You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cxf.apache.org by Henk-Jan <h....@cordares.nl> on 2012/04/17 15:32:53 UTC
Kerberos and credential propagation
First, I want to apologize for my lack of experience with java (including
spring, spring-security, cxf, etc). I might also be asking this question in
the wrong place, but I'm happy with all the help I can get. I posted this
same question at the spring forum, if they come up with a solution I'll
follow up with the conclusion.
I want to create the following situation: A user accesses a website hosted
by IIS. From IIS, a WCF service is called, which will call a web service
developed using CXF. This service will forward the request to a WebSphere
Enterprise Service Bus, which will forward the message to a WebSphere
Process Server.
IIS (Windows) -> WCF web service (.NET) -> CXF web service (Java) -> WESB ->
WPS
The WebSphere Process Server should be able to identify the user using a
Kerberos token. Therefore, the Kerberos token should be propagated
throughout the whole chain.
As I have no control over the ESB, I started out with the following
scenario:
[1] IIS -> [2] WCF webservice -> [3] CXF webservice -> [4] CXF webservice
The user credentials are propagated from [1] -> [2] -> [3]. However, I’m
unable to call [4], the exception is “Access is denied (user is anonymous)”.
In the CXF service [3], I have a KerberosServiceRequestToken, which contains
a valid token (e.g. getToken() returns a binary array). However, I have no
clue how to invoke the next service using this information (should I create
a new LoginContext somehow?).
Another poblem is the way the Kerberos token is exchanged. Currently, the
token is transmitted over the transport layer (e.g. as a HTTP Header as part
of the Negotiation Challenge). WPS expects the Kerberos token to be
contained within the SOAP-header. Using WCF, this is straigthforward to
implement. However, I haven’t been able to configure CXF to correctly
process the soap header. Does anybody know if this is even possible?
Thanks in advance,
Henk-Jan.
--
View this message in context: http://cxf.547215.n5.nabble.com/Kerberos-and-credential-propagation-tp5646577p5646577.html
Sent from the cxf-user mailing list archive at Nabble.com.
RE: Kerberos and credential propagation
Posted by Henk-Jan <h....@cordares.nl>.
I managed to rename narvi.sfb to narvi.melkweg.tld and now all the unit tests
succeed, using java 6.
--
View this message in context: http://cxf.547215.n5.nabble.com/Kerberos-and-credential-propagation-tp5646577p5670182.html
Sent from the cxf-user mailing list archive at Nabble.com.
RE: Kerberos and credential propagation
Posted by John Baker <jo...@camelotgroup.co.uk>.
Oh sorry, I didn't read your example hard enough :)
-----Original Message-----
From: Henk-Jan [mailto:h.visscher@cordares.nl]
Sent: 26 April 2012 14:08
To: users@cxf.apache.org
Subject: RE: Kerberos and credential propagation
John
afaik, this example uses the same "environment" variables as my previous
statement:
mvn test -Djava.security.krb5.realm=MELKWEG.TLD
-Djava.security.krb5.kdc=corx01.melkweg.tld ...
Currently, I've succesfully installed and tested everything on a windows server using java 6. This server uses the same tld (e.g. pc00057.melkweg.tld instead of narvi.sfb).
So, it has either a relation with Unix versus Windows (unlikely) or with a mix of domain names. Tomorrow, I'll try to get the Linux server renamed to narvi.melkweg.tld, so I can confirm this theory.
--
View this message in context: http://cxf.547215.n5.nabble.com/Kerberos-and-credential-propagation-tp5646577p5667565.html
Sent from the cxf-user mailing list archive at Nabble.com.
******************************************************************************
The information contained in this email may be confidential. It is intended
only for the use of the named recipient. If you are not the named recipient
please delete this email and notify the sender of the delivery error. If you
have received this email and are not the named recipient, any disclosure,
reproduction, distribution or other dissemination or use of the information
contained in this email is strictly prohibited.
The transmission of email cannot be guaranteed to be secure or error free as
information could be intercepted, corrupted, lost, destroyed, arrive late or
incomplete, or contain viruses. The sender therefore does not accept
liability for any errors or omissions in the contents of this message which
arise as a result of email transmission. If verification is required please
request a hard copy version.
The Camelot group of companies includes:
Camelot UK Lotteries Limited (reg. no 2822203), Camelot Business Solutions
Limited (reg. no 07553982), Camelot Strategic Solutions Limited (reg. no
07553980), Camelot Global Services Limited (reg. no 02822300) and Camelot
Commercial Services Limited (reg. no 06911097), all of which are registered
in England and Wales and have their registered office at:
Tolpits Lane
Watford
WD18 9RN
Tel : 01923 425000
******************************************************************************
RE: Kerberos and credential propagation
Posted by Henk-Jan <h....@cordares.nl>.
John
afaik, this example uses the same "environment" variables as my previous
statement:
mvn test -Djava.security.krb5.realm=MELKWEG.TLD
-Djava.security.krb5.kdc=corx01.melkweg.tld ...
Currently, I've succesfully installed and tested everything on a windows
server using java 6. This server uses the same tld (e.g. pc00057.melkweg.tld
instead of narvi.sfb).
So, it has either a relation with Unix versus Windows (unlikely) or with a
mix of domain names. Tomorrow, I'll try to get the Linux server renamed to
narvi.melkweg.tld, so I can confirm this theory.
--
View this message in context: http://cxf.547215.n5.nabble.com/Kerberos-and-credential-propagation-tp5646577p5667565.html
Sent from the cxf-user mailing list archive at Nabble.com.
RE: Kerberos and credential propagation
Posted by John Baker <jo...@camelotgroup.co.uk>.
http://stackoverflow.com/questions/1431999/java-and-kerberos-authentication-krb5-conf-versus-system-setproperty
-----Original Message-----
From: Henk-Jan [mailto:h.visscher@cordares.nl]
Sent: 26 April 2012 12:29
To: users@cxf.apache.org
Subject: RE: Kerberos and credential propagation
I know of no other environment variable than KRB5_CONFIG. Settings this variable has no (positive) effect.
--
View this message in context: http://cxf.547215.n5.nabble.com/Kerberos-and-credential-propagation-tp5646577p5667326.html
Sent from the cxf-user mailing list archive at Nabble.com.
******************************************************************************
The information contained in this email may be confidential. It is intended
only for the use of the named recipient. If you are not the named recipient
please delete this email and notify the sender of the delivery error. If you
have received this email and are not the named recipient, any disclosure,
reproduction, distribution or other dissemination or use of the information
contained in this email is strictly prohibited.
The transmission of email cannot be guaranteed to be secure or error free as
information could be intercepted, corrupted, lost, destroyed, arrive late or
incomplete, or contain viruses. The sender therefore does not accept
liability for any errors or omissions in the contents of this message which
arise as a result of email transmission. If verification is required please
request a hard copy version.
The Camelot group of companies includes:
Camelot UK Lotteries Limited (reg. no 2822203), Camelot Business Solutions
Limited (reg. no 07553982), Camelot Strategic Solutions Limited (reg. no
07553980), Camelot Global Services Limited (reg. no 02822300) and Camelot
Commercial Services Limited (reg. no 06911097), all of which are registered
in England and Wales and have their registered office at:
Tolpits Lane
Watford
WD18 9RN
Tel : 01923 425000
******************************************************************************
Re: Kerberos and credential propagation
Posted by Colm O hEigeartaigh <co...@apache.org>.
It's probably easier to try to figure out what's going on by using a
unit test such as (first test):
http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/message/token/KerberosTest.java?view=markup
Colm.
On Thu, Apr 26, 2012 at 12:29 PM, Henk-Jan <h....@cordares.nl> wrote:
> I know of no other environment variable than KRB5_CONFIG. Settings this
> variable has no (positive) effect.
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/Kerberos-and-credential-propagation-tp5646577p5667326.html
> Sent from the cxf-user mailing list archive at Nabble.com.
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
RE: Kerberos and credential propagation
Posted by Henk-Jan <h....@cordares.nl>.
I know of no other environment variable than KRB5_CONFIG. Settings this
variable has no (positive) effect.
--
View this message in context: http://cxf.547215.n5.nabble.com/Kerberos-and-credential-propagation-tp5646577p5667326.html
Sent from the cxf-user mailing list archive at Nabble.com.
RE: Kerberos and credential propagation
Posted by John Baker <jo...@camelotgroup.co.uk>.
I meant the environment variables that allow you not to use a krb5.conf.
-----Original Message-----
From: Henk-Jan [mailto:h.visscher@cordares.nl]
Sent: 26 April 2012 10:33
To: users@cxf.apache.org
Subject: RE: Kerberos and credential propagation
Running with the following command gives the same result:
mvn test -Pnochecks -Dsun.security.krb5.debug=true -Djava.security.krb5.realm=MELKWEG.TLD
-Djava.security.krb5.kdc=corx01.melkweg.tld -Dtest=KerberosTokenTest -Djava.security.auth.login.config=src/test/resources/kerberos.jaas
--
View this message in context: http://cxf.547215.n5.nabble.com/Kerberos-and-credential-propagation-tp5646577p5667132.html
Sent from the cxf-user mailing list archive at Nabble.com.
******************************************************************************
The information contained in this email may be confidential. It is intended
only for the use of the named recipient. If you are not the named recipient
please delete this email and notify the sender of the delivery error. If you
have received this email and are not the named recipient, any disclosure,
reproduction, distribution or other dissemination or use of the information
contained in this email is strictly prohibited.
The transmission of email cannot be guaranteed to be secure or error free as
information could be intercepted, corrupted, lost, destroyed, arrive late or
incomplete, or contain viruses. The sender therefore does not accept
liability for any errors or omissions in the contents of this message which
arise as a result of email transmission. If verification is required please
request a hard copy version.
The Camelot group of companies includes:
Camelot UK Lotteries Limited (reg. no 2822203), Camelot Business Solutions
Limited (reg. no 07553982), Camelot Strategic Solutions Limited (reg. no
07553980), Camelot Global Services Limited (reg. no 02822300) and Camelot
Commercial Services Limited (reg. no 06911097), all of which are registered
in England and Wales and have their registered office at:
Tolpits Lane
Watford
WD18 9RN
Tel : 01923 425000
******************************************************************************
RE: Kerberos and credential propagation
Posted by Henk-Jan <h....@cordares.nl>.
Running with the following command gives the same result:
mvn test -Pnochecks -Dsun.security.krb5.debug=true
-Djava.security.krb5.realm=MELKWEG.TLD
-Djava.security.krb5.kdc=corx01.melkweg.tld -Dtest=KerberosTokenTest
-Djava.security.auth.login.config=src/test/resources/kerberos.jaas
--
View this message in context: http://cxf.547215.n5.nabble.com/Kerberos-and-credential-propagation-tp5646577p5667132.html
Sent from the cxf-user mailing list archive at Nabble.com.
RE: Kerberos and credential propagation
Posted by John Baker <jo...@camelotgroup.co.uk>.
Yes, I see now. It looks fine. The failed to find key error is often associated with a case issue, but I can see that your domain is in upper case and that matches the krb5.conf:
principal="HTTP/_kerbisspoc-service.melkweg.tld@MELKWEG.TLD";
I would suggest trying to get rid of the krb5.conf file by setting the two environment variables that specify a KDC and realm (the names escape me right now).
-----Original Message-----
From: Henk-Jan [mailto:h.visscher@cordares.nl]
Sent: 26 April 2012 09:32
To: users@cxf.apache.org
Subject: RE: Kerberos and credential propagation
How can I get (even) more debug information?
See also
http://cxf.547215.n5.nabble.com/Kerberos-and-credential-propagation-tp5646577p5665641.html
--
View this message in context: http://cxf.547215.n5.nabble.com/Kerberos-and-credential-propagation-tp5646577p5667012.html
Sent from the cxf-user mailing list archive at Nabble.com.
******************************************************************************
The information contained in this email may be confidential. It is intended
only for the use of the named recipient. If you are not the named recipient
please delete this email and notify the sender of the delivery error. If you
have received this email and are not the named recipient, any disclosure,
reproduction, distribution or other dissemination or use of the information
contained in this email is strictly prohibited.
The transmission of email cannot be guaranteed to be secure or error free as
information could be intercepted, corrupted, lost, destroyed, arrive late or
incomplete, or contain viruses. The sender therefore does not accept
liability for any errors or omissions in the contents of this message which
arise as a result of email transmission. If verification is required please
request a hard copy version.
The Camelot group of companies includes:
Camelot UK Lotteries Limited (reg. no 2822203), Camelot Business Solutions
Limited (reg. no 07553982), Camelot Strategic Solutions Limited (reg. no
07553980), Camelot Global Services Limited (reg. no 02822300) and Camelot
Commercial Services Limited (reg. no 06911097), all of which are registered
in England and Wales and have their registered office at:
Tolpits Lane
Watford
WD18 9RN
Tel : 01923 425000
******************************************************************************
RE: Kerberos and credential propagation
Posted by Henk-Jan <h....@cordares.nl>.
How can I get (even) more debug information?
See also
http://cxf.547215.n5.nabble.com/Kerberos-and-credential-propagation-tp5646577p5665641.html
--
View this message in context: http://cxf.547215.n5.nabble.com/Kerberos-and-credential-propagation-tp5646577p5667012.html
Sent from the cxf-user mailing list archive at Nabble.com.
RE: Kerberos and credential propagation
Posted by John Baker <jo...@camelotgroup.co.uk>.
Well, perhaps the Kerberos module was fixed in 1.6 :)
Can you send the Kerberos debug in 1.6?
-----Original Message-----
From: Henk-Jan [mailto:h.visscher@cordares.nl]
Sent: 26 April 2012 09:05
To: users@cxf.apache.org
Subject: RE: Kerberos and credential propagation
Java 7 didn’t break things, it’s the other way around, java 6 is giving me problems.
--
View this message in context: http://cxf.547215.n5.nabble.com/Kerberos-and-credential-propagation-tp5646577p5666967.html
Sent from the cxf-user mailing list archive at Nabble.com.
******************************************************************************
The information contained in this email may be confidential. It is intended
only for the use of the named recipient. If you are not the named recipient
please delete this email and notify the sender of the delivery error. If you
have received this email and are not the named recipient, any disclosure,
reproduction, distribution or other dissemination or use of the information
contained in this email is strictly prohibited.
The transmission of email cannot be guaranteed to be secure or error free as
information could be intercepted, corrupted, lost, destroyed, arrive late or
incomplete, or contain viruses. The sender therefore does not accept
liability for any errors or omissions in the contents of this message which
arise as a result of email transmission. If verification is required please
request a hard copy version.
The Camelot group of companies includes:
Camelot UK Lotteries Limited (reg. no 2822203), Camelot Business Solutions
Limited (reg. no 07553982), Camelot Strategic Solutions Limited (reg. no
07553980), Camelot Global Services Limited (reg. no 02822300) and Camelot
Commercial Services Limited (reg. no 06911097), all of which are registered
in England and Wales and have their registered office at:
Tolpits Lane
Watford
WD18 9RN
Tel : 01923 425000
******************************************************************************
RE: Kerberos and credential propagation
Posted by Henk-Jan <h....@cordares.nl>.
Java 7 didn’t break things, it’s the other way around, java 6 is giving me
problems.
--
View this message in context: http://cxf.547215.n5.nabble.com/Kerberos-and-credential-propagation-tp5646577p5666967.html
Sent from the cxf-user mailing list archive at Nabble.com.
RE: Kerberos and credential propagation
Posted by John Baker <jo...@camelotgroup.co.uk>.
If you're saying things broke with Java 1.7 then it's worth noting there are some known bugs in the Keberos module prior to update 4.
-----Original Message-----
From: Colm O hEigeartaigh [mailto:coheigea@apache.org]
Sent: 25 April 2012 17:04
To: users@cxf.apache.org
Subject: Re: Kerberos and credential propagation
Could you enable debug logging in WSS4J? It may shed some light on the root exception. Add log4j to the pom and change the rootLogger from WARN to DEBUG in src/test/resource/log4j.properties.
Could you try with a more recent version of JDK 1.6 such as 1.6.0_31?
Colm.
On Wed, Apr 25, 2012 at 4:49 PM, Henk-Jan <h....@cordares.nl> wrote:
> Thanks for your answer Freeman
>
> I already tried the examples you mentioned before but couldn't get
> them to work. However, as they seemed to address the problem I was
> facing I gave them another try, to no avail.
>
> Until yesterday, after I installed java 7 (java version "1.7.0_03")
> suddenly everything was working fine. But as we're deploying our
> services to WAS which uses java 6 this is no acceptable solution.
>
> Maybe someone can help me to get the examples working under java 6 ?
> Or point me to some possible working alternatives?
>
> I also stumbled upon the following bug, but I don't think it applies
> to my
> problem: http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7061379
>
> My configuration:
>
> Source: https://svn.apache.org/repos/asf/cxf/trunk/
> Redhat Linux server : narvi.sfb
> SPN (*): HTTP/_kerbisspoc-service.melkweg.tld
> KDC server: corx01.melkweg.tld
>
> (*): both the client & the server use the same SPN
>
> Content of /etc/krb5.conf:
>
> [libdefaults]
> default_realm = MELKWEG.TLD
>
> [realms]
> MELKWEG.TLD = {
> kdc = corx01.melkweg.tld
> }
>
> [domain_realm]
> .sfb = MELKWEG.TLD
>
> Content of Login.jaas:
>
> client {
> com.sun.security.auth.module.Krb5LoginModule required
> refreshKrb5Config=true
> useKeyTab=true
> debug=true
> keyTab="/etc/_kerbisspoc.keytab"
> principal="HTTP/_kerbisspoc-service.melkweg.tld@";
> };
>
> server {
> com.sun.security.auth.module.Krb5LoginModule required
> debug=true
> refreshKrb5Config=true
> useKeyTab=true
> storeKey=true
> keyTab="/etc/_kerbisspoc.keytab"
> principal="HTTP/_kerbisspoc-service.melkweg.tld@MELKWEG.TLD";
> };
>
> Context of client.xml (relevant part):
>
> <bean id="kerberosValidator"
> class="org.apache.ws.security.validate.KerberosTokenValidator">
> <property name="contextName" value="server"/>
> <property name="serviceName"
> value="HTTP/_kerbisspoc-service.melkweg.tld@"/>
> </bean>
>
> Context of server.xml (relevant part):
>
> <jaxws:client
> name="{http://www.example.org/contract/DoubleIt}DoubleItKerberosSymmetricPort"
> createdFromAPI="true">
> <jaxws:properties>
> <entry key="ws-security.encryption.properties"
>
> value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/>
> <entry key="ws-security.encryption.username" value="bob"/>
> <entry key="ws-security.kerberos.client">
> <bean
> class="org.apache.cxf.ws.security.kerberos.KerberosClient">
> <constructor-arg ref="cxf"/>
> <property name="contextName" value="client"/>
> <property name="serviceName"
> value="HTTP/_kerbisspoc-service.melkweg.tld@"/>
> </bean>
> </entry>
> </jaxws:properties>
> </jaxws:client>
>
>
> Command line for the test:
>
> mvn test -Pnochecks -Dsun.security.krb5.debug=true
> -Dtest=KerberosTokenTest
> -Djava.security.auth.login.config=src/test/resources/kerberos.jaas
>
> Output using version "1.6.0_25":
>
> -------------------------------------------------------
> T E S T S
> -------------------------------------------------------
>
> Running org.apache.cxf.systest.ws.kerberos.KerberosTokenTest
> In testKerberosOverSymmetric.
> Unrestricted policies installed
> Debug is true storeKey false useTicketCache false useKeyTab true
> doNotPrompt false ticketCache is null isInitiator true KeyTab is
> /etc/_kerbisspoc.keytab refreshKrb5Config is true principal is
> HTTP/_kerbisspoc-service.melkweg.tld@ tryFirstPass is false
> useFirstPass is false storePass is false clearPass is false Refreshing
> Kerberos configuration Config name: /etc/krb5.conf
>>>> KdcAccessibility: reset
>>>> KeyTabInputStream, readName(): MELKWEG.TLD KeyTabInputStream,
>>>> readName(): HTTP KeyTabInputStream, readName():
>>>> _kerbisspoc-service.melkweg.tld
>>>> KeyTab: load() entry length: 83; type: 23
> Added key: 23version: 4
> Ordering keys wrt default_tkt_enctypes list Using builtin default
> etypes for default_tkt_enctypes default etypes for
> default_tkt_enctypes: 3 1 23 16 17 18.
> principal's key obtained from the keytab Acquire TGT using AS Exchange
> Using builtin default etypes for default_tkt_enctypes default etypes
> for default_tkt_enctypes: 3 1 23 16 17 18.
>>>> KrbAsReq calling createMessage
>>>> KrbAsReq in createMessage
>>>> KrbKdcReq send: kdc=corx01.melkweg.tld UDP:88, timeout=30000,
>>>> number of retries =3, #bytes=166
>>>> KDCCommunication: kdc=corx01.melkweg.tld UDP:88,
>>>> timeout=30000,Attempt =1, #bytes=166 KrbKdcReq send: #bytes
>>>> read=631 KrbKdcReq send: #bytes read=631
>>>> KdcAccessibility: remove corx01.melkweg.tld
>>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>>> KrbAsRep cons in KrbAsReq.getReply
>>>> HTTP/_kerbisspoc-service.melkweg.tld
> principal is HTTP/_kerbisspoc-service.melkweg.tld@MELKWEG.TLD
> EncryptionKey: keyType=23 keyBytes (hex dump)=0000: E7 F7 BA 95 A4 39
> BC C1
> C7 75 22 6B CF 95 B5 E9 .....9...u"k....
>
> Commit Succeeded
>
> Found ticket for HTTP/_kerbisspoc-service.melkweg.tld@MELKWEG.TLD to
> go to krbtgt/MELKWEG.TLD@MELKWEG.TLD expiring on Thu Apr 26 03:30:36
> CEST 2012 Entered Krb5Context.initSecContext with state=STATE_NEW
> Found ticket for HTTP/_kerbisspoc-service.melkweg.tld@MELKWEG.TLD to
> go to krbtgt/MELKWEG.TLD@MELKWEG.TLD expiring on Thu Apr 26 03:30:36
> CEST 2012 Service ticket not found in the subject
>>>> Credentials acquireServiceCreds: same realm
> Using builtin default etypes for default_tgs_enctypes default etypes
> for default_tgs_enctypes: 3 1 23 16 17 18.
>>>> CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType
>>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>>> KrbKdcReq send: kdc=corx01.melkweg.tld UDP:88, timeout=30000,
>>>> number of retries =3, #bytes=665
>>>> KDCCommunication: kdc=corx01.melkweg.tld UDP:88,
>>>> timeout=30000,Attempt =1, #bytes=665 KrbKdcReq send: #bytes
>>>> read=627 KrbKdcReq send: #bytes read=627
>>>> KdcAccessibility: remove corx01.melkweg.tld
>>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>>> KrbApReq: APOptions are 00000000 00000000 00000000 00000000
>>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
> Krb5Context setting mySeqNumber to: 19043227 Krb5Context setting
> peerSeqNumber to: 0 Created InitSecContextToken:
> 0000: 01 00 6E 82 02 1F 30 82 02 1B A0 03 02 01 05 A1 ..n...0.........
> 0010: 03 02 01 0E A2 07 03 05 00 00 00 00 00 A3 82 01 ................
> 0020: 2B 61 82 01 27 30 82 01 23 A0 03 02 01 05 A1 0D +a..'0..#.......
> 0030: 1B 0B 4D 45 4C 4B 57 45 47 2E 54 4C 44 A2 32 30
> ..MELKWEG.TLD.20
> 0040: 30 A0 03 02 01 00 A1 29 30 27 1B 04 48 54 54 50
> 0......)0'..HTTP
> 0050: 1B 1F 5F 6B 65 72 62 74 6F 6D 70 6F 63 2D 73 65
> .._kerbtompoc-se
> 0060: 72 76 69 63 65 2E 6D 65 6C 6B 77 65 67 2E 74 6C
> rvice.melkweg.tl
> 0070: 64 A3 81 D8 30 81 D5 A0 03 02 01 17 A1 03 02 01 d...0...........
> 0080: 02 A2 81 C8 04 81 C5 4D 9E 3F A3 AD 9D AC 7A 13 .......M.?....z.
> 0090: 7A FB F5 A5 0A 0A 3C E0 27 53 B3 78 FA 21 7F 30
> z.....<.'S.x.!.0
> 00A0: 38 6D 20 95 B3 27 DA 77 31 00 3D CE 98 36 EA 58 8m
> ..'.w1.=..6.X
> 00B0: 39 60 85 44 4C 3B 81 AA CE EB 2D D6 6B 94 8A 1B 9`.DL;....-.k...
> 00C0: C3 54 92 A1 18 E0 41 75 2B 78 CE 43 FF 04 5E 64
> .T....Au+x.C..^d
> 00D0: 22 90 AA EC C1 20 62 D9 9F E2 9F 96 BD FB BF 31 "....
> b........1
> 00E0: 37 E3 C5 74 43 E4 F8 44 C1 84 24 51 4F A1 76 10 7..tC..D..$QO.v.
> 00F0: 70 5E 96 F9 E4 1B D2 28 9D B8 B6 82 CC 7A FA 59
> p^.....(.....z.Y
> 0100: 07 96 0A 1D A7 01 32 09 DA C7 D5 BE AC DE 1A A0 ......2.........
> 0110: 49 A5 46 3E B6 C2 F1 8C 39 41 7C C4 AA 32 AA 2A
> I.F>....9A...2.*
> 0120: 68 7B 66 0A EF 82 E3 93 A3 0E B0 83 6C 0A 2F 09 h.f.........l./.
> 0130: 6E D8 59 93 E7 2B 5A 7C C1 88 C7 D8 1E 27 E4 C2 n.Y..+Z......'..
> 0140: 61 D9 0A 54 B6 03 9D 85 9A 15 54 55 A4 81 D6 30
> a..T......TU...0
> 0150: 81 D3 A0 03 02 01 03 A2 81 CB 04 81 C8 4E AA 1D .............N..
> 0160: 9A 0F 00 61 07 0C FB E7 CE A1 2F 33 D3 74 25 CC ...a....../3.t%.
> 0170: 5F 67 E8 89 2A 3A B4 66 71 BB A0 0F F0 E5 83 2A
> _g..*:.fq......*
> 0180: E3 DD 83 0D DE 16 44 C7 A2 6A 76 01 AD 25 04 B8 ......D..jv..%..
> 0190: D3 25 A0 AF 70 C0 DA BB F8 36 A5 F9 9F DA 92 BF .%..p....6......
> 01A0: D1 27 96 C7 52 3B 13 B7 8F 32 C9 BA 64 E6 0C C2 .'..R;...2..d...
> 01B0: 2D 60 55 5D 7C 92 7E D7 B9 A6 8B 5C FD 2E FF D6 -`U].......\....
> 01C0: EA 64 C0 2B 42 3D 09 71 85 BD 65 DE 61 AD 6A 3B
> .d.+B=.q..e.a.j;
> 01D0: F9 1A F6 B2 DD E1 7A 40 98 F1 86 6C CD B9 E2 5B
> ......z@...l...[
> 01E0: D6 F2 A5 E8 4E 15 4B 65 0E 38 3F 8C A9 8C FC 97 ....N.Ke.8?.....
> 01F0: 93 0A 51 70 6F B4 6E CF E1 67 96 95 B1 08 E6 23
> ..Qpo.n..g.....#
> 0200: BF E9 1B FB 81 18 3B 10 5D 3C 1F 80 55 3A 8E AE ......;.]<..U:..
> 0210: EE 5A 70 0A 3A 18 0A 9A 78 83 D5 1B 4D 9F F7 AA .Zp.:...x...M...
> 0220: D2 3A 8B 55 B6 .:.U.
>
> Debug is true storeKey true useTicketCache false useKeyTab true
> doNotPrompt false ticketCache is null isInitiator true KeyTab is
> /etc/_kerbisspoc.keytab refreshKrb5Config is true principal is
> HTTP/_kerbisspoc-service.melkweg.tld@MELKWEG.TLD tryFirstPass is false
> useFirstPass is false storePass is false clearPass is false Refreshing
> Kerberos configuration Config name: /etc/krb5.conf Refreshing Keytab
>>>> KdcAccessibility: reset
>>>> KeyTabInputStream, readName(): MELKWEG.TLD KeyTabInputStream,
>>>> readName(): HTTP KeyTabInputStream, readName():
>>>> _kerbisspoc-service.melkweg.tld
>>>> KeyTab: load() entry length: 83; type: 23
> Added key: 23version: 4
> Ordering keys wrt default_tkt_enctypes list Using builtin default
> etypes for default_tkt_enctypes default etypes for
> default_tkt_enctypes: 3 1 23 16 17 18.
> principal's key obtained from the keytab Acquire TGT using AS Exchange
> Using builtin default etypes for default_tkt_enctypes default etypes
> for default_tkt_enctypes: 3 1 23 16 17 18.
>>>> KrbAsReq calling createMessage
>>>> KrbAsReq in createMessage
>>>> KrbKdcReq send: kdc=corx01.melkweg.tld UDP:88, timeout=30000,
>>>> number of retries =3, #bytes=166
>>>> KDCCommunication: kdc=corx01.melkweg.tld UDP:88,
>>>> timeout=30000,Attempt =1, #bytes=166 KrbKdcReq send: #bytes
>>>> read=631 KrbKdcReq send: #bytes read=631
>>>> KdcAccessibility: remove corx01.melkweg.tld
>>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>>> KrbAsRep cons in KrbAsReq.getReply
>>>> HTTP/_kerbisspoc-service.melkweg.tld
> principal is HTTP/_kerbisspoc-service.melkweg.tld@MELKWEG.TLD
> EncryptionKey: keyType=23 keyBytes (hex dump)=0000: E7 F7 BA 95 A4 39
> BC C1
> C7 75 22 6B CF 95 B5 E9 .....9...u"k....
>
> Added server's keyKerberos Principal
> HTTP/_kerbisspoc-service.melkweg.tld@MELKWEG.TLDKey Version 4key
> EncryptionKey: keyType=23 keyBytes (hex dump)=
> 0000: E7 F7 BA 95 A4 39 BC C1 C7 75 22 6B CF 95 B5 E9 .....9...u"k....
>
> [Krb5LoginModule] added Krb5Principal
> HTTP/_kerbisspoc-service.melkweg.tld@MELKWEG.TLD to Subject Commit
> Succeeded
>
> Tests run: 12, Failures: 0, Errors: 1, Skipped: 11, Time elapsed:
> 11.529 sec <<< FAILURE!
> testKerberosOverSymmetric(org.apache.cxf.systest.ws.kerberos.KerberosT
> okenTest)
> Time elapsed: 4.094 sec <<< ERROR!
> javax.xml.ws.soap.SOAPFaultException: General security error (An error
> occurred in trying to validate a ticket)
> at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:156
> )
> at $Proxy42.doubleIt(Unknown Source)
> at
> org.apache.cxf.systest.ws.kerberos.KerberosTokenTest.testKerberosOverS
> ymmetric(KerberosTokenTest.java:131)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
> ava:39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
> orImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at
> org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkM
> ethod.java:44)
> at
> org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCall
> able.java:15)
> at
> org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMet
> hod.java:41)
> at
> org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMeth
> od.java:20)
> at
> org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.jav
> a:31)
> at
> org.junit.runners.BlockJUnit4ClassRunner.runNotIgnored(BlockJUnit4Clas
> sRunner.java:79)
> at
> org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunn
> er.java:71)
> at
> org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunn
> er.java:49)
> at org.junit.runners.ParentRunner$3.run(ParentRunner.java:193)
> at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:52)
> at
> org.junit.runners.ParentRunner.runChildren(ParentRunner.java:191)
> at org.junit.runners.ParentRunner.access$000(ParentRunner.java:42)
> at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:184)
> at
> org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.j
> ava:28)
> at
> org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.jav
> a:31)
> at org.junit.runners.ParentRunner.run(ParentRunner.java:236)
> at
> org.apache.maven.surefire.junit4.JUnit4Provider.execute(JUnit4Provider
> .java:236)
> at
> org.apache.maven.surefire.junit4.JUnit4Provider.executeTestSet(JUnit4P
> rovider.java:134)
> at
> org.apache.maven.surefire.junit4.JUnit4Provider.invoke(JUnit4Provider.
> java:113)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
> ava:39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
> orImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at
> org.apache.maven.surefire.util.ReflectionUtils.invokeMethodWithArray(R
> eflectionUtils.java:189)
> at
> org.apache.maven.surefire.booter.ProviderFactory$ProviderProxy.invoke(
> ProviderFactory.java:165)
> at
> org.apache.maven.surefire.booter.ProviderFactory.invokeProvider(Provid
> erFactory.java:85)
> at
> org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(Forke
> dBooter.java:103)
> at
> org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:7
> 4) Caused by: org.apache.cxf.binding.soap.SoapFault: General security
> error (An error occurred in trying to validate a ticket)
> at
> org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmar
> shalFault(Soap11FaultInInterceptor.java:75)
> at
> org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handl
> eMessage(Soap11FaultInInterceptor.java:46)
> at
> org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handl
> eMessage(Soap11FaultInInterceptor.java:35)
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseIntercepto
> rChain.java:262)
> at
> org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessa
> ge(AbstractFaultChainInitiatorObserver.java:113)
> at
> org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMe
> ssage(CheckFaultInterceptor.java:69)
> at
> org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMe
> ssage(CheckFaultInterceptor.java:34)
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseIntercepto
> rChain.java:262)
> at
> org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:798)
> at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleRe
> sponseInternal(HTTPConduit.java:1656)
> at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleRe
> sponse(HTTPConduit.java:1521)
> at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HT
> TPConduit.java:1429)
> at
> org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56
> )
> at
> org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:659)
> at
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndin
> gInterceptor.handleMessage(MessageSenderInterceptor.java:62)
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseIntercepto
> rChain.java:262)
> at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:532)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320)
> at
> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:89)
> at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134
> )
> ... 34 more
>
> Results :
>
> Tests in error:
>
> testKerberosOverSymmetric(org.apache.cxf.systest.ws.kerberos.KerberosTokenTest):
> General security error (An error occurred in trying to validate a
> ticket)
>
> Tests run: 12, Failures: 0, Errors: 1, Skipped: 11
>
> Output using version "1.7.0_3":
>
> -------------------------------------------------------
> T E S T S
> -------------------------------------------------------
> Running org.apache.cxf.systest.ws.kerberos.KerberosTokenTest
> In testKerberosOverSymmetric.
> Unrestricted policies installed
> Debug is true storeKey false useTicketCache false useKeyTab true
> doNotPrompt false ticketCache is null isInitiator true KeyTab is
> /etc/_kerbisspoc.keytab refreshKrb5Config is true principal is
> HTTP/_kerbisspoc-service.melkweg.tld@ tryFirstPass is false
> useFirstPass is false storePass is false clearPass is false Refreshing
> Kerberos configuration Config name: /etc/krb5.conf
>>>> KdcAccessibility: reset
>>>> KdcAccessibility: reset
>>>> KeyTabInputStream, readName(): MELKWEG.TLD KeyTabInputStream,
>>>> readName(): HTTP KeyTabInputStream, readName():
>>>> _kerbisspoc-service.melkweg.tld
>>>> KeyTab: load() entry length: 83; type: 23
> Added key: 23version: 4
> Ordering keys wrt default_tkt_enctypes list Using builtin default
> etypes for default_tkt_enctypes default etypes for
> default_tkt_enctypes: 18 17 16 23 1 3.
> Added key: 23version: 4
> Ordering keys wrt default_tkt_enctypes list Using builtin default
> etypes for default_tkt_enctypes default etypes for
> default_tkt_enctypes: 18 17 16 23 1 3.
> Using builtin default etypes for default_tkt_enctypes default etypes
> for default_tkt_enctypes: 18 17 16 23 1 3.
>>>> KrbAsReq creating message
>>>> KrbKdcReq send: kdc=corx01.melkweg.tld UDP:88, timeout=30000,
>>>> number of retries =3, #bytes=166
>>>> KDCCommunication: kdc=corx01.melkweg.tld UDP:88,
>>>> timeout=30000,Attempt =1, #bytes=166 KrbKdcReq send: #bytes
>>>> read=631
>>>> KdcAccessibility: remove corx01.melkweg.tld
> Added key: 23version: 4
> Ordering keys wrt default_tkt_enctypes list Using builtin default
> etypes for default_tkt_enctypes default etypes for
> default_tkt_enctypes: 18 17 16 23 1 3.
>>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>>> KrbAsRep cons in KrbAsReq.getReply
>>>> HTTP/_kerbisspoc-service.melkweg.tld
> principal is HTTP/_kerbisspoc-service.melkweg.tld@MELKWEG.TLD
> Will use keytab
> Commit Succeeded
>
> Found ticket for HTTP/_kerbisspoc-service.melkweg.tld@MELKWEG.TLD to
> go to krbtgt/MELKWEG.TLD@MELKWEG.TLD expiring on Thu Apr 26 03:33:58
> CEST 2012 Entered Krb5Context.initSecContext with state=STATE_NEW
> Found ticket for HTTP/_kerbisspoc-service.melkweg.tld@MELKWEG.TLD to
> go to krbtgt/MELKWEG.TLD@MELKWEG.TLD expiring on Thu Apr 26 03:33:58
> CEST 2012 Service ticket not found in the subject
>>>> Credentials acquireServiceCreds: same realm
> Using builtin default etypes for default_tgs_enctypes default etypes
> for default_tgs_enctypes: 18 17 16 23 1 3.
>>>> CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType
>>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>>> KrbKdcReq send: kdc=corx01.melkweg.tld UDP:88, timeout=30000,
>>>> number of retries =3, #bytes=665
>>>> KDCCommunication: kdc=corx01.melkweg.tld UDP:88,
>>>> timeout=30000,Attempt =1, #bytes=665 KrbKdcReq send: #bytes
>>>> read=643
>>>> KdcAccessibility: remove corx01.melkweg.tld
>>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>>> KrbApReq: APOptions are 00000000 00000000 00000000 00000000
>>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
> Krb5Context setting mySeqNumber to: 87301791 Krb5Context setting
> peerSeqNumber to: 0 Created InitSecContextToken:
>
> 0000: 01 00 6E 82 02 2B 30 82 02 27 A0 03 02 01 05 A1 ..n..+0..'......
> 0010: 03 02 01 0E A2 07 03 05 00 00 00 00 00 A3 82 01 ................
> 0020: 33 61 82 01 2F 30 82 01 2B A0 03 02 01 05 A1 0D 3a../0..+.......
> 0030: 1B 0B 4D 45 4C 4B 57 45 47 2E 54 4C 44 A2 32 30
> ..MELKWEG.TLD.20
> 0040: 30 A0 03 02 01 00 A1 29 30 27 1B 04 48 54 54 50
> 0......)0'..HTTP
> 0050: 1B 1F 5F 6B 65 72 62 69 73 73 70 6F 63 2D 73 65
> .._kerbisspoc-se
> 0060: 72 76 69 63 65 2E 6D 65 6C 6B 77 65 67 2E 74 6C
> rvice.melkweg.tl
> 0070: 64 A3 81 E0 30 81 DD A0 03 02 01 17 A1 03 02 01 d...0...........
> 0080: 04 A2 81 D0 04 81 CD BB FE 9C 11 EC DB 48 8D 5E
> .............H.^
> 0090: D5 C7 B8 C8 A9 6F 42 E3 09 F1 C5 33 C7 A6 5C B5 .....oB....3..\.
> 00A0: EE B8 E5 6C 8E EC 5C BB 15 07 17 1E 10 BC D2 78
> ...l..\........x
> 00B0: 5E 06 6F FC 7E D7 54 9A 7C DD CC 55 90 98 F1 BF ^.o...T....U....
> 00C0: 45 BD 98 31 44 0F 6E F9 E6 99 8E FD 2C C8 DA E5 E..1D.n.....,...
> 00D0: 92 2D A0 3D 9A 87 EC BD 44 CC 7C 72 ED B7 21 58
> .-.=....D..r..!X
> 00E0: 66 2D A4 36 A0 F9 4E 0E D4 7B 69 4B 2E 12 5B A4 f-.6..N...iK..[.
> 00F0: 77 B0 10 8E B4 6F 4A 9E D1 89 BC 7C 53 E5 17 60
> w....oJ.....S..`
> 0100: 0B FB 7F 25 7C 56 E3 39 83 1C 97 38 85 ED C8 6A
> ...%.V.9...8...j
> 0110: C4 88 13 1D 48 4F 48 07 76 60 4D B7 CD 43 B1 A0 ....HOH.v`M..C..
> 0120: B8 BB 8D F5 C6 14 CF 8D 41 30 4E BC A4 C3 99 D1 ........A0N.....
> 0130: E7 FE F6 42 9D 44 1F 39 E7 37 B6 04 BD FF ED 37
> ...B.D.9.7.....7
> 0140: CD C1 6A 79 B4 6C 2B 65 09 22 E1 2C 5B A8 21 76
> ..jy.l+e.".,[.!v
> 0150: D5 91 AB 7D A4 81 DA 30 81 D7 A0 03 02 01 17 A2 .......0........
> 0160: 81 CF 04 81 CC B7 75 8C 38 22 08 CE BE C4 B8 9C ......u.8"......
> 0170: 85 19 DC F9 8F 64 33 A2 9D 9A 8C C6 7A 72 DA 2E .....d3.....zr..
> 0180: 77 BC 6C D6 09 08 E9 4A D6 CC C5 6B 95 89 3D 63
> w.l....J...k..=c
> 0190: E0 B9 B1 A0 8F 70 B8 41 01 80 F4 C9 34 16 36 D1 .....p.A....4.6.
> 01A0: 34 55 91 14 4D DE BF 7A 54 D3 7C 39 A2 02 59 A8 4U..M..zT..9..Y.
> 01B0: 1B 40 70 FC D3 86 E7 62 92 4B 42 75 4F 92 8A 1C .@p....b.KBuO...
> 01C0: B4 2F 09 77 F4 27 86 72 37 54 29 99 59 88 3E 42
> ./.w.'.r7T).Y.>B
> 01D0: 00 EB 73 74 44 AA 9B 28 F7 7E 58 00 8F D9 06 ED ..stD..(..X.....
> 01E0: 59 52 3C EF B9 A9 45 B4 97 BC CC D4 1F 4F D7 45
> YR<...E......O.E
> 01F0: 66 58 A3 31 34 A4 63 C0 E9 19 5D 80 71 37 34 33
> fX.14.c...].q743
> 0200: 5E 2D 45 77 53 BF 6A 1F 21 41 0A 4B C6 DF 60 54
> ^-EwS.j.!A.K..`T
> 0210: D4 EE C4 A1 55 48 6B AF 0C BD 52 46 8B C4 C9 FB ....UHk...RF....
> 0220: 75 76 5F 99 D6 26 26 DC 5B 10 E9 18 88 E2 9B 57
> uv_..&&.[......W
> 0230: 07 .
>
> Debug is true storeKey true useTicketCache false useKeyTab true
> doNotPrompt false ticketCache is null isInitiator true KeyTab is
> /etc/_kerbisspoc.keytab refreshKrb5Config is true principal is
> HTTP/_kerbisspoc-service.melkweg.tld@MELKWEG.TLD tryFirstPass is false
> useFirstPass is false storePass is false clearPass is false Refreshing
> Kerberos configuration Config name: /etc/krb5.conf
>>>> KdcAccessibility: reset
> Added key: 23version: 4
> Ordering keys wrt default_tkt_enctypes list Using builtin default
> etypes for default_tkt_enctypes default etypes for
> default_tkt_enctypes: 18 17 16 23 1 3.
> Added key: 23version: 4
> Ordering keys wrt default_tkt_enctypes list Using builtin default
> etypes for default_tkt_enctypes default etypes for
> default_tkt_enctypes: 18 17 16 23 1 3.
> Using builtin default etypes for default_tkt_enctypes default etypes
> for default_tkt_enctypes: 18 17 16 23 1 3.
>>>> KrbAsReq creating message
>>>> KrbKdcReq send: kdc=corx01.melkweg.tld UDP:88, timeout=30000,
>>>> number of retries =3, #bytes=166
>>>> KDCCommunication: kdc=corx01.melkweg.tld UDP:88,
>>>> timeout=30000,Attempt =1, #bytes=166 KrbKdcReq send: #bytes
>>>> read=631
>>>> KdcAccessibility: remove corx01.melkweg.tld
> Added key: 23version: 4
> Ordering keys wrt default_tkt_enctypes list Using builtin default
> etypes for default_tkt_enctypes default etypes for
> default_tkt_enctypes: 18 17 16 23 1 3.
>>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>>> KrbAsRep cons in KrbAsReq.getReply
>>>> HTTP/_kerbisspoc-service.melkweg.tld
> principal is HTTP/_kerbisspoc-service.melkweg.tld@MELKWEG.TLD
> Will use keytab
> Added key: 23version: 4
> Ordering keys wrt default_tkt_enctypes list Using builtin default
> etypes for default_tkt_enctypes default etypes for
> default_tkt_enctypes: 18 17 16 23 1 3.
> Commit Succeeded
>
> Found KeyTab
> Found KerberosKey for HTTP/_kerbisspoc-service.melkweg.tld@MELKWEG.TLD
> Entered Krb5Context.acceptSecContext with state=STATE_NEW Added key:
> 23version: 4 Ordering keys wrt default_tkt_enctypes list Using builtin
> default etypes for default_tkt_enctypes default etypes for
> default_tkt_enctypes: 18 17 16 23 1 3.
>>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
> Using builtin default etypes for permitted_enctypes default etypes for
> permitted_enctypes: 18 17 16 23 1 3.
>>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
> replay cache for HTTP/_kerbisspoc-service.melkweg.tld@MELKWEG.TLD is null.
> object 0: 1335368038927/927468
> object 0: 1335368038927/927468
>>>> KrbApReq: authenticate succeed.
> Krb5Context setting peerSeqNumber to: 87301791 Krb5Context setting
> mySeqNumber to: 87301791 Tests run: 12, Failures: 0, Errors: 0,
> Skipped: 11, Time elapsed: 7.707 sec
>
> Results :
>
> Tests run: 12, Failures: 0, Errors: 0, Skipped: 11
>
> So, does anybody know if this is my own fault, or if it is caused by a
> bug in java?
>
> --
> View this message in context:
> http://cxf.547215.n5.nabble.com/Kerberos-and-credential-propagation-tp
> 5646577p5665237.html Sent from the cxf-user mailing list archive at
> Nabble.com.
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
******************************************************************************
The information contained in this email may be confidential. It is intended
only for the use of the named recipient. If you are not the named recipient
please delete this email and notify the sender of the delivery error. If you
have received this email and are not the named recipient, any disclosure,
reproduction, distribution or other dissemination or use of the information
contained in this email is strictly prohibited.
The transmission of email cannot be guaranteed to be secure or error free as
information could be intercepted, corrupted, lost, destroyed, arrive late or
incomplete, or contain viruses. The sender therefore does not accept
liability for any errors or omissions in the contents of this message which
arise as a result of email transmission. If verification is required please
request a hard copy version.
The Camelot group of companies includes:
Camelot UK Lotteries Limited (reg. no 2822203), Camelot Business Solutions
Limited (reg. no 07553982), Camelot Strategic Solutions Limited (reg. no
07553980), Camelot Global Services Limited (reg. no 02822300) and Camelot
Commercial Services Limited (reg. no 06911097), all of which are registered
in England and Wales and have their registered office at:
Tolpits Lane
Watford
WD18 9RN
Tel : 01923 425000
******************************************************************************
Re: Kerberos and credential propagation
Posted by Henk-Jan <h....@cordares.nl>.
Installed latest jdk, added log4j depedency, changed logging config, rebuilt
project
I hope you see something, I don't :(
[p15629@narvi ws-security]$ java -version
java version "1.6.0_31"
Java(TM) SE Runtime Environment (build 1.6.0_31-b04)
Java HotSpot(TM) 64-Bit Server VM (build 20.6-b01, mixed mode)
[p15629@narvi ws-security]$ cat src/test/resources/log4j.properties
log4j.rootLogger=DEBUG, stdout
log4j.logger.org.springframework.security=DEBUG, stdout
# Console output...
log4j.appender.stdout=org.apache.log4j.ConsoleAppender
log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
log4j.appender.stdout.layout.conversionPattern=[%p,%c{1},%t] %m%n
[p15629@narvi ws-security]$ mvn test -Pnochecks
-Dsun.security.krb5.debug=true -Dtest=KerberosTokenTest
-Djava.security.auth.login.config=src/test/resources/kerberos.jaas
[INFO] Scanning for projects...
[INFO]
[INFO]
------------------------------------------------------------------------
[INFO] Building Apache CXF WS-Security System Tests 2.6.1-SNAPSHOT
[INFO]
------------------------------------------------------------------------
[INFO]
[INFO] --- maven-bundle-plugin:2.3.7:cleanVersions (versions) @
cxf-systests-ws-security ---
[INFO]
[INFO] --- cxf-xml2fastinfoset-plugin:2.4.1:xml2fastinfoset
(xml2fastinfoset) @ cxf-systests-ws-security ---
[INFO]
[INFO] --- cxf-codegen-plugin:2.6.1-SNAPSHOT:wsdl2java (default) @
cxf-systests-ws-security ---
[INFO] Using proxy server configured in maven.
[INFO]
[INFO] --- maven-remote-resources-plugin:1.2.1:process (default) @
cxf-systests-ws-security ---
[INFO]
[INFO] --- maven-resources-plugin:2.5:resources (default-resources) @
cxf-systests-ws-security ---
[debug] execute contextualize
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] skip non existing resourceDirectory
/home/p15629/poc/demo/trunk6/systests/ws-security/src/main/java
[INFO] skip non existing resourceDirectory
/home/p15629/poc/demo/trunk6/systests/ws-security/src/main/resources
[INFO] skip non existing resourceDirectory
/home/p15629/poc/demo/trunk6/systests/ws-security/src/main/resources-filtered
[INFO] skip non existing resourceDirectory
/home/p15629/poc/demo/trunk6/systests/ws-security/target/generated/src/main/resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- maven-compiler-plugin:2.3.2:compile (default-compile) @
cxf-systests-ws-security ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] --- maven-bundle-plugin:2.3.7:manifest (bundle-manifest) @
cxf-systests-ws-security ---
[WARNING] Manifest
org.apache.cxf.systests:cxf-systests-ws-security:jar:2.6.1-SNAPSHOT :
Superfluous export-package instructions: [org.apache.cxf.*]
[INFO]
[INFO] --- maven-resources-plugin:2.5:testResources (default-testResources)
@ cxf-systests-ws-security ---
[debug] execute contextualize
[INFO] Using 'UTF-8' encoding to copy filtered resources.
[INFO] Copying 0 resource
[INFO] Copying 131 resources
[INFO] Copying 3 resources
[INFO]
[INFO] --- maven-compiler-plugin:2.3.2:testCompile (default-testCompile) @
cxf-systests-ws-security ---
[INFO] Nothing to compile - all classes are up to date
[INFO]
[INFO] --- maven-surefire-plugin:2.12:test (default-test) @
cxf-systests-ws-security ---
[INFO] Surefire report directory:
/home/p15629/poc/demo/trunk6/systests/ws-security/target/surefire-reports
-------------------------------------------------------
T E S T S
-------------------------------------------------------
-------------------------------------------------------
T E S T S
-------------------------------------------------------
Running org.apache.cxf.systest.ws.kerberos.KerberosTokenTest
[INFO,BusApplicationContext,main] Refreshing
org.apache.cxf.bus.spring.BusApplicationContext@2f242b11: startup date [Wed
Apr 25 20:30:49 CEST 2012]; root of context hierarchy
[DEBUG,DefaultBeanDefinitionDocumentReader,main] Loading bean definitions
[INFO,ControlledValidationXmlBeanDefinitionReader,main] Loading XML bean
definitions from URL
[file:/home/p15629/poc/demo/trunk6/systests/ws-security/target/test-classes/org/apache/cxf/systest/ws/kerberos/server/server.xml]
[DEBUG,DefaultDocumentLoader,main] Using JAXP provider
[com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderFactoryImpl]
[DEBUG,PluggableSchemaResolver,main] Loading schema mappings from
[META-INF/spring.schemas]
[DEBUG,PluggableSchemaResolver,main] Loaded schema mappings:
{http://www.springframework.org/schema/util/spring-util.xsd=org/springframework/beans/factory/xml/spring-util-3.0.xsd,
http://cxf.apache.org/schemas/policy.xsd=schemas/policy.xsd,
http://cxf.apache.org/schemas/configuration/security.xsd=schemas/configuration/security.xsd,
http://www.springframework.org/schema/task/spring-task.xsd=org/springframework/scheduling/config/spring-task-3.0.xsd,
http://www.springframework.org/schema/aop/spring-aop-3.0.xsd=org/springframework/aop/config/spring-aop-3.0.xsd,
http://www.springframework.org/schema/aop/spring-aop-2.0.xsd=org/springframework/aop/config/spring-aop-2.0.xsd,
http://www.springframework.org/schema/tool/spring-tool-2.5.xsd=org/springframework/beans/factory/xml/spring-tool-2.5.xsd,
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd=schemas/oasis-200401-wss-wssecurity-utility-1.0.xsd,
http://cxf.apache.org/schemas/configuration/soap.xsd=schemas/configuration/soap.xsd,
http://www.springframework.org/schema/beans/spring-beans.xsd=org/springframework/beans/factory/xml/spring-beans-3.0.xsd,
http://cxf.apache.org/schemas/wsdl/http-conf.xsd=schemas/wsdl/http-conf.xsd,
http://www.springframework.org/schema/jee/spring-jee-2.5.xsd=org/springframework/ejb/config/spring-jee-2.5.xsd,
http://cxf.apache.org/schemas/jaxws.xsd=schemas/jaxws.xsd,
http://www.w3.org/2006/07/ws-policy.xsd=schemas/ws-policy-200607.xsd,
http://schemas.xmlsoap.org/ws/2004/09/policy/ws-policy.xsd=schemas/ws-policy-200409.xsd,
http://www.springframework.org/schema/aop/spring-aop.xsd=org/springframework/aop/config/spring-aop-3.0.xsd,
http://cxf.apache.org/schemas/simple.xsd=schemas/simple.xsd,
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd=org/springframework/beans/factory/xml/spring-beans-2.0.xsd,
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd=org/springframework/beans/factory/xml/spring-beans-3.0.xsd,
http://www.springframework.org/schema/task/spring-task-3.0.xsd=org/springframework/scheduling/config/spring-task-3.0.xsd,
http://schemas.xmlsoap.org/wsdl/2003-02-11.xsd=schemas/wsdl/wsdl.xsd,
http://www.springframework.org/schema/context/spring-context-2.5.xsd=org/springframework/context/config/spring-context-2.5.xsd,
http://www.springframework.org/schema/tool/spring-tool-3.0.xsd=org/springframework/beans/factory/xml/spring-tool-3.0.xsd,
http://www.springframework.org/schema/lang/spring-lang.xsd=org/springframework/scripting/config/spring-lang-3.0.xsd,
http://www.springframework.org/schema/tool/spring-tool-2.0.xsd=org/springframework/beans/factory/xml/spring-tool-2.0.xsd,
http://www.springframework.org/schema/util/spring-util-2.5.xsd=org/springframework/beans/factory/xml/spring-util-2.5.xsd,
http://www.springframework.org/schema/lang/spring-lang-2.5.xsd=org/springframework/scripting/config/spring-lang-2.5.xsd,
http://cxf.apache.org/configuration/parameterized-types=schemas/configuration/parameterized-types.xsd,
http://cxf.apache.org/schemas/configuration/cxf-beans.xsd=schemas/configuration/cxf-beans.xsd,
http://cxf.apache.org/schemas/ws/addressing.xsd=schemas/ws-addr-conf.xsd,
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd=schemas/oasis-200401-wss-wssecurity-secext-1.0.xsd,
http://www.springframework.org/schema/jee/spring-jee-3.0.xsd=org/springframework/ejb/config/spring-jee-3.0.xsd,
http://www.springframework.org/schema/jee/spring-jee-2.0.xsd=org/springframework/ejb/config/spring-jee-2.0.xsd,
http://cxf.apache.org/schemas/core.xsd=schemas/core.xsd,
http://www.w3.org/2007/02/ws-policy.xsd=schemas/ws-policy-200702.xsd,
http://www.springframework.org/schema/context/spring-context.xsd=org/springframework/context/config/spring-context-3.0.xsd,
http://www.springframework.org/schema/jee/spring-jee.xsd=org/springframework/ejb/config/spring-jee-3.0.xsd,
http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd=schemas/xmldsig-core-schema.xsd,
http://www.w3.org/2001/xml.xsd=schemas/xml.xsd,
http://www.springframework.org/schema/aop/spring-aop-2.5.xsd=org/springframework/aop/config/spring-aop-2.5.xsd,
http://cxf.apache.org/schemas/configuration/http-conf.xsd=schemas/configuration/http-conf.xsd,
http://cxf.apache.org/schemas/configuration/http-jetty.xsd=schemas/configuration/http-jetty.xsd,
http://www.springframework.org/schema/context/spring-context-3.0.xsd=org/springframework/context/config/spring-context-3.0.xsd,
http://www.springframework.org/schema/tool/spring-tool.xsd=org/springframework/beans/factory/xml/spring-tool-3.0.xsd,
http://www.springframework.org/schema/util/spring-util-3.0.xsd=org/springframework/beans/factory/xml/spring-util-3.0.xsd,
http://www.springframework.org/schema/lang/spring-lang-3.0.xsd=org/springframework/scripting/config/spring-lang-3.0.xsd,
http://www.springframework.org/schema/util/spring-util-2.0.xsd=org/springframework/beans/factory/xml/spring-util-2.0.xsd,
http://www.springframework.org/schema/lang/spring-lang-2.0.xsd=org/springframework/scripting/config/spring-lang-2.0.xsd,
http://schemas.xmlsoap.org/wsdl/http/=schemas/wsdl/http.xsd,
http://cxf.apache.org/schemas/configuration/parameterized-types.xsd=schemas/configuration/parameterized-types.xsd,
http://schemas.xmlsoap.org/wsdl/=schemas/wsdl/wsdl.xsd,
http://schemas.xmlsoap.org/ws/2004/08/addressing=schemas/wsdl/addressing.xsd,
http://www.springframework.org/schema/beans/spring-beans-2.5.xsd=org/springframework/beans/factory/xml/spring-beans-2.5.xsd}
[DEBUG,PluggableSchemaResolver,main] Found XML schema
[http://www.springframework.org/schema/beans/spring-beans.xsd] in classpath:
org/springframework/beans/factory/xml/spring-beans-3.0.xsd
[DEBUG,PluggableSchemaResolver,main] Found XML schema
[http://cxf.apache.org/schemas/core.xsd] in classpath: schemas/core.xsd
[DEBUG,PluggableSchemaResolver,main] Found XML schema
[http://cxf.apache.org/schemas/configuration/cxf-beans.xsd] in classpath:
schemas/configuration/cxf-beans.xsd
[DEBUG,PluggableSchemaResolver,main] Found XML schema
[http://cxf.apache.org/schemas/configuration/parameterized-types.xsd] in
classpath: schemas/configuration/parameterized-types.xsd
[DEBUG,PluggableSchemaResolver,main] Found XML schema
[http://cxf.apache.org/schemas/policy.xsd] in classpath: schemas/policy.xsd
[DEBUG,PluggableSchemaResolver,main] Found XML schema
[http://cxf.apache.org/schemas/configuration/http-jetty.xsd] in classpath:
schemas/configuration/http-jetty.xsd
[DEBUG,PluggableSchemaResolver,main] Found XML schema
[http://cxf.apache.org/schemas/configuration/security.xsd] in classpath:
schemas/configuration/security.xsd
[DEBUG,PluggableSchemaResolver,main] Found XML schema
[http://cxf.apache.org/schemas/jaxws.xsd] in classpath: schemas/jaxws.xsd
[DEBUG,DefaultBeanDefinitionDocumentReader,main] Loading bean definitions
[DEBUG,BeanDefinitionParserDelegate,main] Neither XML 'id' nor 'name'
specified - using generated bean name
[org.springframework.beans.factory.config.PropertyPlaceholderConfigurer#0]
[DEBUG,DefaultNamespaceHandlerResolver,main] Loaded NamespaceHandler
mappings:
{http://www.springframework.org/schema/task=org.springframework.scheduling.config.TaskNamespaceHandler,
http://www.springframework.org/schema/p=org.springframework.beans.factory.xml.SimplePropertyNamespaceHandler,
http://cxf.apache.org/transports/http-jetty/configuration=org.apache.cxf.transport.http_jetty.spring.NamespaceHandler,
http://www.w3.org/2006/07/ws-policy=org.apache.cxf.ws.policy.spring.PolicyNamespaceHandler,
http://www.springframework.org/schema/lang=org.springframework.scripting.config.LangNamespaceHandler,
http://www.springframework.org/schema/util=org.springframework.beans.factory.xml.UtilNamespaceHandler,
http://cxf.apache.org/jaxws=org.apache.cxf.jaxws.spring.NamespaceHandler,
http://cxf.apache.org/policy=org.apache.cxf.ws.policy.spring.NamespaceHandler,
http://www.springframework.org/schema/jee=org.springframework.ejb.config.JeeNamespaceHandler,
http://cxf.apache.org/transports/http/configuration=org.apache.cxf.transport.http.spring.NamespaceHandler,
http://cxf.apache.org/ws/addressing=org.apache.cxf.ws.addressing.spring.NamespaceHandler,
http://cxf.apache.org/simple=org.apache.cxf.frontend.spring.NamespaceHandler,
http://www.springframework.org/schema/aop=org.springframework.aop.config.AopNamespaceHandler,
http://www.springframework.org/schema/context=org.springframework.context.config.ContextNamespaceHandler,
http://cxf.apache.org/core=org.apache.cxf.bus.spring.NamespaceHandler,
http://schemas.xmlsoap.org/ws/2004/09/policy=org.apache.cxf.ws.policy.spring.PolicyNamespaceHandler,
http://www.w3.org/ns/ws-policy=org.apache.cxf.ws.policy.spring.PolicyNamespaceHandler,
http://cxf.apache.org/bindings/soap=org.apache.cxf.binding.soap.spring.NamespaceHandler}
[DEBUG,BeanDefinitionParserDelegate,main] Using generated bean name
[p:policies#784a7df6] for nested custom element 'p:policies'
[DEBUG,BeanDefinitionParserDelegate,main] Using generated bean name
[cxf:logging#6293df2c] for nested custom element 'cxf:logging'
[DEBUG,BeanDefinitionParserDelegate,main] Using generated bean name
[httpj:engine#2b784427] for nested custom element 'httpj:engine'
[DEBUG,BusApplicationContext,main] Bean factory for
org.apache.cxf.bus.spring.BusApplicationContext@2f242b11:
org.springframework.beans.factory.support.DefaultListableBeanFactory@594ab51b:
defining beans
[cxf,org.apache.cxf.bus.spring.BusWiringBeanFactoryPostProcessor,org.apache.cxf.bus.spring.Jsr250BeanPostProcessor,org.apache.cxf.bus.spring.BusExtensionPostProcessor,org.springframework.beans.factory.config.PropertyPlaceholderConfigurer#0,cxf.config0,org.apache.cxf.transport.http_jetty.spring.JettySpringTypesFactory,tls-settings,kerberosValidator,KerberosOverTransport,KerberosOverSymmetric,KerberosOverSymmetricSupporting,KerberosOverAsymmetric,KerberosOverTransportEndorsing,KerberosOverAsymmetricEndorsing,KerberosOverSymmetricProtection,KerberosOverSymmetricDerivedProtection,KerberosOverAsymmetricSignedEndorsing,KerberosOverAsymmetricSignedEncrypted,KerberosOverSymmetricEndorsingEncrypted,KerberosOverSymmetricSignedEndorsingEncrypted];
root of factory hierarchy
[DEBUG,DefaultListableBeanFactory,main] Creating shared instance of
singleton bean
'org.springframework.beans.factory.config.PropertyPlaceholderConfigurer#0'
[DEBUG,DefaultListableBeanFactory,main] Creating instance of bean
'org.springframework.beans.factory.config.PropertyPlaceholderConfigurer#0'
[DEBUG,DefaultListableBeanFactory,main] Eagerly caching bean
'org.springframework.beans.factory.config.PropertyPlaceholderConfigurer#0'
to allow for resolving potential circular references
[DEBUG,DefaultListableBeanFactory,main] Finished creating instance of bean
'org.springframework.beans.factory.config.PropertyPlaceholderConfigurer#0'
[DEBUG,DefaultListableBeanFactory,main] Creating shared instance of
singleton bean 'org.apache.cxf.bus.spring.BusWiringBeanFactoryPostProcessor'
[DEBUG,DefaultListableBeanFactory,main] Creating instance of bean
'org.apache.cxf.bus.spring.BusWiringBeanFactoryPostProcessor'
[DEBUG,DefaultListableBeanFactory,main] Eagerly caching bean
'org.apache.cxf.bus.spring.BusWiringBeanFactoryPostProcessor' to allow for
resolving potential circular references
[DEBUG,DefaultListableBeanFactory,main] Finished creating instance of bean
'org.apache.cxf.bus.spring.BusWiringBeanFactoryPostProcessor'
[DEBUG,DefaultListableBeanFactory,main] Creating shared instance of
singleton bean 'org.apache.cxf.bus.spring.Jsr250BeanPostProcessor'
[DEBUG,DefaultListableBeanFactory,main] Creating instance of bean
'org.apache.cxf.bus.spring.Jsr250BeanPostProcessor'
[DEBUG,DefaultListableBeanFactory,main] Eagerly caching bean
'org.apache.cxf.bus.spring.Jsr250BeanPostProcessor' to allow for resolving
potential circular references
[DEBUG,DefaultListableBeanFactory,main] Finished creating instance of bean
'org.apache.cxf.bus.spring.Jsr250BeanPostProcessor'
[DEBUG,DefaultListableBeanFactory,main] Creating shared instance of
singleton bean 'org.apache.cxf.bus.spring.BusExtensionPostProcessor'
[DEBUG,DefaultListableBeanFactory,main] Creating instance of bean
'org.apache.cxf.bus.spring.BusExtensionPostProcessor'
[DEBUG,DefaultListableBeanFactory,main] Eagerly caching bean
'org.apache.cxf.bus.spring.BusExtensionPostProcessor' to allow for resolving
potential circular references
[DEBUG,DefaultListableBeanFactory,main] Finished creating instance of bean
'org.apache.cxf.bus.spring.BusExtensionPostProcessor'
[DEBUG,BusApplicationContext,main] Unable to locate MessageSource with name
'messageSource': using default
[org.springframework.context.support.DelegatingMessageSource@7275f5b7]
[DEBUG,BusApplicationContext,main] Unable to locate
ApplicationEventMulticaster with name 'applicationEventMulticaster': using
default
[org.springframework.context.event.SimpleApplicationEventMulticaster@538eb7b8]
[INFO,DefaultListableBeanFactory,main] Pre-instantiating singletons in
org.springframework.beans.factory.support.DefaultListableBeanFactory@594ab51b:
defining beans
[cxf,org.apache.cxf.bus.spring.BusWiringBeanFactoryPostProcessor,org.apache.cxf.bus.spring.Jsr250BeanPostProcessor,org.apache.cxf.bus.spring.BusExtensionPostProcessor,org.springframework.beans.factory.config.PropertyPlaceholderConfigurer#0,cxf.config0,org.apache.cxf.transport.http_jetty.spring.JettySpringTypesFactory,tls-settings,kerberosValidator,KerberosOverTransport,KerberosOverSymmetric,KerberosOverSymmetricSupporting,KerberosOverAsymmetric,KerberosOverTransportEndorsing,KerberosOverAsymmetricEndorsing,KerberosOverSymmetricProtection,KerberosOverSymmetricDerivedProtection,KerberosOverAsymmetricSignedEndorsing,KerberosOverAsymmetricSignedEncrypted,KerberosOverSymmetricEndorsingEncrypted,KerberosOverSymmetricSignedEndorsingEncrypted];
root of factory hierarchy
[DEBUG,DefaultListableBeanFactory,main] Creating shared instance of
singleton bean 'cxf'
[DEBUG,DefaultListableBeanFactory,main] Creating instance of bean 'cxf'
[DEBUG,DefaultListableBeanFactory,main] Eagerly caching bean 'cxf' to allow
for resolving potential circular references
[DEBUG,DefaultListableBeanFactory,main] Creating instance of bean
'p:policies#784a7df6'
[DEBUG,DefaultListableBeanFactory,main] Finished creating instance of bean
'p:policies#784a7df6'
[DEBUG,DefaultListableBeanFactory,main] Creating instance of bean
'cxf:logging#6293df2c'
[DEBUG,DefaultListableBeanFactory,main] Finished creating instance of bean
'cxf:logging#6293df2c'
[DEBUG,DefaultListableBeanFactory,main] Finished creating instance of bean
'cxf'
[DEBUG,DefaultListableBeanFactory,main] Returning cached instance of
singleton bean 'org.apache.cxf.bus.spring.BusWiringBeanFactoryPostProcessor'
[DEBUG,DefaultListableBeanFactory,main] Returning cached instance of
singleton bean 'org.apache.cxf.bus.spring.Jsr250BeanPostProcessor'
[DEBUG,DefaultListableBeanFactory,main] Returning cached instance of
singleton bean 'org.apache.cxf.bus.spring.BusExtensionPostProcessor'
[DEBUG,DefaultListableBeanFactory,main] Returning cached instance of
singleton bean
'org.springframework.beans.factory.config.PropertyPlaceholderConfigurer#0'
[DEBUG,DefaultListableBeanFactory,main] Creating shared instance of
singleton bean 'cxf.config0'
[DEBUG,DefaultListableBeanFactory,main] Creating instance of bean
'cxf.config0'
[DEBUG,DefaultListableBeanFactory,main] Eagerly caching bean 'cxf.config0'
to allow for resolving potential circular references
[DEBUG,DefaultListableBeanFactory,main] Finished creating instance of bean
'cxf.config0'
[DEBUG,DefaultListableBeanFactory,main] Creating shared instance of
singleton bean
'org.apache.cxf.transport.http_jetty.spring.JettySpringTypesFactory'
[DEBUG,DefaultListableBeanFactory,main] Creating instance of bean
'org.apache.cxf.transport.http_jetty.spring.JettySpringTypesFactory'
[DEBUG,DefaultListableBeanFactory,main] Eagerly caching bean
'org.apache.cxf.transport.http_jetty.spring.JettySpringTypesFactory' to
allow for resolving potential circular references
[DEBUG,DefaultListableBeanFactory,main] Finished creating instance of bean
'org.apache.cxf.transport.http_jetty.spring.JettySpringTypesFactory'
[DEBUG,DefaultListableBeanFactory,main] Creating shared instance of
singleton bean 'tls-settings'
[DEBUG,DefaultListableBeanFactory,main] Creating instance of bean
'tls-settings'
[DEBUG,DefaultListableBeanFactory,main] Returning cached instance of
singleton bean 'cxf'
[DEBUG,DefaultListableBeanFactory,main] Creating instance of bean '(inner
bean)'
[DEBUG,DefaultListableBeanFactory,main] Returning cached instance of
singleton bean
'org.apache.cxf.transport.http_jetty.spring.JettySpringTypesFactory'
[DEBUG,DefaultListableBeanFactory,main] Finished creating instance of bean
'(inner bean)'
[DEBUG,DefaultListableBeanFactory,main] Creating instance of bean '(inner
bean)#1'
[DEBUG,DefaultListableBeanFactory,main] Returning cached instance of
singleton bean
'org.apache.cxf.transport.http_jetty.spring.JettySpringTypesFactory'
[DEBUG,DefaultListableBeanFactory,main] Finished creating instance of bean
'(inner bean)#1'
[DEBUG,DefaultListableBeanFactory,main] Eagerly caching bean 'tls-settings'
to allow for resolving potential circular references
[DEBUG,DefaultListableBeanFactory,main] Creating instance of bean
'httpj:engine#2b784427'
[DEBUG,DefaultListableBeanFactory,main] Returning cached instance of
singleton bean 'cxf'
[DEBUG,DefaultListableBeanFactory,main] Creating instance of bean '(inner
bean)#2'
[DEBUG,DefaultListableBeanFactory,main] Finished creating instance of bean
'(inner bean)#2'
[DEBUG,DefaultListableBeanFactory,main] Invoking afterPropertiesSet() on
bean with name 'httpj:engine#2b784427'
[DEBUG,DefaultListableBeanFactory,main] Finished creating instance of bean
'httpj:engine#2b784427'
[DEBUG,DefaultListableBeanFactory,main] Finished creating instance of bean
'tls-settings'
[DEBUG,DefaultListableBeanFactory,main] Creating shared instance of
singleton bean 'kerberosValidator'
[DEBUG,DefaultListableBeanFactory,main] Creating instance of bean
'kerberosValidator'
[DEBUG,DefaultListableBeanFactory,main] Eagerly caching bean
'kerberosValidator' to allow for resolving potential circular references
[DEBUG,DefaultListableBeanFactory,main] Finished creating instance of bean
'kerberosValidator'
[DEBUG,DefaultListableBeanFactory,main] Returning cached instance of
singleton bean 'tls-settings'
[DEBUG,DefaultListableBeanFactory,main] Creating shared instance of
singleton bean 'KerberosOverTransport'
[DEBUG,DefaultListableBeanFactory,main] Creating instance of bean
'KerberosOverTransport'
[DEBUG,DefaultListableBeanFactory,main] Creating instance of bean '(inner
bean)#3'
[DEBUG,DefaultListableBeanFactory,main] Finished creating instance of bean
'(inner bean)#3'
[DEBUG,DefaultListableBeanFactory,main] Returning cached instance of
singleton bean 'cxf'
[DEBUG,DefaultListableBeanFactory,main] Eagerly caching bean
'KerberosOverTransport' to allow for resolving potential circular references
[DEBUG,DefaultListableBeanFactory,main] Returning cached instance of
singleton bean 'kerberosValidator'
[DEBUG,DefaultListableBeanFactory,main] Invoking init method 'publish' on
bean with name 'KerberosOverTransport'
[DEBUG,DefaultListableBeanFactory,main] Finished creating instance of bean
'KerberosOverTransport'
[DEBUG,DefaultListableBeanFactory,main] Creating shared instance of
singleton bean 'KerberosOverSymmetric'
[DEBUG,DefaultListableBeanFactory,main] Creating instance of bean
'KerberosOverSymmetric'
[DEBUG,DefaultListableBeanFactory,main] Creating instance of bean '(inner
bean)#4'
[DEBUG,DefaultListableBeanFactory,main] Finished creating instance of bean
'(inner bean)#4'
[DEBUG,DefaultListableBeanFactory,main] Returning cached instance of
singleton bean 'cxf'
[DEBUG,DefaultListableBeanFactory,main] Eagerly caching bean
'KerberosOverSymmetric' to allow for resolving potential circular references
[DEBUG,DefaultListableBeanFactory,main] Returning cached instance of
singleton bean 'kerberosValidator'
[DEBUG,DefaultListableBeanFactory,main] Invoking init method 'publish' on
bean with name 'KerberosOverSymmetric'
[DEBUG,DefaultListableBeanFactory,main] Finished creating instance of bean
'KerberosOverSymmetric'
[DEBUG,DefaultListableBeanFactory,main] Creating shared instance of
singleton bean 'KerberosOverSymmetricSupporting'
[DEBUG,DefaultListableBeanFactory,main] Creating instance of bean
'KerberosOverSymmetricSupporting'
[DEBUG,DefaultListableBeanFactory,main] Creating instance of bean '(inner
bean)#5'
[DEBUG,DefaultListableBeanFactory,main] Finished creating instance of bean
'(inner bean)#5'
[DEBUG,DefaultListableBeanFactory,main] Returning cached instance of
singleton bean 'cxf'
[DEBUG,DefaultListableBeanFactory,main] Eagerly caching bean
'KerberosOverSymmetricSupporting' to allow for resolving potential circular
references
[DEBUG,DefaultListableBeanFactory,main] Returning cached instance of
singleton bean 'kerberosValidator'
[DEBUG,DefaultListableBeanFactory,main] Invoking init method 'publish' on
bean with name 'KerberosOverSymmetricSupporting'
[DEBUG,DefaultListableBeanFactory,main] Finished creating instance of bean
'KerberosOverSymmetricSupporting'
[DEBUG,DefaultListableBeanFactory,main] Creating shared instance of
singleton bean 'KerberosOverAsymmetric'
[DEBUG,DefaultListableBeanFactory,main] Creating instance of bean
'KerberosOverAsymmetric'
[DEBUG,DefaultListableBeanFactory,main] Creating instance of bean '(inner
bean)#6'
[DEBUG,DefaultListableBeanFactory,main] Finished creating instance of bean
'(inner bean)#6'
[DEBUG,DefaultListableBeanFactory,main] Returning cached instance of
singleton bean 'cxf'
[DEBUG,DefaultListableBeanFactory,main] Eagerly caching bean
'KerberosOverAsymmetric' to allow for resolving potential circular
references
[DEBUG,DefaultListableBeanFactory,main] Returning cached instance of
singleton bean 'kerberosValidator'
[DEBUG,DefaultListableBeanFactory,main] Invoking init method 'publish' on
bean with name 'KerberosOverAsymmetric'
[DEBUG,DefaultListableBeanFactory,main] Finished creating instance of bean
'KerberosOverAsymmetric'
[DEBUG,DefaultListableBeanFactory,main] Returning cached instance of
singleton bean 'tls-settings'
[DEBUG,DefaultListableBeanFactory,main] Creating shared instance of
singleton bean 'KerberosOverTransportEndorsing'
[DEBUG,DefaultListableBeanFactory,main] Creating instance of bean
'KerberosOverTransportEndorsing'
[DEBUG,DefaultListableBeanFactory,main] Creating instance of bean '(inner
bean)#7'
[DEBUG,DefaultListableBeanFactory,main] Finished creating instance of bean
'(inner bean)#7'
[DEBUG,DefaultListableBeanFactory,main] Returning cached instance of
singleton bean 'cxf'
[DEBUG,DefaultListableBeanFactory,main] Eagerly caching bean
'KerberosOverTransportEndorsing' to allow for resolving potential circular
references
[DEBUG,DefaultListableBeanFactory,main] Returning cached instance of
singleton bean 'kerberosValidator'
[DEBUG,DefaultListableBeanFactory,main] Invoking init method 'publish' on
bean with name 'KerberosOverTransportEndorsing'
[DEBUG,DefaultListableBeanFactory,main] Finished creating instance of bean
'KerberosOverTransportEndorsing'
[DEBUG,DefaultListableBeanFactory,main] Creating shared instance of
singleton bean 'KerberosOverAsymmetricEndorsing'
[DEBUG,DefaultListableBeanFactory,main] Creating instance of bean
'KerberosOverAsymmetricEndorsing'
[DEBUG,DefaultListableBeanFactory,main] Creating instance of bean '(inner
bean)#8'
[DEBUG,DefaultListableBeanFactory,main] Finished creating instance of bean
'(inner bean)#8'
[DEBUG,DefaultListableBeanFactory,main] Returning cached instance of
singleton bean 'cxf'
[DEBUG,DefaultListableBeanFactory,main] Eagerly caching bean
'KerberosOverAsymmetricEndorsing' to allow for resolving potential circular
references
[DEBUG,DefaultListableBeanFactory,main] Returning cached instance of
singleton bean 'kerberosValidator'
[DEBUG,DefaultListableBeanFactory,main] Invoking init method 'publish' on
bean with name 'KerberosOverAsymmetricEndorsing'
[DEBUG,DefaultListableBeanFactory,main] Finished creating instance of bean
'KerberosOverAsymmetricEndorsing'
[DEBUG,DefaultListableBeanFactory,main] Creating shared instance of
singleton bean 'KerberosOverSymmetricProtection'
[DEBUG,DefaultListableBeanFactory,main] Creating instance of bean
'KerberosOverSymmetricProtection'
[DEBUG,DefaultListableBeanFactory,main] Creating instance of bean '(inner
bean)#9'
[DEBUG,DefaultListableBeanFactory,main] Finished creating instance of bean
'(inner bean)#9'
[DEBUG,DefaultListableBeanFactory,main] Returning cached instance of
singleton bean 'cxf'
[DEBUG,DefaultListableBeanFactory,main] Eagerly caching bean
'KerberosOverSymmetricProtection' to allow for resolving potential circular
references
[DEBUG,DefaultListableBeanFactory,main] Returning cached instance of
singleton bean 'kerberosValidator'
[DEBUG,DefaultListableBeanFactory,main] Invoking init method 'publish' on
bean with name 'KerberosOverSymmetricProtection'
[DEBUG,DefaultListableBeanFactory,main] Finished creating instance of bean
'KerberosOverSymmetricProtection'
[DEBUG,DefaultListableBeanFactory,main] Creating shared instance of
singleton bean 'KerberosOverSymmetricDerivedProtection'
[DEBUG,DefaultListableBeanFactory,main] Creating instance of bean
'KerberosOverSymmetricDerivedProtection'
[DEBUG,DefaultListableBeanFactory,main] Creating instance of bean '(inner
bean)#10'
[DEBUG,DefaultListableBeanFactory,main] Finished creating instance of bean
'(inner bean)#10'
[DEBUG,DefaultListableBeanFactory,main] Returning cached instance of
singleton bean 'cxf'
[DEBUG,DefaultListableBeanFactory,main] Eagerly caching bean
'KerberosOverSymmetricDerivedProtection' to allow for resolving potential
circular references
[DEBUG,DefaultListableBeanFactory,main] Returning cached instance of
singleton bean 'kerberosValidator'
[DEBUG,DefaultListableBeanFactory,main] Invoking init method 'publish' on
bean with name 'KerberosOverSymmetricDerivedProtection'
[DEBUG,DefaultListableBeanFactory,main] Finished creating instance of bean
'KerberosOverSymmetricDerivedProtection'
[DEBUG,DefaultListableBeanFactory,main] Creating shared instance of
singleton bean 'KerberosOverAsymmetricSignedEndorsing'
[DEBUG,DefaultListableBeanFactory,main] Creating instance of bean
'KerberosOverAsymmetricSignedEndorsing'
[DEBUG,DefaultListableBeanFactory,main] Creating instance of bean '(inner
bean)#11'
[DEBUG,DefaultListableBeanFactory,main] Finished creating instance of bean
'(inner bean)#11'
[DEBUG,DefaultListableBeanFactory,main] Returning cached instance of
singleton bean 'cxf'
[DEBUG,DefaultListableBeanFactory,main] Eagerly caching bean
'KerberosOverAsymmetricSignedEndorsing' to allow for resolving potential
circular references
[DEBUG,DefaultListableBeanFactory,main] Returning cached instance of
singleton bean 'kerberosValidator'
[DEBUG,DefaultListableBeanFactory,main] Invoking init method 'publish' on
bean with name 'KerberosOverAsymmetricSignedEndorsing'
[DEBUG,DefaultListableBeanFactory,main] Finished creating instance of bean
'KerberosOverAsymmetricSignedEndorsing'
[DEBUG,DefaultListableBeanFactory,main] Creating shared instance of
singleton bean 'KerberosOverAsymmetricSignedEncrypted'
[DEBUG,DefaultListableBeanFactory,main] Creating instance of bean
'KerberosOverAsymmetricSignedEncrypted'
[DEBUG,DefaultListableBeanFactory,main] Creating instance of bean '(inner
bean)#12'
[DEBUG,DefaultListableBeanFactory,main] Finished creating instance of bean
'(inner bean)#12'
[DEBUG,DefaultListableBeanFactory,main] Returning cached instance of
singleton bean 'cxf'
[DEBUG,DefaultListableBeanFactory,main] Eagerly caching bean
'KerberosOverAsymmetricSignedEncrypted' to allow for resolving potential
circular references
[DEBUG,DefaultListableBeanFactory,main] Returning cached instance of
singleton bean 'kerberosValidator'
[DEBUG,DefaultListableBeanFactory,main] Invoking init method 'publish' on
bean with name 'KerberosOverAsymmetricSignedEncrypted'
[DEBUG,DefaultListableBeanFactory,main] Finished creating instance of bean
'KerberosOverAsymmetricSignedEncrypted'
[DEBUG,DefaultListableBeanFactory,main] Creating shared instance of
singleton bean 'KerberosOverSymmetricEndorsingEncrypted'
[DEBUG,DefaultListableBeanFactory,main] Creating instance of bean
'KerberosOverSymmetricEndorsingEncrypted'
[DEBUG,DefaultListableBeanFactory,main] Creating instance of bean '(inner
bean)#13'
[DEBUG,DefaultListableBeanFactory,main] Finished creating instance of bean
'(inner bean)#13'
[DEBUG,DefaultListableBeanFactory,main] Returning cached instance of
singleton bean 'cxf'
[DEBUG,DefaultListableBeanFactory,main] Eagerly caching bean
'KerberosOverSymmetricEndorsingEncrypted' to allow for resolving potential
circular references
[DEBUG,DefaultListableBeanFactory,main] Returning cached instance of
singleton bean 'kerberosValidator'
[DEBUG,DefaultListableBeanFactory,main] Invoking init method 'publish' on
bean with name 'KerberosOverSymmetricEndorsingEncrypted'
[DEBUG,DefaultListableBeanFactory,main] Finished creating instance of bean
'KerberosOverSymmetricEndorsingEncrypted'
[DEBUG,DefaultListableBeanFactory,main] Creating shared instance of
singleton bean 'KerberosOverSymmetricSignedEndorsingEncrypted'
[DEBUG,DefaultListableBeanFactory,main] Creating instance of bean
'KerberosOverSymmetricSignedEndorsingEncrypted'
[DEBUG,DefaultListableBeanFactory,main] Creating instance of bean '(inner
bean)#14'
[DEBUG,DefaultListableBeanFactory,main] Finished creating instance of bean
'(inner bean)#14'
[DEBUG,DefaultListableBeanFactory,main] Returning cached instance of
singleton bean 'cxf'
[DEBUG,DefaultListableBeanFactory,main] Eagerly caching bean
'KerberosOverSymmetricSignedEndorsingEncrypted' to allow for resolving
potential circular references
[DEBUG,DefaultListableBeanFactory,main] Returning cached instance of
singleton bean 'kerberosValidator'
[DEBUG,DefaultListableBeanFactory,main] Invoking init method 'publish' on
bean with name 'KerberosOverSymmetricSignedEndorsingEncrypted'
[DEBUG,DefaultListableBeanFactory,main] Finished creating instance of bean
'KerberosOverSymmetricSignedEndorsingEncrypted'
[DEBUG,BusApplicationContext,main] Unable to locate LifecycleProcessor with
name 'lifecycleProcessor': using default
[org.springframework.context.support.DefaultLifecycleProcessor@64598a5d]
[DEBUG,DefaultListableBeanFactory,main] Returning cached instance of
singleton bean 'lifecycleProcessor'
[DEBUG,DefaultListableBeanFactory,main] Returning cached instance of
singleton bean 'cxf'
[DEBUG,DefaultListableBeanFactory,main] Returning cached instance of
singleton bean 'cxf'
In testKerberosOverSymmetric.
Unrestricted policies installed
[INFO,BusApplicationContext,main] Refreshing
org.apache.cxf.bus.spring.BusApplicationContext@1544e44: startup date [Wed
Apr 25 20:30:52 CEST 2012]; root of context hierarchy
[DEBUG,DefaultBeanDefinitionDocumentReader,main] Loading bean definitions
[INFO,ControlledValidationXmlBeanDefinitionReader,main] Loading XML bean
definitions from URL
[file:/home/p15629/poc/demo/trunk6/systests/ws-security/target/test-classes/org/apache/cxf/systest/ws/kerberos/client/client.xml]
[DEBUG,DefaultDocumentLoader,main] Using JAXP provider
[com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderFactoryImpl]
[DEBUG,PluggableSchemaResolver,main] Loading schema mappings from
[META-INF/spring.schemas]
[DEBUG,PluggableSchemaResolver,main] Loaded schema mappings:
{http://www.springframework.org/schema/util/spring-util.xsd=org/springframework/beans/factory/xml/spring-util-3.0.xsd,
http://cxf.apache.org/schemas/policy.xsd=schemas/policy.xsd,
http://cxf.apache.org/schemas/configuration/security.xsd=schemas/configuration/security.xsd,
http://www.springframework.org/schema/task/spring-task.xsd=org/springframework/scheduling/config/spring-task-3.0.xsd,
http://www.springframework.org/schema/aop/spring-aop-3.0.xsd=org/springframework/aop/config/spring-aop-3.0.xsd,
http://www.springframework.org/schema/aop/spring-aop-2.0.xsd=org/springframework/aop/config/spring-aop-2.0.xsd,
http://www.springframework.org/schema/tool/spring-tool-2.5.xsd=org/springframework/beans/factory/xml/spring-tool-2.5.xsd,
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd=schemas/oasis-200401-wss-wssecurity-utility-1.0.xsd,
http://cxf.apache.org/schemas/configuration/soap.xsd=schemas/configuration/soap.xsd,
http://www.springframework.org/schema/beans/spring-beans.xsd=org/springframework/beans/factory/xml/spring-beans-3.0.xsd,
http://cxf.apache.org/schemas/wsdl/http-conf.xsd=schemas/wsdl/http-conf.xsd,
http://www.springframework.org/schema/jee/spring-jee-2.5.xsd=org/springframework/ejb/config/spring-jee-2.5.xsd,
http://cxf.apache.org/schemas/jaxws.xsd=schemas/jaxws.xsd,
http://www.w3.org/2006/07/ws-policy.xsd=schemas/ws-policy-200607.xsd,
http://schemas.xmlsoap.org/ws/2004/09/policy/ws-policy.xsd=schemas/ws-policy-200409.xsd,
http://www.springframework.org/schema/aop/spring-aop.xsd=org/springframework/aop/config/spring-aop-3.0.xsd,
http://cxf.apache.org/schemas/simple.xsd=schemas/simple.xsd,
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd=org/springframework/beans/factory/xml/spring-beans-2.0.xsd,
http://www.springframework.org/schema/beans/spring-beans-3.0.xsd=org/springframework/beans/factory/xml/spring-beans-3.0.xsd,
http://www.springframework.org/schema/task/spring-task-3.0.xsd=org/springframework/scheduling/config/spring-task-3.0.xsd,
http://schemas.xmlsoap.org/wsdl/2003-02-11.xsd=schemas/wsdl/wsdl.xsd,
http://www.springframework.org/schema/context/spring-context-2.5.xsd=org/springframework/context/config/spring-context-2.5.xsd,
http://www.springframework.org/schema/tool/spring-tool-3.0.xsd=org/springframework/beans/factory/xml/spring-tool-3.0.xsd,
http://www.springframework.org/schema/lang/spring-lang.xsd=org/springframework/scripting/config/spring-lang-3.0.xsd,
http://www.springframework.org/schema/tool/spring-tool-2.0.xsd=org/springframework/beans/factory/xml/spring-tool-2.0.xsd,
http://www.springframework.org/schema/util/spring-util-2.5.xsd=org/springframework/beans/factory/xml/spring-util-2.5.xsd,
http://www.springframework.org/schema/lang/spring-lang-2.5.xsd=org/springframework/scripting/config/spring-lang-2.5.xsd,
http://cxf.apache.org/configuration/parameterized-types=schemas/configuration/parameterized-types.xsd,
http://cxf.apache.org/schemas/configuration/cxf-beans.xsd=schemas/configuration/cxf-beans.xsd,
http://cxf.apache.org/schemas/ws/addressing.xsd=schemas/ws-addr-conf.xsd,
http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd=schemas/oasis-200401-wss-wssecurity-secext-1.0.xsd,
http://www.springframework.org/schema/jee/spring-jee-3.0.xsd=org/springframework/ejb/config/spring-jee-3.0.xsd,
http://www.springframework.org/schema/jee/spring-jee-2.0.xsd=org/springframework/ejb/config/spring-jee-2.0.xsd,
http://cxf.apache.org/schemas/core.xsd=schemas/core.xsd,
http://www.w3.org/2007/02/ws-policy.xsd=schemas/ws-policy-200702.xsd,
http://www.springframework.org/schema/context/spring-context.xsd=org/springframework/context/config/spring-context-3.0.xsd,
http://www.springframework.org/schema/jee/spring-jee.xsd=org/springframework/ejb/config/spring-jee-3.0.xsd,
http://www.w3.org/TR/xmldsig-core/xmldsig-core-schema.xsd=schemas/xmldsig-core-schema.xsd,
http://www.w3.org/2001/xml.xsd=schemas/xml.xsd,
http://www.springframework.org/schema/aop/spring-aop-2.5.xsd=org/springframework/aop/config/spring-aop-2.5.xsd,
http://cxf.apache.org/schemas/configuration/http-conf.xsd=schemas/configuration/http-conf.xsd,
http://cxf.apache.org/schemas/configuration/http-jetty.xsd=schemas/configuration/http-jetty.xsd,
http://www.springframework.org/schema/context/spring-context-3.0.xsd=org/springframework/context/config/spring-context-3.0.xsd,
http://www.springframework.org/schema/tool/spring-tool.xsd=org/springframework/beans/factory/xml/spring-tool-3.0.xsd,
http://www.springframework.org/schema/util/spring-util-3.0.xsd=org/springframework/beans/factory/xml/spring-util-3.0.xsd,
http://www.springframework.org/schema/lang/spring-lang-3.0.xsd=org/springframework/scripting/config/spring-lang-3.0.xsd,
http://www.springframework.org/schema/util/spring-util-2.0.xsd=org/springframework/beans/factory/xml/spring-util-2.0.xsd,
http://www.springframework.org/schema/lang/spring-lang-2.0.xsd=org/springframework/scripting/config/spring-lang-2.0.xsd,
http://schemas.xmlsoap.org/wsdl/http/=schemas/wsdl/http.xsd,
http://cxf.apache.org/schemas/configuration/parameterized-types.xsd=schemas/configuration/parameterized-types.xsd,
http://schemas.xmlsoap.org/wsdl/=schemas/wsdl/wsdl.xsd,
http://schemas.xmlsoap.org/ws/2004/08/addressing=schemas/wsdl/addressing.xsd,
http://www.springframework.org/schema/beans/spring-beans-2.5.xsd=org/springframework/beans/factory/xml/spring-beans-2.5.xsd}
[DEBUG,PluggableSchemaResolver,main] Found XML schema
[http://www.springframework.org/schema/beans/spring-beans.xsd] in classpath:
org/springframework/beans/factory/xml/spring-beans-3.0.xsd
[DEBUG,PluggableSchemaResolver,main] Found XML schema
[http://cxf.apache.org/schemas/core.xsd] in classpath: schemas/core.xsd
[DEBUG,PluggableSchemaResolver,main] Found XML schema
[http://cxf.apache.org/schemas/configuration/cxf-beans.xsd] in classpath:
schemas/configuration/cxf-beans.xsd
[DEBUG,PluggableSchemaResolver,main] Found XML schema
[http://cxf.apache.org/schemas/configuration/parameterized-types.xsd] in
classpath: schemas/configuration/parameterized-types.xsd
[DEBUG,PluggableSchemaResolver,main] Found XML schema
[http://cxf.apache.org/schemas/policy.xsd] in classpath: schemas/policy.xsd
[DEBUG,PluggableSchemaResolver,main] Found XML schema
[http://cxf.apache.org/schemas/configuration/http-conf.xsd] in classpath:
schemas/configuration/http-conf.xsd
[DEBUG,PluggableSchemaResolver,main] Found XML schema
[http://cxf.apache.org/schemas/wsdl/http-conf.xsd] in classpath:
schemas/wsdl/http-conf.xsd
[DEBUG,PluggableSchemaResolver,main] Found XML schema
[http://schemas.xmlsoap.org/wsdl/2003-02-11.xsd] in classpath:
schemas/wsdl/wsdl.xsd
[DEBUG,PluggableSchemaResolver,main] Found XML schema
[http://cxf.apache.org/schemas/configuration/security.xsd] in classpath:
schemas/configuration/security.xsd
[DEBUG,PluggableSchemaResolver,main] Found XML schema
[http://cxf.apache.org/schemas/jaxws.xsd] in classpath: schemas/jaxws.xsd
[DEBUG,DefaultBeanDefinitionDocumentReader,main] Loading bean definitions
[DEBUG,BeanDefinitionParserDelegate,main] Neither XML 'id' nor 'name'
specified - using generated bean name
[org.springframework.beans.factory.config.PropertyPlaceholderConfigurer#0]
[DEBUG,DefaultNamespaceHandlerResolver,main] Loaded NamespaceHandler
mappings:
{http://www.springframework.org/schema/task=org.springframework.scheduling.config.TaskNamespaceHandler,
http://www.springframework.org/schema/p=org.springframework.beans.factory.xml.SimplePropertyNamespaceHandler,
http://cxf.apache.org/transports/http-jetty/configuration=org.apache.cxf.transport.http_jetty.spring.NamespaceHandler,
http://www.w3.org/2006/07/ws-policy=org.apache.cxf.ws.policy.spring.PolicyNamespaceHandler,
http://www.springframework.org/schema/lang=org.springframework.scripting.config.LangNamespaceHandler,
http://www.springframework.org/schema/util=org.springframework.beans.factory.xml.UtilNamespaceHandler,
http://cxf.apache.org/jaxws=org.apache.cxf.jaxws.spring.NamespaceHandler,
http://cxf.apache.org/policy=org.apache.cxf.ws.policy.spring.NamespaceHandler,
http://www.springframework.org/schema/jee=org.springframework.ejb.config.JeeNamespaceHandler,
http://cxf.apache.org/transports/http/configuration=org.apache.cxf.transport.http.spring.NamespaceHandler,
http://cxf.apache.org/ws/addressing=org.apache.cxf.ws.addressing.spring.NamespaceHandler,
http://cxf.apache.org/simple=org.apache.cxf.frontend.spring.NamespaceHandler,
http://www.springframework.org/schema/aop=org.springframework.aop.config.AopNamespaceHandler,
http://www.springframework.org/schema/context=org.springframework.context.config.ContextNamespaceHandler,
http://cxf.apache.org/core=org.apache.cxf.bus.spring.NamespaceHandler,
http://schemas.xmlsoap.org/ws/2004/09/policy=org.apache.cxf.ws.policy.spring.PolicyNamespaceHandler,
http://www.w3.org/ns/ws-policy=org.apache.cxf.ws.policy.spring.PolicyNamespaceHandler,
http://cxf.apache.org/bindings/soap=org.apache.cxf.binding.soap.spring.NamespaceHandler}
[DEBUG,BeanDefinitionParserDelegate,main] Using generated bean name
[p:policies#1d5c0c91] for nested custom element 'p:policies'
[DEBUG,BeanDefinitionParserDelegate,main] Using generated bean name
[cxf:logging#63d12a6] for nested custom element 'cxf:logging'
[DEBUG,BeanDefinitionParserDelegate,main] Neither XML 'id' nor 'name'
specified - using generated bean name
[org.apache.cxf.ws.security.kerberos.KerberosClient#3c32fb80]
[DEBUG,BeanDefinitionParserDelegate,main] Neither XML 'id' nor 'name'
specified - using generated bean name
[org.apache.cxf.ws.security.kerberos.KerberosClient#7de4e3e4]
[DEBUG,BeanDefinitionParserDelegate,main] Neither XML 'id' nor 'name'
specified - using generated bean name
[org.apache.cxf.ws.security.kerberos.KerberosClient#314382c6]
[DEBUG,BeanDefinitionParserDelegate,main] Neither XML 'id' nor 'name'
specified - using generated bean name
[org.apache.cxf.ws.security.kerberos.KerberosClient#642ddc4c]
[DEBUG,BeanDefinitionParserDelegate,main] Neither XML 'id' nor 'name'
specified - using generated bean name
[org.apache.cxf.ws.security.kerberos.KerberosClient#27cb01e3]
[DEBUG,BeanDefinitionParserDelegate,main] Neither XML 'id' nor 'name'
specified - using generated bean name
[org.apache.cxf.ws.security.kerberos.KerberosClient#3d882ea9]
[DEBUG,BeanDefinitionParserDelegate,main] Neither XML 'id' nor 'name'
specified - using generated bean name
[org.apache.cxf.ws.security.kerberos.KerberosClient#612438f1]
[DEBUG,BeanDefinitionParserDelegate,main] Neither XML 'id' nor 'name'
specified - using generated bean name
[org.apache.cxf.ws.security.kerberos.KerberosClient#5e3d5149]
[DEBUG,BeanDefinitionParserDelegate,main] Neither XML 'id' nor 'name'
specified - using generated bean name
[org.apache.cxf.ws.security.kerberos.KerberosClient#2b8f73cb]
[DEBUG,BeanDefinitionParserDelegate,main] Neither XML 'id' nor 'name'
specified - using generated bean name
[org.apache.cxf.ws.security.kerberos.KerberosClient#3b4d679]
[DEBUG,BeanDefinitionParserDelegate,main] Neither XML 'id' nor 'name'
specified - using generated bean name
[org.apache.cxf.ws.security.kerberos.KerberosClient#4f7820c3]
[DEBUG,BeanDefinitionParserDelegate,main] Neither XML 'id' nor 'name'
specified - using generated bean name
[org.apache.cxf.ws.security.kerberos.KerberosClient#24f90b1a]
[DEBUG,BusApplicationContext,main] Bean factory for
org.apache.cxf.bus.spring.BusApplicationContext@1544e44:
org.springframework.beans.factory.support.DefaultListableBeanFactory@5a47eaec:
defining beans
[cxf,org.apache.cxf.bus.spring.BusWiringBeanFactoryPostProcessor,org.apache.cxf.bus.spring.Jsr250BeanPostProcessor,org.apache.cxf.bus.spring.BusExtensionPostProcessor,org.springframework.beans.factory.config.PropertyPlaceholderConfigurer#0,cxf.config1,https://localhost.*,{http://www.example.org/contract/DoubleIt}DoubleItKerberosTransportPort.jaxws-client.proxyFactory,{http://www.example.org/contract/DoubleIt}DoubleItKerberosTransportPort.jaxws-client,{http://www.example.org/contract/DoubleIt}DoubleItKerberosSymmetricPort.jaxws-client.proxyFactory,{http://www.example.org/contract/DoubleIt}DoubleItKerberosSymmetricPort.jaxws-client,{http://www.example.org/contract/DoubleIt}DoubleItKerberosSymmetricSupportingPort.jaxws-client.proxyFactory,{http://www.example.org/contract/DoubleIt}DoubleItKerberosSymmetricSupportingPort.jaxws-client,{http://www.example.org/contract/DoubleIt}DoubleItKerberosAsymmetricPort.jaxws-client.proxyFactory,{http://www.example.org/contract/DoubleIt}DoubleItKerberosAsymmetricPort.jaxws-client,{http://www.example.org/contract/DoubleIt}DoubleItKerberosTransportEndorsingPort.jaxws-client.proxyFactory,{http://www.example.org/contract/DoubleIt}DoubleItKerberosTransportEndorsingPort.jaxws-client,{http://www.example.org/contract/DoubleIt}DoubleItKerberosAsymmetricEndorsingPort.jaxws-client.proxyFactory,{http://www.example.org/contract/DoubleIt}DoubleItKerberosAsymmetricEndorsingPort.jaxws-client,{http://www.example.org/contract/DoubleIt}DoubleItKerberosSymmetricProtectionPort.jaxws-client.proxyFactory,{http://www.example.org/contract/DoubleIt}DoubleItKerberosSymmetricProtectionPort.jaxws-client,{http://www.example.org/contract/DoubleIt}DoubleItKerberosSymmetricDerivedProtectionPort.jaxws-client.proxyFactory,{http://www.example.org/contract/DoubleIt}DoubleItKerberosSymmetricDerivedProtectionPort.jaxws-client,{http://www.example.org/contract/DoubleIt}DoubleItKerberosAsymmetricSignedEndorsingPort.jaxws-client.proxyFactory,{http://www.example.org/contract/DoubleIt}DoubleItKerberosAsymmetricSignedEndorsingPort.jaxws-client,{http://www.example.org/contract/DoubleIt}DoubleItKerberosAsymmetricSignedEncryptedPort.jaxws-client.proxyFactory,{http://www.example.org/contract/DoubleIt}DoubleItKerberosAsymmetricSignedEncryptedPort.jaxws-client,{http://www.example.org/contract/DoubleIt}DoubleItKerberosSymmetricEndorsingEncryptedPort.jaxws-client.proxyFactory,{http://www.example.org/contract/DoubleIt}DoubleItKerberosSymmetricEndorsingEncryptedPort.jaxws-client,{http://www.example.org/contract/DoubleIt}DoubleItKerberosSymmetricSignedEndorsingEncryptedPort.jaxws-client.proxyFactory,{http://www.example.org/contract/DoubleIt}DoubleItKerberosSymmetricSignedEndorsingEncryptedPort.jaxws-client];
root of factory hierarchy
[DEBUG,DefaultListableBeanFactory,main] Creating shared instance of
singleton bean
'org.springframework.beans.factory.config.PropertyPlaceholderConfigurer#0'
[DEBUG,DefaultListableBeanFactory,main] Creating instance of bean
'org.springframework.beans.factory.config.PropertyPlaceholderConfigurer#0'
[DEBUG,DefaultListableBeanFactory,main] Eagerly caching bean
'org.springframework.beans.factory.config.PropertyPlaceholderConfigurer#0'
to allow for resolving potential circular references
[DEBUG,DefaultListableBeanFactory,main] Finished creating instance of bean
'org.springframework.beans.factory.config.PropertyPlaceholderConfigurer#0'
[DEBUG,DefaultListableBeanFactory,main] Creating shared instance of
singleton bean 'org.apache.cxf.bus.spring.BusWiringBeanFactoryPostProcessor'
[DEBUG,DefaultListableBeanFactory,main] Creating instance of bean
'org.apache.cxf.bus.spring.BusWiringBeanFactoryPostProcessor'
[DEBUG,DefaultListableBeanFactory,main] Eagerly caching bean
'org.apache.cxf.bus.spring.BusWiringBeanFactoryPostProcessor' to allow for
resolving potential circular references
[DEBUG,DefaultListableBeanFactory,main] Finished creating instance of bean
'org.apache.cxf.bus.spring.BusWiringBeanFactoryPostProcessor'
[DEBUG,DefaultListableBeanFactory,main] Creating shared instance of
singleton bean 'org.apache.cxf.bus.spring.Jsr250BeanPostProcessor'
[DEBUG,DefaultListableBeanFactory,main] Creating instance of bean
'org.apache.cxf.bus.spring.Jsr250BeanPostProcessor'
[DEBUG,DefaultListableBeanFactory,main] Eagerly caching bean
'org.apache.cxf.bus.spring.Jsr250BeanPostProcessor' to allow for resolving
potential circular references
[DEBUG,DefaultListableBeanFactory,main] Finished creating instance of bean
'org.apache.cxf.bus.spring.Jsr250BeanPostProcessor'
[DEBUG,DefaultListableBeanFactory,main] Creating shared instance of
singleton bean 'org.apache.cxf.bus.spring.BusExtensionPostProcessor'
[DEBUG,DefaultListableBeanFactory,main] Creating instance of bean
'org.apache.cxf.bus.spring.BusExtensionPostProcessor'
[DEBUG,DefaultListableBeanFactory,main] Eagerly caching bean
'org.apache.cxf.bus.spring.BusExtensionPostProcessor' to allow for resolving
potential circular references
[DEBUG,DefaultListableBeanFactory,main] Finished creating instance of bean
'org.apache.cxf.bus.spring.BusExtensionPostProcessor'
[DEBUG,BusApplicationContext,main] Unable to locate MessageSource with name
'messageSource': using default
[org.springframework.context.support.DelegatingMessageSource@7615b758]
[DEBUG,BusApplicationContext,main] Unable to locate
ApplicationEventMulticaster with name 'applicationEventMulticaster': using
default
[org.springframework.context.event.SimpleApplicationEventMulticaster@bb82ef9]
[INFO,DefaultListableBeanFactory,main] Pre-instantiating singletons in
org.springframework.beans.factory.support.DefaultListableBeanFactory@5a47eaec:
defining beans
[cxf,org.apache.cxf.bus.spring.BusWiringBeanFactoryPostProcessor,org.apache.cxf.bus.spring.Jsr250BeanPostProcessor,org.apache.cxf.bus.spring.BusExtensionPostProcessor,org.springframework.beans.factory.config.PropertyPlaceholderConfigurer#0,cxf.config1,https://localhost.*,{http://www.example.org/contract/DoubleIt}DoubleItKerberosTransportPort.jaxws-client.proxyFactory,{http://www.example.org/contract/DoubleIt}DoubleItKerberosTransportPort.jaxws-client,{http://www.example.org/contract/DoubleIt}DoubleItKerberosSymmetricPort.jaxws-client.proxyFactory,{http://www.example.org/contract/DoubleIt}DoubleItKerberosSymmetricPort.jaxws-client,{http://www.example.org/contract/DoubleIt}DoubleItKerberosSymmetricSupportingPort.jaxws-client.proxyFactory,{http://www.example.org/contract/DoubleIt}DoubleItKerberosSymmetricSupportingPort.jaxws-client,{http://www.example.org/contract/DoubleIt}DoubleItKerberosAsymmetricPort.jaxws-client.proxyFactory,{http://www.example.org/contract/DoubleIt}DoubleItKerberosAsymmetricPort.jaxws-client,{http://www.example.org/contract/DoubleIt}DoubleItKerberosTransportEndorsingPort.jaxws-client.proxyFactory,{http://www.example.org/contract/DoubleIt}DoubleItKerberosTransportEndorsingPort.jaxws-client,{http://www.example.org/contract/DoubleIt}DoubleItKerberosAsymmetricEndorsingPort.jaxws-client.proxyFactory,{http://www.example.org/contract/DoubleIt}DoubleItKerberosAsymmetricEndorsingPort.jaxws-client,{http://www.example.org/contract/DoubleIt}DoubleItKerberosSymmetricProtectionPort.jaxws-client.proxyFactory,{http://www.example.org/contract/DoubleIt}DoubleItKerberosSymmetricProtectionPort.jaxws-client,{http://www.example.org/contract/DoubleIt}DoubleItKerberosSymmetricDerivedProtectionPort.jaxws-client.proxyFactory,{http://www.example.org/contract/DoubleIt}DoubleItKerberosSymmetricDerivedProtectionPort.jaxws-client,{http://www.example.org/contract/DoubleIt}DoubleItKerberosAsymmetricSignedEndorsingPort.jaxws-client.proxyFactory,{http://www.example.org/contract/DoubleIt}DoubleItKerberosAsymmetricSignedEndorsingPort.jaxws-client,{http://www.example.org/contract/DoubleIt}DoubleItKerberosAsymmetricSignedEncryptedPort.jaxws-client.proxyFactory,{http://www.example.org/contract/DoubleIt}DoubleItKerberosAsymmetricSignedEncryptedPort.jaxws-client,{http://www.example.org/contract/DoubleIt}DoubleItKerberosSymmetricEndorsingEncryptedPort.jaxws-client.proxyFactory,{http://www.example.org/contract/DoubleIt}DoubleItKerberosSymmetricEndorsingEncryptedPort.jaxws-client,{http://www.example.org/contract/DoubleIt}DoubleItKerberosSymmetricSignedEndorsingEncryptedPort.jaxws-client.proxyFactory,{http://www.example.org/contract/DoubleIt}DoubleItKerberosSymmetricSignedEndorsingEncryptedPort.jaxws-client];
root of factory hierarchy
[DEBUG,DefaultListableBeanFactory,main] Creating shared instance of
singleton bean 'cxf'
[DEBUG,DefaultListableBeanFactory,main] Creating instance of bean 'cxf'
[DEBUG,DefaultListableBeanFactory,main] Eagerly caching bean 'cxf' to allow
for resolving potential circular references
[DEBUG,DefaultListableBeanFactory,main] Creating instance of bean
'p:policies#1d5c0c91'
[DEBUG,DefaultListableBeanFactory,main] Finished creating instance of bean
'p:policies#1d5c0c91'
[DEBUG,DefaultListableBeanFactory,main] Creating instance of bean
'cxf:logging#63d12a6'
[DEBUG,DefaultListableBeanFactory,main] Finished creating instance of bean
'cxf:logging#63d12a6'
[DEBUG,DefaultListableBeanFactory,main] Finished creating instance of bean
'cxf'
[DEBUG,DefaultListableBeanFactory,main] Returning cached instance of
singleton bean 'org.apache.cxf.bus.spring.BusWiringBeanFactoryPostProcessor'
[DEBUG,DefaultListableBeanFactory,main] Returning cached instance of
singleton bean 'org.apache.cxf.bus.spring.Jsr250BeanPostProcessor'
[DEBUG,DefaultListableBeanFactory,main] Returning cached instance of
singleton bean 'org.apache.cxf.bus.spring.BusExtensionPostProcessor'
[DEBUG,DefaultListableBeanFactory,main] Returning cached instance of
singleton bean
'org.springframework.beans.factory.config.PropertyPlaceholderConfigurer#0'
[DEBUG,DefaultListableBeanFactory,main] Creating shared instance of
singleton bean 'cxf.config1'
[DEBUG,DefaultListableBeanFactory,main] Creating instance of bean
'cxf.config1'
[DEBUG,DefaultListableBeanFactory,main] Eagerly caching bean 'cxf.config1'
to allow for resolving potential circular references
[DEBUG,DefaultListableBeanFactory,main] Finished creating instance of bean
'cxf.config1'
[DEBUG,BusApplicationContext,main] Unable to locate LifecycleProcessor with
name 'lifecycleProcessor': using default
[org.springframework.context.support.DefaultLifecycleProcessor@26e7127]
[DEBUG,DefaultListableBeanFactory,main] Returning cached instance of
singleton bean 'lifecycleProcessor'
[DEBUG,DefaultListableBeanFactory,main] Returning cached instance of
singleton bean 'cxf'
[DEBUG,DefaultListableBeanFactory,main] Returning cached instance of
singleton bean 'cxf'
[DEBUG,DefaultListableBeanFactory,main] Creating instance of bean
'org.apache.cxf.ws.security.kerberos.KerberosClient#7de4e3e4'
[DEBUG,DefaultListableBeanFactory,main] Returning cached instance of
singleton bean 'cxf'
[DEBUG,Init,main] Registering default algorithms
[DEBUG,WSSConfig,main] The provider ApacheXMLDSig - 1.51 was added at
position: 2
[DEBUG,WSSConfig,main] The provider BC - 1.45 was added at position: 2
[DEBUG,WSSConfig,main] The provider STRTransform was added at position: 11
[DEBUG,DefaultListableBeanFactory,main] Finished creating instance of bean
'org.apache.cxf.ws.security.kerberos.KerberosClient#7de4e3e4'
[DEBUG,DefaultListableBeanFactory,main] Returning cached instance of
singleton bean 'cxf'
Debug is true storeKey false useTicketCache false useKeyTab true
doNotPrompt false ticketCache is null isInitiator true KeyTab is
/etc/_kerbisspoc.keytab refreshKrb5Config is true principal is
HTTP/_kerbisspoc-service.melkweg.tld@ tryFirstPass is false useFirstPass is
false storePass is false clearPass is false
Refreshing Kerberos configuration
Config name: /etc/krb5.conf
>>> KdcAccessibility: reset
>>> KdcAccessibility: reset
>>> KeyTabInputStream, readName(): MELKWEG.TLD
>>> KeyTabInputStream, readName(): HTTP
>>> KeyTabInputStream, readName(): _kerbisspoc-service.melkweg.tld
>>> KeyTab: load() entry length: 83; type: 23
Added key: 23version: 4
Ordering keys wrt default_tkt_enctypes list
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 23 16 17 18.
principal's key obtained from the keytab
Acquire TGT using AS Exchange
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 23 16 17 18.
>>> KrbAsReq calling createMessage
>>> KrbAsReq in createMessage
>>> KrbKdcReq send: kdc=corx01.melkweg.tld UDP:88, timeout=30000, number of
>>> retries =3, #bytes=166
>>> KDCCommunication: kdc=corx01.melkweg.tld UDP:88, timeout=30000,Attempt
>>> =1, #bytes=166
>>> KrbKdcReq send: #bytes read=631
>>> KrbKdcReq send: #bytes read=631
>>> KdcAccessibility: remove corx01.melkweg.tld
>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>> KrbAsRep cons in KrbAsReq.getReply HTTP/_kerbisspoc-service.melkweg.tld
principal is HTTP/_kerbisspoc-service.melkweg.tld@MELKWEG.TLD
EncryptionKey: keyType=23 keyBytes (hex dump)=0000: E7 F7 BA 95 A4 39 BC C1
C7 75 22 6B CF 95 B5 E9 .....9...u"k....
Commit Succeeded
[DEBUG,KerberosSecurity,main] Successfully authenticated to the TGT
Found ticket for HTTP/_kerbisspoc-service.melkweg.tld@MELKWEG.TLD to go to
krbtgt/MELKWEG.TLD@MELKWEG.TLD expiring on Thu Apr 26 06:30:53 CEST 2012
Entered Krb5Context.initSecContext with state=STATE_NEW
Found ticket for HTTP/_kerbisspoc-service.melkweg.tld@MELKWEG.TLD to go to
krbtgt/MELKWEG.TLD@MELKWEG.TLD expiring on Thu Apr 26 06:30:53 CEST 2012
Service ticket not found in the subject
>>> Credentials acquireServiceCreds: same realm
Using builtin default etypes for default_tgs_enctypes
default etypes for default_tgs_enctypes: 3 1 23 16 17 18.
>>> CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType
>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>> KrbKdcReq send: kdc=corx01.melkweg.tld UDP:88, timeout=30000, number of
>>> retries =3, #bytes=665
>>> KDCCommunication: kdc=corx01.melkweg.tld UDP:88, timeout=30000,Attempt
>>> =1, #bytes=665
>>> KrbKdcReq send: #bytes read=627
>>> KrbKdcReq send: #bytes read=627
>>> KdcAccessibility: remove corx01.melkweg.tld
>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>> KrbApReq: APOptions are 00000000 00000000 00000000 00000000
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
Krb5Context setting mySeqNumber to: 1015927387
Krb5Context setting peerSeqNumber to: 0
Created InitSecContextToken:
0000: 01 00 6E 82 02 1F 30 82 02 1B A0 03 02 01 05 A1 ..n...0.........
0010: 03 02 01 0E A2 07 03 05 00 00 00 00 00 A3 82 01 ................
0020: 2B 61 82 01 27 30 82 01 23 A0 03 02 01 05 A1 0D +a..'0..#.......
0030: 1B 0B 4D 45 4C 4B 57 45 47 2E 54 4C 44 A2 32 30 ..MELKWEG.TLD.20
0040: 30 A0 03 02 01 00 A1 29 30 27 1B 04 48 54 54 50 0......)0'..HTTP
0050: 1B 1F 5F 6B 65 72 62 74 6F 6D 70 6F 63 2D 73 65 .._kerbtompoc-se
0060: 72 76 69 63 65 2E 6D 65 6C 6B 77 65 67 2E 74 6C rvice.melkweg.tl
0070: 64 A3 81 D8 30 81 D5 A0 03 02 01 17 A1 03 02 01 d...0...........
0080: 02 A2 81 C8 04 81 C5 FF 45 60 57 A7 E1 C4 52 AE ........E`W...R.
0090: 01 27 E3 DE 22 9C 76 17 02 23 13 D1 A4 E0 3D FC .'..".v..#....=.
00A0: A7 41 AA B5 57 5F FB BC BE DF 5F 46 20 4B A0 1A .A..W_...._F K..
00B0: EC E9 65 BB C3 8F 6B CD E4 AA 84 3D 6A 3C DB A0 ..e...k....=j<..
00C0: B3 EC 16 06 89 7C C5 6C B5 75 6B D7 47 F1 47 14 .......l.uk.G.G.
00D0: 2E 78 4C 08 A4 72 6B 17 E4 A5 D1 A1 86 31 DC 8A .xL..rk......1..
00E0: 8F 3A DB AB C4 40 E1 F0 8E 75 90 5C 30 65 C4 7E .:...@...u.\0e..
00F0: DE 64 6F 46 D7 E2 98 9E 3D 06 89 37 9E D8 F5 D6 .doF....=..7....
0100: 27 12 9B 5B 7A BA 2A A5 24 E9 CB 82 64 B5 C9 11 '..[z.*.$...d...
0110: 68 17 B4 F5 9D 51 C0 76 66 BB A0 12 D7 DC D4 06 h....Q.vf.......
0120: FA 91 4C 3D E4 69 26 37 86 88 B7 7F E8 F8 61 99 ..L=.i&7......a.
0130: 08 56 4F BA 54 38 3A E1 1C 4B 7A 13 40 7F 29 6B .VO.T8:..Kz.@.)k
0140: 31 08 36 0A FC 22 24 EE DD 6C 1B DB A4 81 D6 30 1.6.."$..l.....0
0150: 81 D3 A0 03 02 01 03 A2 81 CB 04 81 C8 2C 9C 2A .............,.*
0160: A4 7B EC F3 49 2C 94 62 D4 C8 31 FA 55 30 7A 5F ....I,.b..1.U0z_
0170: B8 C8 E2 AC CF 6E DD AE E6 57 22 32 B7 F6 BF F7 .....n...W"2....
0180: 4E E5 A8 29 02 93 DC 10 18 AD EA EC 7A EA 65 0B N..)........z.e.
0190: 24 EC AC 53 F3 09 72 A5 2D 98 9A C3 10 78 5D D0 $..S..r.-....x].
01A0: 9B 13 BE A8 38 86 77 5C 72 B7 6D 58 29 9E 5C 01 ....8.w\r.mX).\.
01B0: 10 4A AD 84 F7 3B 2F ED 4B 81 8B 7B A3 0B 7C AC .J...;/.K.......
01C0: B0 6F 48 9E B0 A6 01 35 8D F2 2B E5 DA F0 EE F8 .oH....5..+.....
01D0: 0C E5 67 8C 3E 54 0A CE 62 DE 35 B3 6E A4 E7 82 ..g.>T..b.5.n...
01E0: CA 0F DD 52 05 7D C2 2E F3 38 4A 57 4A 9B 2E 39 ...R.....8JWJ..9
01F0: 17 4F 27 D5 B7 FD 4A 9C 74 8D DB 51 0C A9 55 56 .O'...J.t..Q..UV
0200: 6A 78 8E E2 2A B1 F2 93 A8 FF 5D 1B AE 9E 64 B1 jx..*.....]...d.
0210: 93 19 1D 96 FD AA E4 56 1B D4 7E 66 2C 8C 48 8D .......V...f,.H.
0220: 17 89 3D 30 25 ..=0%
[DEBUG,KerberosSecurity,main] Successfully retrieved a service ticket
[DEBUG,CryptoFactory,main] Using Crypto Engine [class
org.apache.ws.security.components.crypto.Merlin]
[DEBUG,Loader,main] Trying to find
[org/apache/cxf/systest/ws/wssec10/certs/bob.jks] using
sun.misc.Launcher$AppClassLoader@77cde100 class loader.
[DEBUG,Merlin,main] The KeyStore
org/apache/cxf/systest/ws/wssec10/certs/bob.jks of type jks has been loaded
[DEBUG,JCEMapper,main] Request for URI
http://www.w3.org/2001/04/xmlenc#aes128-cbc
[DEBUG,JCEMapper,main] Request for URI
http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
[DEBUG,JCEMapper,main] Request for URI
http://www.w3.org/2000/09/xmldsig#hmac-sha1
[DEBUG,JCEMapper,main] Request for URI
http://www.w3.org/2000/09/xmldsig#hmac-sha1
[DEBUG,DOMReference,main] Marshalling Reference
[DEBUG,DOMReference,main] Adding digestValueElem
[DEBUG,DOMReference,main] Marshalling Reference
[DEBUG,DOMReference,main] Adding digestValueElem
[DEBUG,DOMReference,main] Marshalling Reference
[DEBUG,DOMReference,main] Adding digestValueElem
[DEBUG,DOMReference,main] URIDereferencer class name:
org.apache.jcp.xml.dsig.internal.dom.DOMURIDereferencer
[DEBUG,DOMReference,main] Data class name:
org.apache.jcp.xml.dsig.internal.dom.ApacheNodeSetData
[DEBUG,Transform,main] Create URI "http://www.w3.org/2001/10/xml-exc-c14n#"
class "class
org.apache.xml.security.transforms.implementations.TransformC14NExclusive"
[DEBUG,Transform,main] The NodeList is [ds:Transform: null]
[DEBUG,ElementProxy,main] setElement(ds:Transform, "null"
[DEBUG,ApacheCanonicalizer,main] Created transform for algorithm:
http://www.w3.org/2001/10/xml-exc-c14n#
[DEBUG,ApacheCanonicalizer,main] ApacheData = true
[DEBUG,ElementProxy,main] setElement("ec:InclusiveNamespaces", "null")
[DEBUG,DigesterOutputStream,main] Pre-digested input:
[DEBUG,DigesterOutputStream,main] <soap:Body
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="Id-147567651"><ns2:DoubleIt
xmlns:ns2="http://www.example.org/schema/DoubleIt"><numberToDouble>25</numberToDouble></ns2:DoubleIt></soap:Body>
[DEBUG,DOMReference,main] Reference object uri = #Id-147567651
[DEBUG,DOMReference,main] Reference digesting completed
[DEBUG,DOMReference,main] URIDereferencer class name:
org.apache.jcp.xml.dsig.internal.dom.DOMURIDereferencer
[DEBUG,DOMReference,main] Data class name:
org.apache.jcp.xml.dsig.internal.dom.ApacheNodeSetData
[DEBUG,Transform,main] Create URI "http://www.w3.org/2001/10/xml-exc-c14n#"
class "class
org.apache.xml.security.transforms.implementations.TransformC14NExclusive"
[DEBUG,Transform,main] The NodeList is [ds:Transform: null]
[DEBUG,ElementProxy,main] setElement(ds:Transform, "null"
[DEBUG,ApacheCanonicalizer,main] Created transform for algorithm:
http://www.w3.org/2001/10/xml-exc-c14n#
[DEBUG,ApacheCanonicalizer,main] ApacheData = true
[DEBUG,ElementProxy,main] setElement("ec:InclusiveNamespaces", "null")
[DEBUG,DigesterOutputStream,main] Pre-digested input:
[DEBUG,DigesterOutputStream,main] <wsu:Timestamp
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="TS-1"><wsu:Created>2012-04-25T18:30:53.871Z</wsu:Created><wsu:Expires>2012-04-25T18:35:53.871Z</wsu:Expires></wsu:Timestamp>
[DEBUG,DOMReference,main] Reference object uri = #TS-1
[DEBUG,DOMReference,main] Reference digesting completed
[DEBUG,DOMReference,main] URIDereferencer class name:
org.apache.jcp.xml.dsig.internal.dom.DOMURIDereferencer
[DEBUG,DOMReference,main] Data class name:
org.apache.jcp.xml.dsig.internal.dom.ApacheNodeSetData
[DEBUG,Transform,main] Create URI "http://www.w3.org/2001/10/xml-exc-c14n#"
class "class
org.apache.xml.security.transforms.implementations.TransformC14NExclusive"
[DEBUG,Transform,main] The NodeList is [ds:Transform: null]
[DEBUG,ElementProxy,main] setElement(ds:Transform, "null"
[DEBUG,ApacheCanonicalizer,main] Created transform for algorithm:
http://www.w3.org/2001/10/xml-exc-c14n#
[DEBUG,ApacheCanonicalizer,main] ApacheData = true
[DEBUG,ElementProxy,main] setElement("ec:InclusiveNamespaces", "null")
[DEBUG,DigesterOutputStream,main] Pre-digested input:
[DEBUG,DigesterOutputStream,main] <wsse:BinarySecurityToken
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"
xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"
ValueType="http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ"
wsu:Id="BST-6C28E26C454ADEC7E313353786535621">YIICMAYJKoZIhvcSAQICAQBuggIfMIICG6ADAgEFoQMCAQ6iBwMFAAAAAACjggErYYIBJzCCASOgAwIBBaENGwtNRUxLV0VHLlRMRKIyMDCgAwIBAKEpMCcbBEhUVFAbH19rZXJidG9tcG9jLXNlcnZpY2UubWVsa3dlZy50bGSjgdgwgdWgAwIBF6EDAgECooHIBIHF/0VgV6fhxFKuASfj3iKcdhcCIxPRpOA9/KdBqrVXX/u8vt9fRiBLoBrs6WW7w49rzeSqhD1qPNugs+wWBol8xWy1dWvXR/FHFC54TAikcmsX5KXRoYYx3IqPOturxEDh8I51kFwwZcR+3mRvRtfimJ49Bok3ntj11icSm1t6uiqlJOnLgmS1yRFoF7T1nVHAdma7oBLX3NQG+pFMPeRpJjeGiLd/6PhhmQhWT7pUODrhHEt6E0B/KWsxCDYK/CIk7t1sG9ukgdYwgdOgAwIBA6KBywSByCycKqR77PNJLJRi1Mgx+lUwel+4yOKsz27druZXIjK39r/3TuWoKQKT3BAYrerseuplCyTsrFPzCXKlLZiawxB4XdCbE76oOIZ3XHK3bVgpnlwBEEqthPc7L+1LgYt7owt8rLBvSJ6wpgE1jfIr5drw7vgM5WeMPlQKzmLeNbNupOeCyg/dUgV9wi7zOEpXSpsuORdPJ9W3/UqcdI3bUQypVVZqeI7iKrHyk6j/XRuunmSxkxkdlv2q5FYb1H5mLIxIjReJPTAl</wsse:BinarySecurityToken>
[DEBUG,DOMReference,main] Reference object uri =
#BST-6C28E26C454ADEC7E313353786535621
[DEBUG,DOMReference,main] Reference digesting completed
[DEBUG,Transform,main] Create URI "http://www.w3.org/2001/10/xml-exc-c14n#"
class "class
org.apache.xml.security.transforms.implementations.TransformC14NExclusive"
[DEBUG,Transform,main] The NodeList is [ds:CanonicalizationMethod: null]
[DEBUG,ElementProxy,main] setElement(ds:CanonicalizationMethod, "null"
[DEBUG,ApacheCanonicalizer,main] Created transform for algorithm:
http://www.w3.org/2001/10/xml-exc-c14n#
[DEBUG,ApacheCanonicalizer,main] isNodeSet() = true
[DEBUG,ElementProxy,main] setElement("ec:InclusiveNamespaces", "null")
[DEBUG,DOMSignedInfo,main] Canonicalized SignedInfo:
[DEBUG,DOMSignedInfo,main] <ds:SignedInfo
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"
PrefixList="soap"></ec:InclusiveNamespaces></ds:CanonicalizationMethod><ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"></ds:SignatureMethod><ds:Reference
URI="#Id-147567651"><ds:Transforms><ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"
PrefixList=""></ec:InclusiveNamespaces></ds:Transform></ds:Transforms><ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod><ds:DigestValue>VU4Z3PAxScbv8QEAeZV+InvXsn8=</ds:DigestValue></ds:Reference><ds:Reference
URI="#TS-1"><ds:Transforms><ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="wsse
soap"></ec:InclusiveNamespaces></ds:Transform></ds:Transforms><ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod><ds:DigestValue>EOMx1cjmLvFHBePxzk/yyyWQgqQ=</ds:DigestValue></ds:Reference><ds:Reference
URI="#BST-6C28E26C454ADEC7E313353786535621"><ds:Transforms><ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"><ec:InclusiveNamespaces
xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"
PrefixList="soap"></ec:InclusiveNamespaces></ds:Transform></ds:Transforms><ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod><ds:DigestValue>AzKwQQetBWo3TkxWpFijQ1ij61M=</ds:DigestValue></ds:Reference></ds:SignedInfo>
[DEBUG,DOMSignedInfo,main] Data to be
signed/verified:PGRzOlNpZ25lZEluZm8geG1sbnM6ZHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiIHhtbG5zOnNvYXA9Imh0dHA6Ly9zY2hlbWFzLnhtbHNvYXAub3JnL3NvYXAvZW52ZWxvcGUvIj48ZHM6Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyI+PGVjOkluY2x1c2l2ZU5hbWVzcGFjZXMgeG1sbnM6ZWM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIgUHJlZml4TGlzdD0ic29hcCI+PC9lYzpJbmNsdXNpdmVOYW1lc3BhY2VzPjwvZHM6Q2Fub25pY2FsaXphdGlvbk1ldGhvZD48ZHM6U2lnbmF0dXJlTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI2htYWMtc2hhMSI+PC9kczpTaWduYXR1cmVNZXRob2Q+PGRzOlJlZmVyZW5jZSBVUkk9IiNJZC0xNDc1Njc2NTEiPjxkczpUcmFuc2Zvcm1zPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiPjxlYzpJbmNsdXNpdmVOYW1lc3BhY2VzIHhtbG5zOmVjPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiIFByZWZpeExpc3Q9IiI+PC9lYzpJbmNsdXNpdmVOYW1lc3BhY2VzPjwvZHM6VHJhbnNmb3JtPjwvZHM6VHJhbnNmb3Jtcz48ZHM6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiPjwvZHM6RGlnZXN0TWV0aG9kPjxkczpEaWdlc3RWYWx1ZT5WVTRaM1BBeFNjYnY4UUVBZVpWK0ludlhzbjg9PC9kczpEaWdlc3RWYWx1ZT48L2RzOlJlZmVyZW5jZT48ZHM6UmVmZXJlbmNlIFVSST0iI1RTLTEiPjxkczpUcmFuc2Zvcm1zPjxkczpUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiPjxlYzpJbmNsdXNpdmVOYW1lc3BhY2VzIHhtbG5zOmVjPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiIFByZWZpeExpc3Q9Indzc2Ugc29hcCI+PC9lYzpJbmNsdXNpdmVOYW1lc3BhY2VzPjwvZHM6VHJhbnNmb3JtPjwvZHM6VHJhbnNmb3Jtcz48ZHM6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiPjwvZHM6RGlnZXN0TWV0aG9kPjxkczpEaWdlc3RWYWx1ZT5FT014MWNqbUx2RkhCZVB4emsveXl5V1FncVE9PC9kczpEaWdlc3RWYWx1ZT48L2RzOlJlZmVyZW5jZT48ZHM6UmVmZXJlbmNlIFVSST0iI0JTVC02QzI4RTI2QzQ1NEFERUM3RTMxMzM1Mzc4NjUzNTYyMSI+PGRzOlRyYW5zZm9ybXM+PGRzOlRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyI+PGVjOkluY2x1c2l2ZU5hbWVzcGFjZXMgeG1sbnM6ZWM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIgUHJlZml4TGlzdD0ic29hcCI+PC9lYzpJbmNsdXNpdmVOYW1lc3BhY2VzPjwvZHM6VHJhbnNmb3JtPjwvZHM6VHJhbnNmb3Jtcz48ZHM6RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMC8wOS94bWxkc2lnI3NoYTEiPjwvZHM6RGlnZXN0TWV0aG9kPjxkczpEaWdlc3RWYWx1ZT5Bekt3UVFldEJXbzNUa3hXcEZpalExaWo2MU09PC9kczpEaWdlc3RWYWx1ZT48L2RzOlJlZmVyZW5jZT48L2RzOlNpZ25lZEluZm8+
[DEBUG,JCEMapper,main] Request for URI
http://www.w3.org/2001/04/xmlenc#aes128-cbc
[DEBUG,JCEMapper,main] Request for URI
http://www.w3.org/2001/04/xmlenc#aes128-cbc
[DEBUG,XMLCipher,main] Getting XMLCipher with transformation
[DEBUG,XMLCipher,main] Constructing XMLCipher...
[DEBUG,JCEMapper,main] Request for URI
http://www.w3.org/2001/04/xmlenc#aes128-cbc
[DEBUG,XMLCipher,main] JCE Algorithm = AES/CBC/ISO10126Padding
[DEBUG,XMLCipher,main] Initializing XMLCipher...
[DEBUG,XMLCipher,main] opmode = ENCRYPT_MODE
[DEBUG,XMLCipher,main] Returning EncryptedData
[DEBUG,XMLCipher,main] Processing source element...
[DEBUG,XMLCipher,main] Encrypting element content...
[DEBUG,XMLCipher,main] Encrypting element...
[DEBUG,XMLCipher,main] Serialized octets:
[B@40e9e799
[DEBUG,XMLCipher,main] Expected cipher.outputSize = 272
[DEBUG,XMLCipher,main] Actual cipher.outputSize = 272
[DEBUG,XMLCipher,main] Encrypted octets:
nP7Z37AAFW5sJkU/KhgUrC0Eq7okH8VryAx0lEJIt4c1rU64aNrqvQfJnV4B47FLMiSrUFAGRDa3rAPhc0fyqAJRxjfPkAUfGwXNqXlxQW/2+GskUmHfgC/bAwMz3oVyByCmueukSV5nzsdgCc4ovWfC1R/IeQlXVWh+t5xuIIjl2/Z8NnwDHlBQS0+WWUQQmup1wEGe74tf/DuPLO5pEYsPBoySDKe13tjbBI4kASMxAGllkOOGIgVR1XIjCcwr3oY/I/lkgLrOC4lDUnFv2pxMlryuneGN/ic5aMI1kU4QQfQ9jHOQL87k7c75vkMHfcij95u6g/k89E4FqULDEAtf5v9xPQrXRoWG9+4zFZKg+MJ0g2BIowgrnkReZUFD
[DEBUG,XMLCipher,main] Encrypted octets length = 384
[DEBUG,CryptoFactory,qtp1247476913-22] Using Crypto Engine [class
org.apache.ws.security.components.crypto.Merlin]
[DEBUG,Loader,qtp1247476913-22] Trying to find
[org/apache/cxf/systest/ws/wssec10/certs/bob.jks] using
sun.misc.Launcher$AppClassLoader@77cde100 class loader.
[DEBUG,Merlin,qtp1247476913-22] The KeyStore
org/apache/cxf/systest/ws/wssec10/certs/bob.jks of type jks has been loaded
[DEBUG,TimestampProcessor,qtp1247476913-22] Found Timestamp list element
[DEBUG,Timestamp,qtp1247476913-22] Current time: 2012-04-25T18:30:54.199Z
[DEBUG,Timestamp,qtp1247476913-22] Timestamp created:
2012-04-25T18:30:53.871Z
[DEBUG,Timestamp,qtp1247476913-22] Timestamp expires:
2012-04-25T18:35:53.871Z
[DEBUG,Timestamp,qtp1247476913-22] Validation of Timestamp: Everything is ok
[DEBUG,EncryptedKeyProcessor,qtp1247476913-22] Found encrypted key element
[DEBUG,X509Util,qtp1247476913-22] Sym Enc Algo:
http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
[DEBUG,JCEMapper,qtp1247476913-22] Request for URI
http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p
[DEBUG,EncryptedKeySTRParser,qtp1247476913-22] cert: [
[
Version: V3
Subject: CN=bob, OU=eng, O=apache.org
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: RSA Public Key
modulus:
851ccb957da30ef16f518e23ee6e6f560802912fc3b252c9205d62ff5e7951551bf7344b1a2a7309a5734b497311752b68447172f835af615a4ce62cedd003310a1ac78bb175d31a29c56975b744bee5397b89e9b6d6b28b05f9822fd1f1ea4b5647444776280a2ed465a200ff52b6ed0988e405db5d5e468f91662b10903c2f
public exponent: 10001
Validity: [From: Thu Jan 01 01:00:00 CET 1970,
To: Tue Jan 19 04:14:07 CET 2038]
Issuer: CN=cxfca, OU=eng, O=apache.org
SerialNumber: [ 49546002]
Certificate Extensions: 2
[1]: ObjectId: 2.5.29.18 Criticality=false
IssuerAlternativeName [
DNSName: NOT_FOR_PRODUCTION_USE
]
[2]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
DNSName: localhost
]
]
Algorithm: [SHA1withRSA]
Signature:
0000: 59 DC C2 2B 9C E3 86 82 1C 3F 08 27 CF ED E2 19 Y..+.....?.'....
0010: 82 67 3A A2 FB 63 B7 DC 4E CE 90 74 33 F3 74 79 .g:..c..N..t3.ty
0020: 56 CF 58 1E DF 99 90 83 BD BE F9 F0 86 AD 6F 72 V.X...........or
0030: AE BC 1C D9 46 D5 EF B0 6D E2 32 75 EE 7C CD 82 ....F...m.2u....
0040: DC 51 93 79 A9 9C 47 35 C8 63 D0 76 FB D0 19 81 .Q.y..G5.c.v....
0050: 42 A6 04 77 B0 BD 49 7B 65 B8 90 E0 BA 29 D0 A6 B..w..I.e....)..
0060: 44 93 C8 9D 4D B7 4B 71 EE BA 29 06 AF E5 E3 72 D...M.Kq..)....r
0070: C6 B9 C6 B9 8A C0 F8 CB 1F C9 02 19 E6 D7 8E BD ................
]
[DEBUG,ReferenceListProcessor,qtp1247476913-22] Found reference list element
[DEBUG,ReferenceListProcessor,qtp1247476913-22] Found data reference: ED-3
[DEBUG,X509Util,qtp1247476913-22] Sym Enc Algo:
http://www.w3.org/2001/04/xmlenc#aes128-cbc
[DEBUG,JCEMapper,qtp1247476913-22] Request for URI
http://www.w3.org/2001/04/xmlenc#aes128-cbc
[DEBUG,JCEMapper,qtp1247476913-22] Request for URI
http://www.w3.org/2001/04/xmlenc#aes128-cbc
[DEBUG,XMLCipher,qtp1247476913-22] Getting XMLCipher with transformation
[DEBUG,XMLCipher,qtp1247476913-22] Constructing XMLCipher...
[DEBUG,JCEMapper,qtp1247476913-22] Request for URI
http://www.w3.org/2001/04/xmlenc#aes128-cbc
[DEBUG,XMLCipher,qtp1247476913-22] JCE Algorithm = AES/CBC/ISO10126Padding
[DEBUG,XMLCipher,qtp1247476913-22] Initializing XMLCipher...
[DEBUG,XMLCipher,qtp1247476913-22] opmode = DECRYPT_MODE
[DEBUG,XMLCipher,qtp1247476913-22] Processing source element...
[DEBUG,XMLCipher,qtp1247476913-22] Decrypting element...
[DEBUG,XMLCipher,qtp1247476913-22] Decrypting to ByteArray...
[DEBUG,ElementProxy,qtp1247476913-22] setElement("ds:KeyInfo", "null")
[DEBUG,XMLCipherInput,qtp1247476913-22] Encrypted octets:
nP7Z37AAFW5sJkU/KhgUrC0Eq7okH8VryAx0lEJIt4c1rU64aNrqvQfJnV4B47FLMiSrUFAGRDa3rAPhc0fyqAJRxjfPkAUfGwXNqXlxQW/2+GskUmHfgC/bAwMz3oVyByCmueukSV5nzsdgCc4ovWfC1R/IeQlXVWh+t5xuIIjl2/Z8NnwDHlBQS0+WWUQQmup1wEGe74tf/DuPLO5pEYsPBoySDKe13tjbBI4kASMxAGllkOOGIgVR1XIjCcwr3oY/I/lkgLrOC4lDUnFv2pxMlryuneGN/ic5aMI1kU4QQfQ9jHOQL87k7c75vkMHfcij95u6g/k89E4FqULDEAtf5v9xPQrXRoWG9+4zFZKg+MJ0g2BIowgrnkReZUFD
[DEBUG,JCEMapper,qtp1247476913-22] Request for URI
http://www.w3.org/2001/04/xmlenc#aes128-cbc
[DEBUG,XMLCipher,qtp1247476913-22] JCE Algorithm = AES/CBC/ISO10126Padding
[DEBUG,XMLCipher,qtp1247476913-22] Decrypted octets:
[B@7286a58a
[DEBUG,KerberosTokenValidator,qtp1247476913-22] KerberosTokenValidator -
Using JAAS auth login file: src/test/resources/kerberos.jaas
[DEBUG,KerberosTokenValidator,qtp1247476913-22] KerberosTokenValidator -
Using KRB conf file: null
Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt
false ticketCache is null isInitiator true KeyTab is /etc/_kerbisspoc.keytab
refreshKrb5Config is true principal is HTTP/_kerbisspoc-service.melkweg.tld@
tryFirstPass is false useFirstPass is false storePass is false clearPass is
false
Refreshing Kerberos configuration
Config name: /etc/krb5.conf
Refreshing Keytab
>>> KdcAccessibility: reset
>>> KeyTabInputStream, readName(): MELKWEG.TLD
>>> KeyTabInputStream, readName(): HTTP
>>> KeyTabInputStream, readName(): _kerbisspoc-service.melkweg.tld
>>> KeyTab: load() entry length: 83; type: 23
Added key: 23version: 4
Ordering keys wrt default_tkt_enctypes list
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 23 16 17 18.
principal's key obtained from the keytab
Acquire TGT using AS Exchange
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 23 16 17 18.
>>> KrbAsReq calling createMessage
>>> KrbAsReq in createMessage
>>> KrbKdcReq send: kdc=corx01.melkweg.tld UDP:88, timeout=30000, number of
>>> retries =3, #bytes=166
>>> KDCCommunication: kdc=corx01.melkweg.tld UDP:88, timeout=30000,Attempt
>>> =1, #bytes=166
>>> KrbKdcReq send: #bytes read=631
>>> KrbKdcReq send: #bytes read=631
>>> KdcAccessibility: remove corx01.melkweg.tld
>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>> KrbAsRep cons in KrbAsReq.getReply HTTP/_kerbisspoc-service.melkweg.tld
principal is HTTP/_kerbisspoc-service.melkweg.tld@MELKWEG.TLD
EncryptionKey: keyType=23 keyBytes (hex dump)=0000: E7 F7 BA 95 A4 39 BC C1
C7 75 22 6B CF 95 B5 E9 .....9...u"k....
Added server's keyKerberos Principal
HTTP/_kerbisspoc-service.melkweg.tld@MELKWEG.TLDKey Version 4key
EncryptionKey: keyType=23 keyBytes (hex dump)=
0000: E7 F7 BA 95 A4 39 BC C1 C7 75 22 6B CF 95 B5 E9 .....9...u"k....
[Krb5LoginModule] added Krb5Principal
HTTP/_kerbisspoc-service.melkweg.tld@MELKWEG.TLD to Subject
Commit Succeeded
[DEBUG,KerberosTokenValidator,qtp1247476913-22] Successfully authenticated
to the TGT
[DEBUG,KerberosServiceAction,qtp1247476913-22] Error in validating a
Kerberos token
GSSException: No valid credentials provided (Mechanism level: Failed to find
any Kerberos Key)
at
sun.security.jgss.krb5.Krb5AcceptCredential.getInstance(Krb5AcceptCredential.java:95)
at
sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:111)
at
sun.security.jgss.GSSManagerImpl.getCredentialElement(GSSManagerImpl.java:178)
at sun.security.jgss.GSSCredentialImpl.add(GSSCredentialImpl.java:384)
at sun.security.jgss.GSSCredentialImpl.<init>(GSSCredentialImpl.java:42)
at
sun.security.jgss.GSSManagerImpl.createCredential(GSSManagerImpl.java:139)
at
org.apache.ws.security.message.token.KerberosServiceAction.run(KerberosServiceAction.java:55)
at
org.apache.ws.security.message.token.KerberosServiceAction.run(KerberosServiceAction.java:37)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:337)
at
org.apache.ws.security.validate.KerberosTokenValidator.validate(KerberosTokenValidator.java:204)
at
org.apache.ws.security.processor.BinarySecurityTokenProcessor.handleToken(BinarySecurityTokenProcessor.java:91)
at
org.apache.ws.security.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:397)
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:289)
at
org.apache.cxf.ws.security.wss4j.WSS4JInInterceptor.handleMessage(WSS4JInInterceptor.java:97)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
at
org.apache.cxf.transport.ChainInitiationObserver.onMessage(ChainInitiationObserver.java:122)
at
org.apache.cxf.transport.http_jetty.JettyHTTPDestination.serviceRequest(JettyHTTPDestination.java:344)
at
org.apache.cxf.transport.http_jetty.JettyHTTPDestination.doService(JettyHTTPDestination.java:310)
at
org.apache.cxf.transport.http_jetty.JettyHTTPHandler.handle(JettyHTTPHandler.java:72)
at
org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:943)
at
org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:879)
at
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:117)
at
org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:250)
at
org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:110)
at org.eclipse.jetty.server.Server.handle(Server.java:349)
at
org.eclipse.jetty.server.HttpConnection.handleRequest(HttpConnection.java:441)
at
org.eclipse.jetty.server.HttpConnection$RequestHandler.content(HttpConnection.java:936)
at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:893)
at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:224)
at
org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:51)
at
org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:586)
at
org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:44)
at
org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:598)
at
org.eclipse.jetty.util.thread.QueuedThreadPool$3.run(QueuedThreadPool.java:533)
at java.lang.Thread.run(Thread.java:662)
[INFO,BusApplicationContext,main] Closing
org.apache.cxf.bus.spring.BusApplicationContext@2f242b11: startup date [Wed
Apr 25 20:30:49 CEST 2012]; root of context hierarchy
[DEBUG,DefaultListableBeanFactory,main] Returning cached instance of
singleton bean 'cxf'
[DEBUG,DefaultListableBeanFactory,main] Returning cached instance of
singleton bean 'lifecycleProcessor'
[INFO,DefaultListableBeanFactory,main] Destroying singletons in
org.springframework.beans.factory.support.DefaultListableBeanFactory@594ab51b:
defining beans
[cxf,org.apache.cxf.bus.spring.BusWiringBeanFactoryPostProcessor,org.apache.cxf.bus.spring.Jsr250BeanPostProcessor,org.apache.cxf.bus.spring.BusExtensionPostProcessor,org.springframework.beans.factory.config.PropertyPlaceholderConfigurer#0,cxf.config0,org.apache.cxf.transport.http_jetty.spring.JettySpringTypesFactory,tls-settings,kerberosValidator,KerberosOverTransport,KerberosOverSymmetric,KerberosOverSymmetricSupporting,KerberosOverAsymmetric,KerberosOverTransportEndorsing,KerberosOverAsymmetricEndorsing,KerberosOverSymmetricProtection,KerberosOverSymmetricDerivedProtection,KerberosOverAsymmetricSignedEndorsing,KerberosOverAsymmetricSignedEncrypted,KerberosOverSymmetricEndorsingEncrypted,KerberosOverSymmetricSignedEndorsingEncrypted];
root of factory hierarchy
[DEBUG,DisposableBeanAdapter,main] Invoking destroy method 'stop' on bean
with name 'KerberosOverSymmetricSignedEndorsingEncrypted'
[DEBUG,DefaultListableBeanFactory,main] Retrieved dependent beans for bean
'(inner bean)#14': [KerberosOverSymmetricSignedEndorsingEncrypted]
[DEBUG,DisposableBeanAdapter,main] Invoking destroy method 'stop' on bean
with name 'KerberosOverSymmetricEndorsingEncrypted'
[DEBUG,DefaultListableBeanFactory,main] Retrieved dependent beans for bean
'(inner bean)#13': [KerberosOverSymmetricEndorsingEncrypted]
[DEBUG,DisposableBeanAdapter,main] Invoking destroy method 'stop' on bean
with name 'KerberosOverAsymmetricSignedEncrypted'
[DEBUG,DefaultListableBeanFactory,main] Retrieved dependent beans for bean
'(inner bean)#12': [KerberosOverAsymmetricSignedEncrypted]
[DEBUG,DisposableBeanAdapter,main] Invoking destroy method 'stop' on bean
with name 'KerberosOverAsymmetricSignedEndorsing'
[DEBUG,DefaultListableBeanFactory,main] Retrieved dependent beans for bean
'(inner bean)#11': [KerberosOverAsymmetricSignedEndorsing]
[DEBUG,DisposableBeanAdapter,main] Invoking destroy method 'stop' on bean
with name 'KerberosOverSymmetricDerivedProtection'
[DEBUG,DefaultListableBeanFactory,main] Retrieved dependent beans for bean
'(inner bean)#10': [KerberosOverSymmetricDerivedProtection]
[DEBUG,DisposableBeanAdapter,main] Invoking destroy method 'stop' on bean
with name 'KerberosOverSymmetricProtection'
[DEBUG,DefaultListableBeanFactory,main] Retrieved dependent beans for bean
'(inner bean)#9': [KerberosOverSymmetricProtection]
[DEBUG,DisposableBeanAdapter,main] Invoking destroy method 'stop' on bean
with name 'KerberosOverAsymmetricEndorsing'
[DEBUG,DefaultListableBeanFactory,main] Retrieved dependent beans for bean
'(inner bean)#8': [KerberosOverAsymmetricEndorsing]
[DEBUG,DisposableBeanAdapter,main] Invoking destroy method 'stop' on bean
with name 'KerberosOverTransportEndorsing'
[DEBUG,DefaultListableBeanFactory,main] Retrieved dependent beans for bean
'(inner bean)#7': [KerberosOverTransportEndorsing]
[DEBUG,DisposableBeanAdapter,main] Invoking destroy method 'stop' on bean
with name 'KerberosOverAsymmetric'
[DEBUG,DefaultListableBeanFactory,main] Retrieved dependent beans for bean
'(inner bean)#6': [KerberosOverAsymmetric]
[DEBUG,DisposableBeanAdapter,main] Invoking destroy method 'stop' on bean
with name 'KerberosOverSymmetricSupporting'
[DEBUG,DefaultListableBeanFactory,main] Retrieved dependent beans for bean
'(inner bean)#5': [KerberosOverSymmetricSupporting]
[DEBUG,DisposableBeanAdapter,main] Invoking destroy method 'stop' on bean
with name 'KerberosOverSymmetric'
[DEBUG,DefaultListableBeanFactory,main] Retrieved dependent beans for bean
'(inner bean)#4': [KerberosOverSymmetric]
[DEBUG,DisposableBeanAdapter,main] Invoking destroy method 'stop' on bean
with name 'KerberosOverTransport'
[DEBUG,DefaultListableBeanFactory,main] Retrieved dependent beans for bean
'(inner bean)#3': [KerberosOverTransport]
[DEBUG,DefaultListableBeanFactory,main] Retrieved dependent beans for bean
'(inner bean)': [tls-settings]
[DEBUG,DefaultListableBeanFactory,main] Retrieved dependent beans for bean
'(inner bean)#2': [httpj:engine#2b784427]
[DEBUG,DisposableBeanAdapter,main] Invoking destroy method 'shutdown' on
bean with name 'cxf'
[DEBUG,DefaultListableBeanFactory,main] Retrieved dependent beans for bean
'p:policies#784a7df6': [cxf]
Tests run: 12, Failures: 0, Errors: 1, Skipped: 11, Time elapsed: 5.578 sec
<<< FAILURE!
testKerberosOverSymmetric(org.apache.cxf.systest.ws.kerberos.KerberosTokenTest)
Time elapsed: 2.097 sec <<< ERROR!
javax.xml.ws.soap.SOAPFaultException: General security error (An error
occurred in trying to validate a ticket)
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:156)
at $Proxy42.doubleIt(Unknown Source)
at
org.apache.cxf.systest.ws.kerberos.KerberosTokenTest.testKerberosOverSymmetric(KerberosTokenTest.java:131)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at
org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:44)
at
org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:15)
at
org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:41)
at
org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:20)
at
org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:31)
at
org.junit.runners.BlockJUnit4ClassRunner.runNotIgnored(BlockJUnit4ClassRunner.java:79)
at
org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:71)
at
org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:49)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:193)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:52)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:191)
at org.junit.runners.ParentRunner.access$000(ParentRunner.java:42)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:184)
at
org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:28)
at
org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:31)
at org.junit.runners.ParentRunner.run(ParentRunner.java:236)
at
org.apache.maven.surefire.junit4.JUnit4Provider.execute(JUnit4Provider.java:236)
at
org.apache.maven.surefire.junit4.JUnit4Provider.executeTestSet(JUnit4Provider.java:134)
at
org.apache.maven.surefire.junit4.JUnit4Provider.invoke(JUnit4Provider.java:113)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at
org.apache.maven.surefire.util.ReflectionUtils.invokeMethodWithArray(ReflectionUtils.java:189)
at
org.apache.maven.surefire.booter.ProviderFactory$ProviderProxy.invoke(ProviderFactory.java:165)
at
org.apache.maven.surefire.booter.ProviderFactory.invokeProvider(ProviderFactory.java:85)
at
org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:103)
at org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:74)
Caused by: org.apache.cxf.binding.soap.SoapFault: General security error (An
error occurred in trying to validate a ticket)
at
org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalFault(Soap11FaultInInterceptor.java:75)
at
org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:46)
at
org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:35)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
at
org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:113)
at
org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:69)
at
org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:798)
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1656)
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1521)
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1429)
at org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:659)
at
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:532)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:89)
at org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134)
... 34 more
Results :
Tests in error:
testKerberosOverSymmetric(org.apache.cxf.systest.ws.kerberos.KerberosTokenTest):
General security error (An error occurred in trying to validate a ticket)
Tests run: 12, Failures: 0, Errors: 1, Skipped: 11
[INFO]
------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO]
------------------------------------------------------------------------
[INFO] Total time: 17.060s
[INFO] Finished at: Wed Apr 25 20:30:54 CEST 2012
[INFO] Final Memory: 12M/41M
[INFO]
------------------------------------------------------------------------
[ERROR] Failed to execute goal
org.apache.maven.plugins:maven-surefire-plugin:2.12:test (default-test) on
project cxf-systests-ws-security: There are test failures.
[ERROR]
[ERROR] Please refer to
/home/p15629/poc/demo/trunk6/systests/ws-security/target/surefire-reports
for the individual test results.
[ERROR] -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e
switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please
read the following articles:
[ERROR] [Help 1]
http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
--
View this message in context: http://cxf.547215.n5.nabble.com/Kerberos-and-credential-propagation-tp5646577p5665641.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: Kerberos and credential propagation
Posted by Colm O hEigeartaigh <co...@apache.org>.
Could you enable debug logging in WSS4J? It may shed some light on the
root exception. Add log4j to the pom and change the rootLogger from
WARN to DEBUG in src/test/resource/log4j.properties.
Could you try with a more recent version of JDK 1.6 such as 1.6.0_31?
Colm.
On Wed, Apr 25, 2012 at 4:49 PM, Henk-Jan <h....@cordares.nl> wrote:
> Thanks for your answer Freeman
>
> I already tried the examples you mentioned before but couldn't get them to
> work. However, as they seemed to address the problem I was facing I gave
> them another try, to no avail.
>
> Until yesterday, after I installed java 7 (java version "1.7.0_03") suddenly
> everything was working fine. But as we're deploying our services to WAS
> which uses java 6 this is no acceptable solution.
>
> Maybe someone can help me to get the examples working under java 6 ? Or
> point me to some possible working alternatives?
>
> I also stumbled upon the following bug, but I don't think it applies to my
> problem: http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7061379
>
> My configuration:
>
> Source: https://svn.apache.org/repos/asf/cxf/trunk/
> Redhat Linux server : narvi.sfb
> SPN (*): HTTP/_kerbisspoc-service.melkweg.tld
> KDC server: corx01.melkweg.tld
>
> (*): both the client & the server use the same SPN
>
> Content of /etc/krb5.conf:
>
> [libdefaults]
> default_realm = MELKWEG.TLD
>
> [realms]
> MELKWEG.TLD = {
> kdc = corx01.melkweg.tld
> }
>
> [domain_realm]
> .sfb = MELKWEG.TLD
>
> Content of Login.jaas:
>
> client {
> com.sun.security.auth.module.Krb5LoginModule required
> refreshKrb5Config=true
> useKeyTab=true
> debug=true
> keyTab="/etc/_kerbisspoc.keytab"
> principal="HTTP/_kerbisspoc-service.melkweg.tld@";
> };
>
> server {
> com.sun.security.auth.module.Krb5LoginModule required
> debug=true
> refreshKrb5Config=true
> useKeyTab=true
> storeKey=true
> keyTab="/etc/_kerbisspoc.keytab"
> principal="HTTP/_kerbisspoc-service.melkweg.tld@MELKWEG.TLD";
> };
>
> Context of client.xml (relevant part):
>
> <bean id="kerberosValidator"
> class="org.apache.ws.security.validate.KerberosTokenValidator">
> <property name="contextName" value="server"/>
> <property name="serviceName"
> value="HTTP/_kerbisspoc-service.melkweg.tld@"/>
> </bean>
>
> Context of server.xml (relevant part):
>
> <jaxws:client
> name="{http://www.example.org/contract/DoubleIt}DoubleItKerberosSymmetricPort"
> createdFromAPI="true">
> <jaxws:properties>
> <entry key="ws-security.encryption.properties"
>
> value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/>
> <entry key="ws-security.encryption.username" value="bob"/>
> <entry key="ws-security.kerberos.client">
> <bean
> class="org.apache.cxf.ws.security.kerberos.KerberosClient">
> <constructor-arg ref="cxf"/>
> <property name="contextName" value="client"/>
> <property name="serviceName"
> value="HTTP/_kerbisspoc-service.melkweg.tld@"/>
> </bean>
> </entry>
> </jaxws:properties>
> </jaxws:client>
>
>
> Command line for the test:
>
> mvn test -Pnochecks -Dsun.security.krb5.debug=true -Dtest=KerberosTokenTest
> -Djava.security.auth.login.config=src/test/resources/kerberos.jaas
>
> Output using version "1.6.0_25":
>
> -------------------------------------------------------
> T E S T S
> -------------------------------------------------------
>
> Running org.apache.cxf.systest.ws.kerberos.KerberosTokenTest
> In testKerberosOverSymmetric.
> Unrestricted policies installed
> Debug is true storeKey false useTicketCache false useKeyTab true
> doNotPrompt false ticketCache is null isInitiator true KeyTab is
> /etc/_kerbisspoc.keytab refreshKrb5Config is true principal is
> HTTP/_kerbisspoc-service.melkweg.tld@ tryFirstPass is false useFirstPass is
> false storePass is false clearPass is false
> Refreshing Kerberos configuration
> Config name: /etc/krb5.conf
>>>> KdcAccessibility: reset
>>>> KeyTabInputStream, readName(): MELKWEG.TLD
>>>> KeyTabInputStream, readName(): HTTP
>>>> KeyTabInputStream, readName(): _kerbisspoc-service.melkweg.tld
>>>> KeyTab: load() entry length: 83; type: 23
> Added key: 23version: 4
> Ordering keys wrt default_tkt_enctypes list
> Using builtin default etypes for default_tkt_enctypes
> default etypes for default_tkt_enctypes: 3 1 23 16 17 18.
> principal's key obtained from the keytab
> Acquire TGT using AS Exchange
> Using builtin default etypes for default_tkt_enctypes
> default etypes for default_tkt_enctypes: 3 1 23 16 17 18.
>>>> KrbAsReq calling createMessage
>>>> KrbAsReq in createMessage
>>>> KrbKdcReq send: kdc=corx01.melkweg.tld UDP:88, timeout=30000, number of
>>>> retries =3, #bytes=166
>>>> KDCCommunication: kdc=corx01.melkweg.tld UDP:88, timeout=30000,Attempt
>>>> =1, #bytes=166
>>>> KrbKdcReq send: #bytes read=631
>>>> KrbKdcReq send: #bytes read=631
>>>> KdcAccessibility: remove corx01.melkweg.tld
>>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>>> KrbAsRep cons in KrbAsReq.getReply HTTP/_kerbisspoc-service.melkweg.tld
> principal is HTTP/_kerbisspoc-service.melkweg.tld@MELKWEG.TLD
> EncryptionKey: keyType=23 keyBytes (hex dump)=0000: E7 F7 BA 95 A4 39 BC C1
> C7 75 22 6B CF 95 B5 E9 .....9...u"k....
>
> Commit Succeeded
>
> Found ticket for HTTP/_kerbisspoc-service.melkweg.tld@MELKWEG.TLD to go to
> krbtgt/MELKWEG.TLD@MELKWEG.TLD expiring on Thu Apr 26 03:30:36 CEST 2012
> Entered Krb5Context.initSecContext with state=STATE_NEW
> Found ticket for HTTP/_kerbisspoc-service.melkweg.tld@MELKWEG.TLD to go to
> krbtgt/MELKWEG.TLD@MELKWEG.TLD expiring on Thu Apr 26 03:30:36 CEST 2012
> Service ticket not found in the subject
>>>> Credentials acquireServiceCreds: same realm
> Using builtin default etypes for default_tgs_enctypes
> default etypes for default_tgs_enctypes: 3 1 23 16 17 18.
>>>> CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType
>>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>>> KrbKdcReq send: kdc=corx01.melkweg.tld UDP:88, timeout=30000, number of
>>>> retries =3, #bytes=665
>>>> KDCCommunication: kdc=corx01.melkweg.tld UDP:88, timeout=30000,Attempt
>>>> =1, #bytes=665
>>>> KrbKdcReq send: #bytes read=627
>>>> KrbKdcReq send: #bytes read=627
>>>> KdcAccessibility: remove corx01.melkweg.tld
>>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>>> KrbApReq: APOptions are 00000000 00000000 00000000 00000000
>>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
> Krb5Context setting mySeqNumber to: 19043227
> Krb5Context setting peerSeqNumber to: 0
> Created InitSecContextToken:
> 0000: 01 00 6E 82 02 1F 30 82 02 1B A0 03 02 01 05 A1 ..n...0.........
> 0010: 03 02 01 0E A2 07 03 05 00 00 00 00 00 A3 82 01 ................
> 0020: 2B 61 82 01 27 30 82 01 23 A0 03 02 01 05 A1 0D +a..'0..#.......
> 0030: 1B 0B 4D 45 4C 4B 57 45 47 2E 54 4C 44 A2 32 30 ..MELKWEG.TLD.20
> 0040: 30 A0 03 02 01 00 A1 29 30 27 1B 04 48 54 54 50 0......)0'..HTTP
> 0050: 1B 1F 5F 6B 65 72 62 74 6F 6D 70 6F 63 2D 73 65 .._kerbtompoc-se
> 0060: 72 76 69 63 65 2E 6D 65 6C 6B 77 65 67 2E 74 6C rvice.melkweg.tl
> 0070: 64 A3 81 D8 30 81 D5 A0 03 02 01 17 A1 03 02 01 d...0...........
> 0080: 02 A2 81 C8 04 81 C5 4D 9E 3F A3 AD 9D AC 7A 13 .......M.?....z.
> 0090: 7A FB F5 A5 0A 0A 3C E0 27 53 B3 78 FA 21 7F 30 z.....<.'S.x.!.0
> 00A0: 38 6D 20 95 B3 27 DA 77 31 00 3D CE 98 36 EA 58 8m ..'.w1.=..6.X
> 00B0: 39 60 85 44 4C 3B 81 AA CE EB 2D D6 6B 94 8A 1B 9`.DL;....-.k...
> 00C0: C3 54 92 A1 18 E0 41 75 2B 78 CE 43 FF 04 5E 64 .T....Au+x.C..^d
> 00D0: 22 90 AA EC C1 20 62 D9 9F E2 9F 96 BD FB BF 31 ".... b........1
> 00E0: 37 E3 C5 74 43 E4 F8 44 C1 84 24 51 4F A1 76 10 7..tC..D..$QO.v.
> 00F0: 70 5E 96 F9 E4 1B D2 28 9D B8 B6 82 CC 7A FA 59 p^.....(.....z.Y
> 0100: 07 96 0A 1D A7 01 32 09 DA C7 D5 BE AC DE 1A A0 ......2.........
> 0110: 49 A5 46 3E B6 C2 F1 8C 39 41 7C C4 AA 32 AA 2A I.F>....9A...2.*
> 0120: 68 7B 66 0A EF 82 E3 93 A3 0E B0 83 6C 0A 2F 09 h.f.........l./.
> 0130: 6E D8 59 93 E7 2B 5A 7C C1 88 C7 D8 1E 27 E4 C2 n.Y..+Z......'..
> 0140: 61 D9 0A 54 B6 03 9D 85 9A 15 54 55 A4 81 D6 30 a..T......TU...0
> 0150: 81 D3 A0 03 02 01 03 A2 81 CB 04 81 C8 4E AA 1D .............N..
> 0160: 9A 0F 00 61 07 0C FB E7 CE A1 2F 33 D3 74 25 CC ...a....../3.t%.
> 0170: 5F 67 E8 89 2A 3A B4 66 71 BB A0 0F F0 E5 83 2A _g..*:.fq......*
> 0180: E3 DD 83 0D DE 16 44 C7 A2 6A 76 01 AD 25 04 B8 ......D..jv..%..
> 0190: D3 25 A0 AF 70 C0 DA BB F8 36 A5 F9 9F DA 92 BF .%..p....6......
> 01A0: D1 27 96 C7 52 3B 13 B7 8F 32 C9 BA 64 E6 0C C2 .'..R;...2..d...
> 01B0: 2D 60 55 5D 7C 92 7E D7 B9 A6 8B 5C FD 2E FF D6 -`U].......\....
> 01C0: EA 64 C0 2B 42 3D 09 71 85 BD 65 DE 61 AD 6A 3B .d.+B=.q..e.a.j;
> 01D0: F9 1A F6 B2 DD E1 7A 40 98 F1 86 6C CD B9 E2 5B ......z@...l...[
> 01E0: D6 F2 A5 E8 4E 15 4B 65 0E 38 3F 8C A9 8C FC 97 ....N.Ke.8?.....
> 01F0: 93 0A 51 70 6F B4 6E CF E1 67 96 95 B1 08 E6 23 ..Qpo.n..g.....#
> 0200: BF E9 1B FB 81 18 3B 10 5D 3C 1F 80 55 3A 8E AE ......;.]<..U:..
> 0210: EE 5A 70 0A 3A 18 0A 9A 78 83 D5 1B 4D 9F F7 AA .Zp.:...x...M...
> 0220: D2 3A 8B 55 B6 .:.U.
>
> Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt
> false ticketCache is null isInitiator true KeyTab is /etc/_kerbisspoc.keytab
> refreshKrb5Config is true principal is
> HTTP/_kerbisspoc-service.melkweg.tld@MELKWEG.TLD tryFirstPass is false
> useFirstPass is false storePass is false clearPass is false
> Refreshing Kerberos configuration
> Config name: /etc/krb5.conf
> Refreshing Keytab
>>>> KdcAccessibility: reset
>>>> KeyTabInputStream, readName(): MELKWEG.TLD
>>>> KeyTabInputStream, readName(): HTTP
>>>> KeyTabInputStream, readName(): _kerbisspoc-service.melkweg.tld
>>>> KeyTab: load() entry length: 83; type: 23
> Added key: 23version: 4
> Ordering keys wrt default_tkt_enctypes list
> Using builtin default etypes for default_tkt_enctypes
> default etypes for default_tkt_enctypes: 3 1 23 16 17 18.
> principal's key obtained from the keytab
> Acquire TGT using AS Exchange
> Using builtin default etypes for default_tkt_enctypes
> default etypes for default_tkt_enctypes: 3 1 23 16 17 18.
>>>> KrbAsReq calling createMessage
>>>> KrbAsReq in createMessage
>>>> KrbKdcReq send: kdc=corx01.melkweg.tld UDP:88, timeout=30000, number of
>>>> retries =3, #bytes=166
>>>> KDCCommunication: kdc=corx01.melkweg.tld UDP:88, timeout=30000,Attempt
>>>> =1, #bytes=166
>>>> KrbKdcReq send: #bytes read=631
>>>> KrbKdcReq send: #bytes read=631
>>>> KdcAccessibility: remove corx01.melkweg.tld
>>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>>> KrbAsRep cons in KrbAsReq.getReply HTTP/_kerbisspoc-service.melkweg.tld
> principal is HTTP/_kerbisspoc-service.melkweg.tld@MELKWEG.TLD
> EncryptionKey: keyType=23 keyBytes (hex dump)=0000: E7 F7 BA 95 A4 39 BC C1
> C7 75 22 6B CF 95 B5 E9 .....9...u"k....
>
> Added server's keyKerberos Principal
> HTTP/_kerbisspoc-service.melkweg.tld@MELKWEG.TLDKey Version 4key
> EncryptionKey: keyType=23 keyBytes (hex dump)=
> 0000: E7 F7 BA 95 A4 39 BC C1 C7 75 22 6B CF 95 B5 E9 .....9...u"k....
>
> [Krb5LoginModule] added Krb5Principal
> HTTP/_kerbisspoc-service.melkweg.tld@MELKWEG.TLD to Subject
> Commit Succeeded
>
> Tests run: 12, Failures: 0, Errors: 1, Skipped: 11, Time elapsed: 11.529 sec
> <<< FAILURE!
> testKerberosOverSymmetric(org.apache.cxf.systest.ws.kerberos.KerberosTokenTest)
> Time elapsed: 4.094 sec <<< ERROR!
> javax.xml.ws.soap.SOAPFaultException: General security error (An error
> occurred in trying to validate a ticket)
> at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:156)
> at $Proxy42.doubleIt(Unknown Source)
> at
> org.apache.cxf.systest.ws.kerberos.KerberosTokenTest.testKerberosOverSymmetric(KerberosTokenTest.java:131)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at
> org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:44)
> at
> org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:15)
> at
> org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:41)
> at
> org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:20)
> at
> org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:31)
> at
> org.junit.runners.BlockJUnit4ClassRunner.runNotIgnored(BlockJUnit4ClassRunner.java:79)
> at
> org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:71)
> at
> org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:49)
> at org.junit.runners.ParentRunner$3.run(ParentRunner.java:193)
> at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:52)
> at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:191)
> at org.junit.runners.ParentRunner.access$000(ParentRunner.java:42)
> at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:184)
> at
> org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:28)
> at
> org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:31)
> at org.junit.runners.ParentRunner.run(ParentRunner.java:236)
> at
> org.apache.maven.surefire.junit4.JUnit4Provider.execute(JUnit4Provider.java:236)
> at
> org.apache.maven.surefire.junit4.JUnit4Provider.executeTestSet(JUnit4Provider.java:134)
> at
> org.apache.maven.surefire.junit4.JUnit4Provider.invoke(JUnit4Provider.java:113)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at
> org.apache.maven.surefire.util.ReflectionUtils.invokeMethodWithArray(ReflectionUtils.java:189)
> at
> org.apache.maven.surefire.booter.ProviderFactory$ProviderProxy.invoke(ProviderFactory.java:165)
> at
> org.apache.maven.surefire.booter.ProviderFactory.invokeProvider(ProviderFactory.java:85)
> at
> org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:103)
> at
> org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:74)
> Caused by: org.apache.cxf.binding.soap.SoapFault: General security error (An
> error occurred in trying to validate a ticket)
> at
> org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalFault(Soap11FaultInInterceptor.java:75)
> at
> org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:46)
> at
> org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:35)
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
> at
> org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:113)
> at
> org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:69)
> at
> org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34)
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
> at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:798)
> at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1656)
> at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1521)
> at
> org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1429)
> at
> org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
> at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:659)
> at
> org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
> at
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
> at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:532)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320)
> at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:89)
> at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134)
> ... 34 more
>
> Results :
>
> Tests in error:
>
> testKerberosOverSymmetric(org.apache.cxf.systest.ws.kerberos.KerberosTokenTest):
> General security error (An error occurred in trying to validate a ticket)
>
> Tests run: 12, Failures: 0, Errors: 1, Skipped: 11
>
> Output using version "1.7.0_3":
>
> -------------------------------------------------------
> T E S T S
> -------------------------------------------------------
> Running org.apache.cxf.systest.ws.kerberos.KerberosTokenTest
> In testKerberosOverSymmetric.
> Unrestricted policies installed
> Debug is true storeKey false useTicketCache false useKeyTab true
> doNotPrompt false ticketCache is null isInitiator true KeyTab is
> /etc/_kerbisspoc.keytab refreshKrb5Config is true principal is
> HTTP/_kerbisspoc-service.melkweg.tld@ tryFirstPass is false useFirstPass is
> false storePass is false clearPass is false
> Refreshing Kerberos configuration
> Config name: /etc/krb5.conf
>>>> KdcAccessibility: reset
>>>> KdcAccessibility: reset
>>>> KeyTabInputStream, readName(): MELKWEG.TLD
>>>> KeyTabInputStream, readName(): HTTP
>>>> KeyTabInputStream, readName(): _kerbisspoc-service.melkweg.tld
>>>> KeyTab: load() entry length: 83; type: 23
> Added key: 23version: 4
> Ordering keys wrt default_tkt_enctypes list
> Using builtin default etypes for default_tkt_enctypes
> default etypes for default_tkt_enctypes: 18 17 16 23 1 3.
> Added key: 23version: 4
> Ordering keys wrt default_tkt_enctypes list
> Using builtin default etypes for default_tkt_enctypes
> default etypes for default_tkt_enctypes: 18 17 16 23 1 3.
> Using builtin default etypes for default_tkt_enctypes
> default etypes for default_tkt_enctypes: 18 17 16 23 1 3.
>>>> KrbAsReq creating message
>>>> KrbKdcReq send: kdc=corx01.melkweg.tld UDP:88, timeout=30000, number of
>>>> retries =3, #bytes=166
>>>> KDCCommunication: kdc=corx01.melkweg.tld UDP:88, timeout=30000,Attempt
>>>> =1, #bytes=166
>>>> KrbKdcReq send: #bytes read=631
>>>> KdcAccessibility: remove corx01.melkweg.tld
> Added key: 23version: 4
> Ordering keys wrt default_tkt_enctypes list
> Using builtin default etypes for default_tkt_enctypes
> default etypes for default_tkt_enctypes: 18 17 16 23 1 3.
>>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>>> KrbAsRep cons in KrbAsReq.getReply HTTP/_kerbisspoc-service.melkweg.tld
> principal is HTTP/_kerbisspoc-service.melkweg.tld@MELKWEG.TLD
> Will use keytab
> Commit Succeeded
>
> Found ticket for HTTP/_kerbisspoc-service.melkweg.tld@MELKWEG.TLD to go to
> krbtgt/MELKWEG.TLD@MELKWEG.TLD expiring on Thu Apr 26 03:33:58 CEST 2012
> Entered Krb5Context.initSecContext with state=STATE_NEW
> Found ticket for HTTP/_kerbisspoc-service.melkweg.tld@MELKWEG.TLD to go to
> krbtgt/MELKWEG.TLD@MELKWEG.TLD expiring on Thu Apr 26 03:33:58 CEST 2012
> Service ticket not found in the subject
>>>> Credentials acquireServiceCreds: same realm
> Using builtin default etypes for default_tgs_enctypes
> default etypes for default_tgs_enctypes: 18 17 16 23 1 3.
>>>> CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType
>>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>>> KrbKdcReq send: kdc=corx01.melkweg.tld UDP:88, timeout=30000, number of
>>>> retries =3, #bytes=665
>>>> KDCCommunication: kdc=corx01.melkweg.tld UDP:88, timeout=30000,Attempt
>>>> =1, #bytes=665
>>>> KrbKdcReq send: #bytes read=643
>>>> KdcAccessibility: remove corx01.melkweg.tld
>>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>>> KrbApReq: APOptions are 00000000 00000000 00000000 00000000
>>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
> Krb5Context setting mySeqNumber to: 87301791
> Krb5Context setting peerSeqNumber to: 0
> Created InitSecContextToken:
>
> 0000: 01 00 6E 82 02 2B 30 82 02 27 A0 03 02 01 05 A1 ..n..+0..'......
> 0010: 03 02 01 0E A2 07 03 05 00 00 00 00 00 A3 82 01 ................
> 0020: 33 61 82 01 2F 30 82 01 2B A0 03 02 01 05 A1 0D 3a../0..+.......
> 0030: 1B 0B 4D 45 4C 4B 57 45 47 2E 54 4C 44 A2 32 30 ..MELKWEG.TLD.20
> 0040: 30 A0 03 02 01 00 A1 29 30 27 1B 04 48 54 54 50 0......)0'..HTTP
> 0050: 1B 1F 5F 6B 65 72 62 69 73 73 70 6F 63 2D 73 65 .._kerbisspoc-se
> 0060: 72 76 69 63 65 2E 6D 65 6C 6B 77 65 67 2E 74 6C rvice.melkweg.tl
> 0070: 64 A3 81 E0 30 81 DD A0 03 02 01 17 A1 03 02 01 d...0...........
> 0080: 04 A2 81 D0 04 81 CD BB FE 9C 11 EC DB 48 8D 5E .............H.^
> 0090: D5 C7 B8 C8 A9 6F 42 E3 09 F1 C5 33 C7 A6 5C B5 .....oB....3..\.
> 00A0: EE B8 E5 6C 8E EC 5C BB 15 07 17 1E 10 BC D2 78 ...l..\........x
> 00B0: 5E 06 6F FC 7E D7 54 9A 7C DD CC 55 90 98 F1 BF ^.o...T....U....
> 00C0: 45 BD 98 31 44 0F 6E F9 E6 99 8E FD 2C C8 DA E5 E..1D.n.....,...
> 00D0: 92 2D A0 3D 9A 87 EC BD 44 CC 7C 72 ED B7 21 58 .-.=....D..r..!X
> 00E0: 66 2D A4 36 A0 F9 4E 0E D4 7B 69 4B 2E 12 5B A4 f-.6..N...iK..[.
> 00F0: 77 B0 10 8E B4 6F 4A 9E D1 89 BC 7C 53 E5 17 60 w....oJ.....S..`
> 0100: 0B FB 7F 25 7C 56 E3 39 83 1C 97 38 85 ED C8 6A ...%.V.9...8...j
> 0110: C4 88 13 1D 48 4F 48 07 76 60 4D B7 CD 43 B1 A0 ....HOH.v`M..C..
> 0120: B8 BB 8D F5 C6 14 CF 8D 41 30 4E BC A4 C3 99 D1 ........A0N.....
> 0130: E7 FE F6 42 9D 44 1F 39 E7 37 B6 04 BD FF ED 37 ...B.D.9.7.....7
> 0140: CD C1 6A 79 B4 6C 2B 65 09 22 E1 2C 5B A8 21 76 ..jy.l+e.".,[.!v
> 0150: D5 91 AB 7D A4 81 DA 30 81 D7 A0 03 02 01 17 A2 .......0........
> 0160: 81 CF 04 81 CC B7 75 8C 38 22 08 CE BE C4 B8 9C ......u.8"......
> 0170: 85 19 DC F9 8F 64 33 A2 9D 9A 8C C6 7A 72 DA 2E .....d3.....zr..
> 0180: 77 BC 6C D6 09 08 E9 4A D6 CC C5 6B 95 89 3D 63 w.l....J...k..=c
> 0190: E0 B9 B1 A0 8F 70 B8 41 01 80 F4 C9 34 16 36 D1 .....p.A....4.6.
> 01A0: 34 55 91 14 4D DE BF 7A 54 D3 7C 39 A2 02 59 A8 4U..M..zT..9..Y.
> 01B0: 1B 40 70 FC D3 86 E7 62 92 4B 42 75 4F 92 8A 1C .@p....b.KBuO...
> 01C0: B4 2F 09 77 F4 27 86 72 37 54 29 99 59 88 3E 42 ./.w.'.r7T).Y.>B
> 01D0: 00 EB 73 74 44 AA 9B 28 F7 7E 58 00 8F D9 06 ED ..stD..(..X.....
> 01E0: 59 52 3C EF B9 A9 45 B4 97 BC CC D4 1F 4F D7 45 YR<...E......O.E
> 01F0: 66 58 A3 31 34 A4 63 C0 E9 19 5D 80 71 37 34 33 fX.14.c...].q743
> 0200: 5E 2D 45 77 53 BF 6A 1F 21 41 0A 4B C6 DF 60 54 ^-EwS.j.!A.K..`T
> 0210: D4 EE C4 A1 55 48 6B AF 0C BD 52 46 8B C4 C9 FB ....UHk...RF....
> 0220: 75 76 5F 99 D6 26 26 DC 5B 10 E9 18 88 E2 9B 57 uv_..&&.[......W
> 0230: 07 .
>
> Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt
> false ticketCache is null isInitiator true KeyTab is /etc/_kerbisspoc.keytab
> refreshKrb5Config is true principal is
> HTTP/_kerbisspoc-service.melkweg.tld@MELKWEG.TLD tryFirstPass is false
> useFirstPass is false storePass is false clearPass is false
> Refreshing Kerberos configuration
> Config name: /etc/krb5.conf
>>>> KdcAccessibility: reset
> Added key: 23version: 4
> Ordering keys wrt default_tkt_enctypes list
> Using builtin default etypes for default_tkt_enctypes
> default etypes for default_tkt_enctypes: 18 17 16 23 1 3.
> Added key: 23version: 4
> Ordering keys wrt default_tkt_enctypes list
> Using builtin default etypes for default_tkt_enctypes
> default etypes for default_tkt_enctypes: 18 17 16 23 1 3.
> Using builtin default etypes for default_tkt_enctypes
> default etypes for default_tkt_enctypes: 18 17 16 23 1 3.
>>>> KrbAsReq creating message
>>>> KrbKdcReq send: kdc=corx01.melkweg.tld UDP:88, timeout=30000, number of
>>>> retries =3, #bytes=166
>>>> KDCCommunication: kdc=corx01.melkweg.tld UDP:88, timeout=30000,Attempt
>>>> =1, #bytes=166
>>>> KrbKdcReq send: #bytes read=631
>>>> KdcAccessibility: remove corx01.melkweg.tld
> Added key: 23version: 4
> Ordering keys wrt default_tkt_enctypes list
> Using builtin default etypes for default_tkt_enctypes
> default etypes for default_tkt_enctypes: 18 17 16 23 1 3.
>>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>>> KrbAsRep cons in KrbAsReq.getReply HTTP/_kerbisspoc-service.melkweg.tld
> principal is HTTP/_kerbisspoc-service.melkweg.tld@MELKWEG.TLD
> Will use keytab
> Added key: 23version: 4
> Ordering keys wrt default_tkt_enctypes list
> Using builtin default etypes for default_tkt_enctypes
> default etypes for default_tkt_enctypes: 18 17 16 23 1 3.
> Commit Succeeded
>
> Found KeyTab
> Found KerberosKey for HTTP/_kerbisspoc-service.melkweg.tld@MELKWEG.TLD
> Entered Krb5Context.acceptSecContext with state=STATE_NEW
> Added key: 23version: 4
> Ordering keys wrt default_tkt_enctypes list
> Using builtin default etypes for default_tkt_enctypes
> default etypes for default_tkt_enctypes: 18 17 16 23 1 3.
>>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
> Using builtin default etypes for permitted_enctypes
> default etypes for permitted_enctypes: 18 17 16 23 1 3.
>>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
> replay cache for HTTP/_kerbisspoc-service.melkweg.tld@MELKWEG.TLD is null.
> object 0: 1335368038927/927468
> object 0: 1335368038927/927468
>>>> KrbApReq: authenticate succeed.
> Krb5Context setting peerSeqNumber to: 87301791
> Krb5Context setting mySeqNumber to: 87301791
> Tests run: 12, Failures: 0, Errors: 0, Skipped: 11, Time elapsed: 7.707 sec
>
> Results :
>
> Tests run: 12, Failures: 0, Errors: 0, Skipped: 11
>
> So, does anybody know if this is my own fault, or if it is caused by a bug
> in java?
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/Kerberos-and-credential-propagation-tp5646577p5665237.html
> Sent from the cxf-user mailing list archive at Nabble.com.
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: Kerberos and credential propagation
Posted by Henk-Jan <h....@cordares.nl>.
Thanks for your answer Freeman
I already tried the examples you mentioned before but couldn't get them to
work. However, as they seemed to address the problem I was facing I gave
them another try, to no avail.
Until yesterday, after I installed java 7 (java version "1.7.0_03") suddenly
everything was working fine. But as we're deploying our services to WAS
which uses java 6 this is no acceptable solution.
Maybe someone can help me to get the examples working under java 6 ? Or
point me to some possible working alternatives?
I also stumbled upon the following bug, but I don't think it applies to my
problem: http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=7061379
My configuration:
Source: https://svn.apache.org/repos/asf/cxf/trunk/
Redhat Linux server : narvi.sfb
SPN (*): HTTP/_kerbisspoc-service.melkweg.tld
KDC server: corx01.melkweg.tld
(*): both the client & the server use the same SPN
Content of /etc/krb5.conf:
[libdefaults]
default_realm = MELKWEG.TLD
[realms]
MELKWEG.TLD = {
kdc = corx01.melkweg.tld
}
[domain_realm]
.sfb = MELKWEG.TLD
Content of Login.jaas:
client {
com.sun.security.auth.module.Krb5LoginModule required
refreshKrb5Config=true
useKeyTab=true
debug=true
keyTab="/etc/_kerbisspoc.keytab"
principal="HTTP/_kerbisspoc-service.melkweg.tld@";
};
server {
com.sun.security.auth.module.Krb5LoginModule required
debug=true
refreshKrb5Config=true
useKeyTab=true
storeKey=true
keyTab="/etc/_kerbisspoc.keytab"
principal="HTTP/_kerbisspoc-service.melkweg.tld@MELKWEG.TLD";
};
Context of client.xml (relevant part):
<bean id="kerberosValidator"
class="org.apache.ws.security.validate.KerberosTokenValidator">
<property name="contextName" value="server"/>
<property name="serviceName"
value="HTTP/_kerbisspoc-service.melkweg.tld@"/>
</bean>
Context of server.xml (relevant part):
<jaxws:client
name="{http://www.example.org/contract/DoubleIt}DoubleItKerberosSymmetricPort"
createdFromAPI="true">
<jaxws:properties>
<entry key="ws-security.encryption.properties"
value="org/apache/cxf/systest/ws/wssec10/client/bob.properties"/>
<entry key="ws-security.encryption.username" value="bob"/>
<entry key="ws-security.kerberos.client">
<bean
class="org.apache.cxf.ws.security.kerberos.KerberosClient">
<constructor-arg ref="cxf"/>
<property name="contextName" value="client"/>
<property name="serviceName"
value="HTTP/_kerbisspoc-service.melkweg.tld@"/>
</bean>
</entry>
</jaxws:properties>
</jaxws:client>
Command line for the test:
mvn test -Pnochecks -Dsun.security.krb5.debug=true -Dtest=KerberosTokenTest
-Djava.security.auth.login.config=src/test/resources/kerberos.jaas
Output using version "1.6.0_25":
-------------------------------------------------------
T E S T S
-------------------------------------------------------
Running org.apache.cxf.systest.ws.kerberos.KerberosTokenTest
In testKerberosOverSymmetric.
Unrestricted policies installed
Debug is true storeKey false useTicketCache false useKeyTab true
doNotPrompt false ticketCache is null isInitiator true KeyTab is
/etc/_kerbisspoc.keytab refreshKrb5Config is true principal is
HTTP/_kerbisspoc-service.melkweg.tld@ tryFirstPass is false useFirstPass is
false storePass is false clearPass is false
Refreshing Kerberos configuration
Config name: /etc/krb5.conf
>>> KdcAccessibility: reset
>>> KeyTabInputStream, readName(): MELKWEG.TLD
>>> KeyTabInputStream, readName(): HTTP
>>> KeyTabInputStream, readName(): _kerbisspoc-service.melkweg.tld
>>> KeyTab: load() entry length: 83; type: 23
Added key: 23version: 4
Ordering keys wrt default_tkt_enctypes list
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 23 16 17 18.
principal's key obtained from the keytab
Acquire TGT using AS Exchange
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 23 16 17 18.
>>> KrbAsReq calling createMessage
>>> KrbAsReq in createMessage
>>> KrbKdcReq send: kdc=corx01.melkweg.tld UDP:88, timeout=30000, number of
>>> retries =3, #bytes=166
>>> KDCCommunication: kdc=corx01.melkweg.tld UDP:88, timeout=30000,Attempt
>>> =1, #bytes=166
>>> KrbKdcReq send: #bytes read=631
>>> KrbKdcReq send: #bytes read=631
>>> KdcAccessibility: remove corx01.melkweg.tld
>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>> KrbAsRep cons in KrbAsReq.getReply HTTP/_kerbisspoc-service.melkweg.tld
principal is HTTP/_kerbisspoc-service.melkweg.tld@MELKWEG.TLD
EncryptionKey: keyType=23 keyBytes (hex dump)=0000: E7 F7 BA 95 A4 39 BC C1
C7 75 22 6B CF 95 B5 E9 .....9...u"k....
Commit Succeeded
Found ticket for HTTP/_kerbisspoc-service.melkweg.tld@MELKWEG.TLD to go to
krbtgt/MELKWEG.TLD@MELKWEG.TLD expiring on Thu Apr 26 03:30:36 CEST 2012
Entered Krb5Context.initSecContext with state=STATE_NEW
Found ticket for HTTP/_kerbisspoc-service.melkweg.tld@MELKWEG.TLD to go to
krbtgt/MELKWEG.TLD@MELKWEG.TLD expiring on Thu Apr 26 03:30:36 CEST 2012
Service ticket not found in the subject
>>> Credentials acquireServiceCreds: same realm
Using builtin default etypes for default_tgs_enctypes
default etypes for default_tgs_enctypes: 3 1 23 16 17 18.
>>> CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType
>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>> KrbKdcReq send: kdc=corx01.melkweg.tld UDP:88, timeout=30000, number of
>>> retries =3, #bytes=665
>>> KDCCommunication: kdc=corx01.melkweg.tld UDP:88, timeout=30000,Attempt
>>> =1, #bytes=665
>>> KrbKdcReq send: #bytes read=627
>>> KrbKdcReq send: #bytes read=627
>>> KdcAccessibility: remove corx01.melkweg.tld
>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>> KrbApReq: APOptions are 00000000 00000000 00000000 00000000
>>> EType: sun.security.krb5.internal.crypto.DesCbcMd5EType
Krb5Context setting mySeqNumber to: 19043227
Krb5Context setting peerSeqNumber to: 0
Created InitSecContextToken:
0000: 01 00 6E 82 02 1F 30 82 02 1B A0 03 02 01 05 A1 ..n...0.........
0010: 03 02 01 0E A2 07 03 05 00 00 00 00 00 A3 82 01 ................
0020: 2B 61 82 01 27 30 82 01 23 A0 03 02 01 05 A1 0D +a..'0..#.......
0030: 1B 0B 4D 45 4C 4B 57 45 47 2E 54 4C 44 A2 32 30 ..MELKWEG.TLD.20
0040: 30 A0 03 02 01 00 A1 29 30 27 1B 04 48 54 54 50 0......)0'..HTTP
0050: 1B 1F 5F 6B 65 72 62 74 6F 6D 70 6F 63 2D 73 65 .._kerbtompoc-se
0060: 72 76 69 63 65 2E 6D 65 6C 6B 77 65 67 2E 74 6C rvice.melkweg.tl
0070: 64 A3 81 D8 30 81 D5 A0 03 02 01 17 A1 03 02 01 d...0...........
0080: 02 A2 81 C8 04 81 C5 4D 9E 3F A3 AD 9D AC 7A 13 .......M.?....z.
0090: 7A FB F5 A5 0A 0A 3C E0 27 53 B3 78 FA 21 7F 30 z.....<.'S.x.!.0
00A0: 38 6D 20 95 B3 27 DA 77 31 00 3D CE 98 36 EA 58 8m ..'.w1.=..6.X
00B0: 39 60 85 44 4C 3B 81 AA CE EB 2D D6 6B 94 8A 1B 9`.DL;....-.k...
00C0: C3 54 92 A1 18 E0 41 75 2B 78 CE 43 FF 04 5E 64 .T....Au+x.C..^d
00D0: 22 90 AA EC C1 20 62 D9 9F E2 9F 96 BD FB BF 31 ".... b........1
00E0: 37 E3 C5 74 43 E4 F8 44 C1 84 24 51 4F A1 76 10 7..tC..D..$QO.v.
00F0: 70 5E 96 F9 E4 1B D2 28 9D B8 B6 82 CC 7A FA 59 p^.....(.....z.Y
0100: 07 96 0A 1D A7 01 32 09 DA C7 D5 BE AC DE 1A A0 ......2.........
0110: 49 A5 46 3E B6 C2 F1 8C 39 41 7C C4 AA 32 AA 2A I.F>....9A...2.*
0120: 68 7B 66 0A EF 82 E3 93 A3 0E B0 83 6C 0A 2F 09 h.f.........l./.
0130: 6E D8 59 93 E7 2B 5A 7C C1 88 C7 D8 1E 27 E4 C2 n.Y..+Z......'..
0140: 61 D9 0A 54 B6 03 9D 85 9A 15 54 55 A4 81 D6 30 a..T......TU...0
0150: 81 D3 A0 03 02 01 03 A2 81 CB 04 81 C8 4E AA 1D .............N..
0160: 9A 0F 00 61 07 0C FB E7 CE A1 2F 33 D3 74 25 CC ...a....../3.t%.
0170: 5F 67 E8 89 2A 3A B4 66 71 BB A0 0F F0 E5 83 2A _g..*:.fq......*
0180: E3 DD 83 0D DE 16 44 C7 A2 6A 76 01 AD 25 04 B8 ......D..jv..%..
0190: D3 25 A0 AF 70 C0 DA BB F8 36 A5 F9 9F DA 92 BF .%..p....6......
01A0: D1 27 96 C7 52 3B 13 B7 8F 32 C9 BA 64 E6 0C C2 .'..R;...2..d...
01B0: 2D 60 55 5D 7C 92 7E D7 B9 A6 8B 5C FD 2E FF D6 -`U].......\....
01C0: EA 64 C0 2B 42 3D 09 71 85 BD 65 DE 61 AD 6A 3B .d.+B=.q..e.a.j;
01D0: F9 1A F6 B2 DD E1 7A 40 98 F1 86 6C CD B9 E2 5B ......z@...l...[
01E0: D6 F2 A5 E8 4E 15 4B 65 0E 38 3F 8C A9 8C FC 97 ....N.Ke.8?.....
01F0: 93 0A 51 70 6F B4 6E CF E1 67 96 95 B1 08 E6 23 ..Qpo.n..g.....#
0200: BF E9 1B FB 81 18 3B 10 5D 3C 1F 80 55 3A 8E AE ......;.]<..U:..
0210: EE 5A 70 0A 3A 18 0A 9A 78 83 D5 1B 4D 9F F7 AA .Zp.:...x...M...
0220: D2 3A 8B 55 B6 .:.U.
Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt
false ticketCache is null isInitiator true KeyTab is /etc/_kerbisspoc.keytab
refreshKrb5Config is true principal is
HTTP/_kerbisspoc-service.melkweg.tld@MELKWEG.TLD tryFirstPass is false
useFirstPass is false storePass is false clearPass is false
Refreshing Kerberos configuration
Config name: /etc/krb5.conf
Refreshing Keytab
>>> KdcAccessibility: reset
>>> KeyTabInputStream, readName(): MELKWEG.TLD
>>> KeyTabInputStream, readName(): HTTP
>>> KeyTabInputStream, readName(): _kerbisspoc-service.melkweg.tld
>>> KeyTab: load() entry length: 83; type: 23
Added key: 23version: 4
Ordering keys wrt default_tkt_enctypes list
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 23 16 17 18.
principal's key obtained from the keytab
Acquire TGT using AS Exchange
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 3 1 23 16 17 18.
>>> KrbAsReq calling createMessage
>>> KrbAsReq in createMessage
>>> KrbKdcReq send: kdc=corx01.melkweg.tld UDP:88, timeout=30000, number of
>>> retries =3, #bytes=166
>>> KDCCommunication: kdc=corx01.melkweg.tld UDP:88, timeout=30000,Attempt
>>> =1, #bytes=166
>>> KrbKdcReq send: #bytes read=631
>>> KrbKdcReq send: #bytes read=631
>>> KdcAccessibility: remove corx01.melkweg.tld
>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>> KrbAsRep cons in KrbAsReq.getReply HTTP/_kerbisspoc-service.melkweg.tld
principal is HTTP/_kerbisspoc-service.melkweg.tld@MELKWEG.TLD
EncryptionKey: keyType=23 keyBytes (hex dump)=0000: E7 F7 BA 95 A4 39 BC C1
C7 75 22 6B CF 95 B5 E9 .....9...u"k....
Added server's keyKerberos Principal
HTTP/_kerbisspoc-service.melkweg.tld@MELKWEG.TLDKey Version 4key
EncryptionKey: keyType=23 keyBytes (hex dump)=
0000: E7 F7 BA 95 A4 39 BC C1 C7 75 22 6B CF 95 B5 E9 .....9...u"k....
[Krb5LoginModule] added Krb5Principal
HTTP/_kerbisspoc-service.melkweg.tld@MELKWEG.TLD to Subject
Commit Succeeded
Tests run: 12, Failures: 0, Errors: 1, Skipped: 11, Time elapsed: 11.529 sec
<<< FAILURE!
testKerberosOverSymmetric(org.apache.cxf.systest.ws.kerberos.KerberosTokenTest)
Time elapsed: 4.094 sec <<< ERROR!
javax.xml.ws.soap.SOAPFaultException: General security error (An error
occurred in trying to validate a ticket)
at
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:156)
at $Proxy42.doubleIt(Unknown Source)
at
org.apache.cxf.systest.ws.kerberos.KerberosTokenTest.testKerberosOverSymmetric(KerberosTokenTest.java:131)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at
org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:44)
at
org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:15)
at
org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:41)
at
org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:20)
at
org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:31)
at
org.junit.runners.BlockJUnit4ClassRunner.runNotIgnored(BlockJUnit4ClassRunner.java:79)
at
org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:71)
at
org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:49)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:193)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:52)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:191)
at org.junit.runners.ParentRunner.access$000(ParentRunner.java:42)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:184)
at
org.junit.internal.runners.statements.RunBefores.evaluate(RunBefores.java:28)
at
org.junit.internal.runners.statements.RunAfters.evaluate(RunAfters.java:31)
at org.junit.runners.ParentRunner.run(ParentRunner.java:236)
at
org.apache.maven.surefire.junit4.JUnit4Provider.execute(JUnit4Provider.java:236)
at
org.apache.maven.surefire.junit4.JUnit4Provider.executeTestSet(JUnit4Provider.java:134)
at
org.apache.maven.surefire.junit4.JUnit4Provider.invoke(JUnit4Provider.java:113)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at
org.apache.maven.surefire.util.ReflectionUtils.invokeMethodWithArray(ReflectionUtils.java:189)
at
org.apache.maven.surefire.booter.ProviderFactory$ProviderProxy.invoke(ProviderFactory.java:165)
at
org.apache.maven.surefire.booter.ProviderFactory.invokeProvider(ProviderFactory.java:85)
at
org.apache.maven.surefire.booter.ForkedBooter.runSuitesInProcess(ForkedBooter.java:103)
at
org.apache.maven.surefire.booter.ForkedBooter.main(ForkedBooter.java:74)
Caused by: org.apache.cxf.binding.soap.SoapFault: General security error (An
error occurred in trying to validate a ticket)
at
org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.unmarshalFault(Soap11FaultInInterceptor.java:75)
at
org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:46)
at
org.apache.cxf.binding.soap.interceptor.Soap11FaultInInterceptor.handleMessage(Soap11FaultInInterceptor.java:35)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
at
org.apache.cxf.interceptor.AbstractFaultChainInitiatorObserver.onMessage(AbstractFaultChainInitiatorObserver.java:113)
at
org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:69)
at
org.apache.cxf.binding.soap.interceptor.CheckFaultInterceptor.handleMessage(CheckFaultInterceptor.java:34)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
at org.apache.cxf.endpoint.ClientImpl.onMessage(ClientImpl.java:798)
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponseInternal(HTTPConduit.java:1656)
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleResponse(HTTPConduit.java:1521)
at
org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1429)
at
org.apache.cxf.transport.AbstractConduit.close(AbstractConduit.java:56)
at org.apache.cxf.transport.http.HTTPConduit.close(HTTPConduit.java:659)
at
org.apache.cxf.interceptor.MessageSenderInterceptor$MessageSenderEndingInterceptor.handleMessage(MessageSenderInterceptor.java:62)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:262)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:532)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:464)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:367)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:320)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:89)
at
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:134)
... 34 more
Results :
Tests in error:
testKerberosOverSymmetric(org.apache.cxf.systest.ws.kerberos.KerberosTokenTest):
General security error (An error occurred in trying to validate a ticket)
Tests run: 12, Failures: 0, Errors: 1, Skipped: 11
Output using version "1.7.0_3":
-------------------------------------------------------
T E S T S
-------------------------------------------------------
Running org.apache.cxf.systest.ws.kerberos.KerberosTokenTest
In testKerberosOverSymmetric.
Unrestricted policies installed
Debug is true storeKey false useTicketCache false useKeyTab true
doNotPrompt false ticketCache is null isInitiator true KeyTab is
/etc/_kerbisspoc.keytab refreshKrb5Config is true principal is
HTTP/_kerbisspoc-service.melkweg.tld@ tryFirstPass is false useFirstPass is
false storePass is false clearPass is false
Refreshing Kerberos configuration
Config name: /etc/krb5.conf
>>> KdcAccessibility: reset
>>> KdcAccessibility: reset
>>> KeyTabInputStream, readName(): MELKWEG.TLD
>>> KeyTabInputStream, readName(): HTTP
>>> KeyTabInputStream, readName(): _kerbisspoc-service.melkweg.tld
>>> KeyTab: load() entry length: 83; type: 23
Added key: 23version: 4
Ordering keys wrt default_tkt_enctypes list
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 18 17 16 23 1 3.
Added key: 23version: 4
Ordering keys wrt default_tkt_enctypes list
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 18 17 16 23 1 3.
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 18 17 16 23 1 3.
>>> KrbAsReq creating message
>>> KrbKdcReq send: kdc=corx01.melkweg.tld UDP:88, timeout=30000, number of
>>> retries =3, #bytes=166
>>> KDCCommunication: kdc=corx01.melkweg.tld UDP:88, timeout=30000,Attempt
>>> =1, #bytes=166
>>> KrbKdcReq send: #bytes read=631
>>> KdcAccessibility: remove corx01.melkweg.tld
Added key: 23version: 4
Ordering keys wrt default_tkt_enctypes list
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 18 17 16 23 1 3.
>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>> KrbAsRep cons in KrbAsReq.getReply HTTP/_kerbisspoc-service.melkweg.tld
principal is HTTP/_kerbisspoc-service.melkweg.tld@MELKWEG.TLD
Will use keytab
Commit Succeeded
Found ticket for HTTP/_kerbisspoc-service.melkweg.tld@MELKWEG.TLD to go to
krbtgt/MELKWEG.TLD@MELKWEG.TLD expiring on Thu Apr 26 03:33:58 CEST 2012
Entered Krb5Context.initSecContext with state=STATE_NEW
Found ticket for HTTP/_kerbisspoc-service.melkweg.tld@MELKWEG.TLD to go to
krbtgt/MELKWEG.TLD@MELKWEG.TLD expiring on Thu Apr 26 03:33:58 CEST 2012
Service ticket not found in the subject
>>> Credentials acquireServiceCreds: same realm
Using builtin default etypes for default_tgs_enctypes
default etypes for default_tgs_enctypes: 18 17 16 23 1 3.
>>> CksumType: sun.security.krb5.internal.crypto.RsaMd5CksumType
>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>> KrbKdcReq send: kdc=corx01.melkweg.tld UDP:88, timeout=30000, number of
>>> retries =3, #bytes=665
>>> KDCCommunication: kdc=corx01.melkweg.tld UDP:88, timeout=30000,Attempt
>>> =1, #bytes=665
>>> KrbKdcReq send: #bytes read=643
>>> KdcAccessibility: remove corx01.melkweg.tld
>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>> KrbApReq: APOptions are 00000000 00000000 00000000 00000000
>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
Krb5Context setting mySeqNumber to: 87301791
Krb5Context setting peerSeqNumber to: 0
Created InitSecContextToken:
0000: 01 00 6E 82 02 2B 30 82 02 27 A0 03 02 01 05 A1 ..n..+0..'......
0010: 03 02 01 0E A2 07 03 05 00 00 00 00 00 A3 82 01 ................
0020: 33 61 82 01 2F 30 82 01 2B A0 03 02 01 05 A1 0D 3a../0..+.......
0030: 1B 0B 4D 45 4C 4B 57 45 47 2E 54 4C 44 A2 32 30 ..MELKWEG.TLD.20
0040: 30 A0 03 02 01 00 A1 29 30 27 1B 04 48 54 54 50 0......)0'..HTTP
0050: 1B 1F 5F 6B 65 72 62 69 73 73 70 6F 63 2D 73 65 .._kerbisspoc-se
0060: 72 76 69 63 65 2E 6D 65 6C 6B 77 65 67 2E 74 6C rvice.melkweg.tl
0070: 64 A3 81 E0 30 81 DD A0 03 02 01 17 A1 03 02 01 d...0...........
0080: 04 A2 81 D0 04 81 CD BB FE 9C 11 EC DB 48 8D 5E .............H.^
0090: D5 C7 B8 C8 A9 6F 42 E3 09 F1 C5 33 C7 A6 5C B5 .....oB....3..\.
00A0: EE B8 E5 6C 8E EC 5C BB 15 07 17 1E 10 BC D2 78 ...l..\........x
00B0: 5E 06 6F FC 7E D7 54 9A 7C DD CC 55 90 98 F1 BF ^.o...T....U....
00C0: 45 BD 98 31 44 0F 6E F9 E6 99 8E FD 2C C8 DA E5 E..1D.n.....,...
00D0: 92 2D A0 3D 9A 87 EC BD 44 CC 7C 72 ED B7 21 58 .-.=....D..r..!X
00E0: 66 2D A4 36 A0 F9 4E 0E D4 7B 69 4B 2E 12 5B A4 f-.6..N...iK..[.
00F0: 77 B0 10 8E B4 6F 4A 9E D1 89 BC 7C 53 E5 17 60 w....oJ.....S..`
0100: 0B FB 7F 25 7C 56 E3 39 83 1C 97 38 85 ED C8 6A ...%.V.9...8...j
0110: C4 88 13 1D 48 4F 48 07 76 60 4D B7 CD 43 B1 A0 ....HOH.v`M..C..
0120: B8 BB 8D F5 C6 14 CF 8D 41 30 4E BC A4 C3 99 D1 ........A0N.....
0130: E7 FE F6 42 9D 44 1F 39 E7 37 B6 04 BD FF ED 37 ...B.D.9.7.....7
0140: CD C1 6A 79 B4 6C 2B 65 09 22 E1 2C 5B A8 21 76 ..jy.l+e.".,[.!v
0150: D5 91 AB 7D A4 81 DA 30 81 D7 A0 03 02 01 17 A2 .......0........
0160: 81 CF 04 81 CC B7 75 8C 38 22 08 CE BE C4 B8 9C ......u.8"......
0170: 85 19 DC F9 8F 64 33 A2 9D 9A 8C C6 7A 72 DA 2E .....d3.....zr..
0180: 77 BC 6C D6 09 08 E9 4A D6 CC C5 6B 95 89 3D 63 w.l....J...k..=c
0190: E0 B9 B1 A0 8F 70 B8 41 01 80 F4 C9 34 16 36 D1 .....p.A....4.6.
01A0: 34 55 91 14 4D DE BF 7A 54 D3 7C 39 A2 02 59 A8 4U..M..zT..9..Y.
01B0: 1B 40 70 FC D3 86 E7 62 92 4B 42 75 4F 92 8A 1C .@p....b.KBuO...
01C0: B4 2F 09 77 F4 27 86 72 37 54 29 99 59 88 3E 42 ./.w.'.r7T).Y.>B
01D0: 00 EB 73 74 44 AA 9B 28 F7 7E 58 00 8F D9 06 ED ..stD..(..X.....
01E0: 59 52 3C EF B9 A9 45 B4 97 BC CC D4 1F 4F D7 45 YR<...E......O.E
01F0: 66 58 A3 31 34 A4 63 C0 E9 19 5D 80 71 37 34 33 fX.14.c...].q743
0200: 5E 2D 45 77 53 BF 6A 1F 21 41 0A 4B C6 DF 60 54 ^-EwS.j.!A.K..`T
0210: D4 EE C4 A1 55 48 6B AF 0C BD 52 46 8B C4 C9 FB ....UHk...RF....
0220: 75 76 5F 99 D6 26 26 DC 5B 10 E9 18 88 E2 9B 57 uv_..&&.[......W
0230: 07 .
Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt
false ticketCache is null isInitiator true KeyTab is /etc/_kerbisspoc.keytab
refreshKrb5Config is true principal is
HTTP/_kerbisspoc-service.melkweg.tld@MELKWEG.TLD tryFirstPass is false
useFirstPass is false storePass is false clearPass is false
Refreshing Kerberos configuration
Config name: /etc/krb5.conf
>>> KdcAccessibility: reset
Added key: 23version: 4
Ordering keys wrt default_tkt_enctypes list
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 18 17 16 23 1 3.
Added key: 23version: 4
Ordering keys wrt default_tkt_enctypes list
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 18 17 16 23 1 3.
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 18 17 16 23 1 3.
>>> KrbAsReq creating message
>>> KrbKdcReq send: kdc=corx01.melkweg.tld UDP:88, timeout=30000, number of
>>> retries =3, #bytes=166
>>> KDCCommunication: kdc=corx01.melkweg.tld UDP:88, timeout=30000,Attempt
>>> =1, #bytes=166
>>> KrbKdcReq send: #bytes read=631
>>> KdcAccessibility: remove corx01.melkweg.tld
Added key: 23version: 4
Ordering keys wrt default_tkt_enctypes list
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 18 17 16 23 1 3.
>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
>>> KrbAsRep cons in KrbAsReq.getReply HTTP/_kerbisspoc-service.melkweg.tld
principal is HTTP/_kerbisspoc-service.melkweg.tld@MELKWEG.TLD
Will use keytab
Added key: 23version: 4
Ordering keys wrt default_tkt_enctypes list
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 18 17 16 23 1 3.
Commit Succeeded
Found KeyTab
Found KerberosKey for HTTP/_kerbisspoc-service.melkweg.tld@MELKWEG.TLD
Entered Krb5Context.acceptSecContext with state=STATE_NEW
Added key: 23version: 4
Ordering keys wrt default_tkt_enctypes list
Using builtin default etypes for default_tkt_enctypes
default etypes for default_tkt_enctypes: 18 17 16 23 1 3.
>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
Using builtin default etypes for permitted_enctypes
default etypes for permitted_enctypes: 18 17 16 23 1 3.
>>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
replay cache for HTTP/_kerbisspoc-service.melkweg.tld@MELKWEG.TLD is null.
object 0: 1335368038927/927468
object 0: 1335368038927/927468
>>> KrbApReq: authenticate succeed.
Krb5Context setting peerSeqNumber to: 87301791
Krb5Context setting mySeqNumber to: 87301791
Tests run: 12, Failures: 0, Errors: 0, Skipped: 11, Time elapsed: 7.707 sec
Results :
Tests run: 12, Failures: 0, Errors: 0, Skipped: 11
So, does anybody know if this is my own fault, or if it is caused by a bug
in java?
--
View this message in context: http://cxf.547215.n5.nabble.com/Kerberos-and-credential-propagation-tp5646577p5665237.html
Sent from the cxf-user mailing list archive at Nabble.com.
Re: Kerberos and credential propagation
Posted by Freeman Fang <fr...@gmail.com>.
Hi,
Though I'm not an expert in this area, but I found something related
and should be helpful for you. Take a look at related blogs[1] and
[2], also the system test about it from [3], those should be a good
start for you.
[1]http://coheigea.blogspot.com/2011/10/using-kerberos-with-web-services-part-i.html
[2]http://coheigea.blogspot.com/2011/10/using-kerberos-with-web-services-part.html
[3]https://svn.apache.org/repos/asf/cxf/trunk/systests/ws-security/src/test/java/org/apache/cxf/systest/ws/kerberos/KerberosTokenTest.java
Freeman
On 2012-4-17, at 下午9:32, Henk-Jan wrote:
> First, I want to apologize for my lack of experience with java
> (including
> spring, spring-security, cxf, etc). I might also be asking this
> question in
> the wrong place, but I'm happy with all the help I can get. I
> posted this
> same question at the spring forum, if they come up with a solution
> I'll
> follow up with the conclusion.
>
> I want to create the following situation: A user accesses a website
> hosted
> by IIS. From IIS, a WCF service is called, which will call a web
> service
> developed using CXF. This service will forward the request to a
> WebSphere
> Enterprise Service Bus, which will forward the message to a WebSphere
> Process Server.
>
> IIS (Windows) -> WCF web service (.NET) -> CXF web service (Java) ->
> WESB ->
> WPS
>
> The WebSphere Process Server should be able to identify the user
> using a
> Kerberos token. Therefore, the Kerberos token should be propagated
> throughout the whole chain.
>
> As I have no control over the ESB, I started out with the following
> scenario:
>
> [1] IIS -> [2] WCF webservice -> [3] CXF webservice -> [4] CXF
> webservice
>
> The user credentials are propagated from [1] -> [2] -> [3]. However,
> I’m
> unable to call [4], the exception is “Access is denied (user is
> anonymous)”.
>
> In the CXF service [3], I have a KerberosServiceRequestToken, which
> contains
> a valid token (e.g. getToken() returns a binary array). However, I
> have no
> clue how to invoke the next service using this information (should I
> create
> a new LoginContext somehow?).
>
> Another poblem is the way the Kerberos token is exchanged.
> Currently, the
> token is transmitted over the transport layer (e.g. as a HTTP Header
> as part
> of the Negotiation Challenge). WPS expects the Kerberos token to be
> contained within the SOAP-header. Using WCF, this is straigthforward
> to
> implement. However, I haven’t been able to configure CXF to
> correctly
> process the soap header. Does anybody know if this is even possible?
>
> Thanks in advance,
> Henk-Jan.
>
> --
> View this message in context: http://cxf.547215.n5.nabble.com/Kerberos-and-credential-propagation-tp5646577p5646577.html
> Sent from the cxf-user mailing list archive at Nabble.com.
---------------------------------------------
Freeman Fang
FuseSource
Email:ffang@fusesource.com
Web: fusesource.com
Twitter: freemanfang
Blog: http://freemanfang.blogspot.com
http://blog.sina.com.cn/u/1473905042
weibo: http://weibo.com/u/1473905042