当前位置: 首页 > 知识库问答 >
问题:

jaas配置内容读取为默认值[Kerberos]

贲文景
2023-03-14

我正试图通过spring boot应用程序中的键表连接到Kerberized oracle服务器。我有键盘和krb5。resources下的conf和application下的jaas conf字符串。yml-like:

kerberos:
  jaasContent: "Client { \n  com.sun.security.auth.module.Krb5LoginModule required\n  useTicketCache=false\n  useKeyTab=true\n  keyTab=\"%s\"\n  doNotPrompt=true\n  principal=\"%s\";\n};"

使用keytab和principal替换的最终结果如下所示:

Client { 
  com.sun.security.auth.module.Krb5LoginModule required
  useTicketCache=false
  useKeyTab=true
  keyTab="C:\Users\xxxxx\AppData\Local\Temp\krb5.keytab"
  doNotPrompt=true
  principal="XXXXXX@DOMAIN.AD.COMPANY.COM";
};

我已经验证了我可以通过在日志中打印文件内容从资源中读取keytab内容(尽管它是编码的)。

我将此jaas设置为:

System.setProperty("java.security.auth.login.config", jaasConf.toString());

当我运行应用程序时,出现以下错误:

Running sql : SELECT to_char(systimestamp, 'dd-mon-yyyy hh.mi.ss.ff4 AM') FROM DUAL
>>>KinitOptions cache name is C:\Users\n714804\krb5cc_N714804
>> Acquire default native Credentials
Java config name: C:\Users\xxxx\AppData\Local\Temp\krb5.conf
Loaded from Java config
default etypes for default_tkt_enctypes: 18 17.
>>> Found no TGT's in LSA
Failed to read from oracle: Failed to obtain JDBC Connection; nested exception is java.sql.SQLRecoverableException: IO Error: The service in process is not supported. Unable to obtain password from user

org.springframework.jdbc.CannotGetJdbcConnectionException: Failed to obtain JDBC Connection; nested exception is java.sql.SQLRecoverableException: IO Error: The service in process is not supported. Unable to obtain password from user

    at org.springframework.jdbc.datasource.DataSourceUtils.getConnection(DataSourceUtils.java:82)
    at org.springframework.jdbc.core.JdbcTemplate.execute(JdbcTemplate.java:371)
    at org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:452)
    at org.springframework.jdbc.core.JdbcTemplate.query(JdbcTemplate.java:462)
    at org.springframework.jdbc.core.JdbcTemplate.queryForObject(JdbcTemplate.java:473)
    at org.springframework.jdbc.core.JdbcTemplate.queryForObject(JdbcTemplate.java:480)
    at com.jpmorgan.ct.GetOracleTime.getOracleTime(GetOracleTime.java:48)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:190)
    at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:138)
    at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:105)
    at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:879)
    at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:793)
    at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87)
    at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1040)
    at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:943)
    at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006)
    at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:898)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:634)
    at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at com.jpmorgan.moneta.boot.logging.RequestLoggingFilter.doFilter(RequestLoggingFilter.java:141)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at com.jpmorgan.moneta.boot.logging.PerfLoggingFilter.doFilter(PerfLoggingFilter.java:50)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at com.jpmorgan.moneta.boot.logging.MDCFilter.doFilter(MDCFilter.java:31)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:109)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at com.jpmorgan.moneta.boot.web.ExcludeFontVaryHeadersFilter.doFilterInternal(ExcludeFontVaryHeadersFilter.java:58)
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119)
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193)
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166)
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202)
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343)
    at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:373)
    at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65)
    at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:868)
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1594)
    at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
    at java.lang.Thread.run(Thread.java:748)
Caused by: java.sql.SQLRecoverableException: IO Error: The service in process is not supported. Unable to obtain password from user

    at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:774)
    at oracle.jdbc.driver.PhysicalConnection.connect(PhysicalConnection.java:688)
    at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:39)
    at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:691)
    at java.sql.DriverManager.getConnection(DriverManager.java:664)
    at java.sql.DriverManager.getConnection(DriverManager.java:208)
    at org.springframework.jdbc.datasource.DriverManagerDataSource.getConnectionFromDriverManager(DriverManagerDataSource.java:155)
    at org.springframework.jdbc.datasource.DriverManagerDataSource.getConnectionFromDriver(DriverManagerDataSource.java:146)
    at org.springframework.jdbc.datasource.AbstractDriverBasedDataSource.getConnectionFromDriver(AbstractDriverBasedDataSource.java:205)
    at org.springframework.jdbc.datasource.AbstractDriverBasedDataSource.getConnection(AbstractDriverBasedDataSource.java:169)
    at org.springframework.jdbc.datasource.DataSourceUtils.fetchConnection(DataSourceUtils.java:158)
    at org.springframework.jdbc.datasource.DataSourceUtils.doGetConnection(DataSourceUtils.java:116)
    at org.springframework.jdbc.datasource.DataSourceUtils.getConnection(DataSourceUtils.java:79)
    ... 73 more
Caused by: oracle.net.ns.NetException: The service in process is not supported. Unable to obtain password from user

    at oracle.net.ano.AuthenticationService.g(Unknown Source)
    at oracle.net.ano.AuthenticationService.e(Unknown Source)
    at oracle.net.ano.Ano.negotiation(Unknown Source)
    at oracle.net.ns.NSProtocol.connect(NSProtocol.java:345)
    at oracle.jdbc.driver.T4CConnection.connect(T4CConnection.java:1438)
    at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:518)
    ... 85 more
Caused by: javax.security.auth.login.LoginException: Unable to obtain password from user

    at com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5LoginModule.java:897)
    at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:760)
    at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:617)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:498)
    at javax.security.auth.login.LoginContext.invoke(LoginContext.java:755)
    at javax.security.auth.login.LoginContext.access$000(LoginContext.java:195)
    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:682)
    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:680)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
    at javax.security.auth.login.LoginContext.login(LoginContext.java:587)

但是当我做一个手动kinit并在我的C:\用户\xxxxx\中获得凭据缓存时krb5cc_xxxxx应用程序工作得很好。

据我所知,jaas中需要Krb5LoginModule。conf将读取keytab和其他属性,以使用提供的keytab生成cache/TGT,而我不必执行kinit?

我根据这一理解进行了进一步调试,发现jaas并没有生效,并且使用一些默认设置调用了Krb5LoginModule。

Unable to obtain password from user at com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5LoginModule.java:897)

krb5LoginModule.java:897导致我ktab==null和useKeytab=false,这与我在jaas.conf中设置的内容相矛盾

如果有人能帮助我了解我的jaas是否有问题,我将不胜感激。或者在我采取的方法中。

共有1个答案

宋耀
2023-03-14

您是否查阅了JDBC开发人员指南以供参考?

 类似资料:
  • 我用iText java创建了一个pdf表单,其中包含一个无线电组(PDFFormField.CreateRadioButton)并选中了一个默认按钮(选中)。我打开pdf(新的pdf阅读器)并检查字段。radiobutton字段值为空。我用acrobat打开pdf,点击已经选中的radiobutton并保存pdf。当我重新打开pdf检查字段值时,radiobutton值现在出现了。当我创建原始P

  • 与Jquery Mobile自动初始化共同协作 Working with Jquery Mobile's Auto-initialization 不像其他的Jq项目,比如jq和jq ui,Jquery Mobile会在加载到增强特性时马上应用它(远早于document.ready事件发生时)。这些特性会基于Jquery Mobile的默认配置应用,是针对默认的情形设计的,他可能符合你的需求,也可能

  • 问题内容: 我已经打了,并几次,现在我想恢复到默认值(一种恢复出厂设置的)。 是否提供执行此操作的命令?还是应该手动删除所有配置文件然后重新安装? 我需要它都在和。 提前致谢! 问题答案: 重置用户默认设置 在命令行中运行此命令(或在Windows上运行git bash): 重置全局默认值 如果您需要sudo,请改为运行以下命令:

  • 我在spring-boot项目中有一个properties类。 现在,我想将的application.properties文件中的其他属性设置默认值。与下面的示例使用@value所做的类似

  • 问题内容: 例如,如果component是一个复选框,则必须将其设置为false,或者是textfield,则必须清除文本。我正在尝试编写一种方法来重置中的所有组件。它必须像HTML表单中的reset函数一样工作。 如何将a重设为默认值? 问题答案: 一种可能的解决方法是创建自定义重置功能。重新初始化面板(您的表单)。 例如 创建一个自定义类来存储表单字段及其侦听器。 重新初始化面板组件将导致按@

  • 22.2.2 默认DispatcherServlet配置 如上一节中所述,对每种特殊的bean,DispatcherServlet都会维护一个默认可用的实现的列表。此信息保存在包org.springframework.web.servlet中的文件DispatcherServlet.properties中。 所有的特殊bean都有一些合理的默认值,虽然迟早您将需要对这些bean提供的一个或多个属性