put("isInitiator", "true");
                            options.put("debug", "true");
                            options.put("keyTab", keyTab);
                            options.put("principal", principal);

                            return new AppConfigurationEntry[]{
                                    new AppConfigurationEntry("com.sun.security.auth.module.Krb5LoginModule",
                                            AppConfigurationEntry.LoginModuleControlFlag.REQUIRED,
                                            options)};
                        }
                    });
            context.login(); // Completes successfully. No LoginException thrown.
            subject = context.getSubject();
        }
        catch (LoginException e)
        {
            e.printStackTrace();
            return null;
        }

        String conn = Subject.doAs(subject, new PrivilegedExceptionAction<String>() {

            @Override
            public String run() {
                    URL url = new URL("http://kerberosexample.com");
                    con = (HttpURLConnection) url.openConnection();
                    con.setRequestMethod("GET");

                    if (con != null) {
                        int status = con.getResponseCode(); // Returns as 401 Unauthenticated.

                        // If status is 200, process response body and return as a String.
                    }
            }
        });

Any advice is greatly appreciated.

1 answers

solution1
 0  2020-11-25 08:46:52

Pointing a correct krb5.conf. should do the work. something like System.setProperty("java.security.krb5.conf", "krb5.conf");

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Issues with Kerberos authentication through Keytab in Java java.lang.NoClassDefFoundError: javax/security/auth/kerberos/KeyTab Accessing HDFS on Cloudera with Java and Kerberos Keytab from Windows Making HTTP POST call in Java with file Interrupt the thread which is making HTTP call in Java Kerberos user principals in Keytab and KDC with JAAS Passing keytab location programmatically is failing (Kafka / Kerberos) Hive client connection using kerberos keytab KeyTab in Java9 Making a HTTP call from a java application coupled with a spring transaction manager
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM