You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Robert Munteanu (JIRA)" <ji...@apache.org> on 2018/07/11 11:47:00 UTC
[jira] [Commented] (SLING-7774) Integrate Kerberos into Apache
Sling
[ https://issues.apache.org/jira/browse/SLING-7774?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16539952#comment-16539952 ]
Robert Munteanu commented on SLING-7774:
----------------------------------------
[~web] - I think you're running into https://github.com/ist-dresden/composum/issues/132 . I would suggest removing the composum bundles from Sling and trying again.
> Integrate Kerberos into Apache Sling
> ------------------------------------
>
> Key: SLING-7774
> URL: https://issues.apache.org/jira/browse/SLING-7774
> Project: Sling
> Issue Type: Bug
> Components: Authentication
> Reporter: Georg Weber
> Priority: Major
>
> Probably this is not a bug but we tried to enable Kerberos authentication in Sling but were not able to accomplish it. Documentation also gives us no hint how to do that.
> What would be the correct way to add Kerberos authentication to Sling?
> This is what we did:
> First of all we changed all default JAAS entries in the "Apache Felix JAAS Configuration Factory" to "Control Flag"="sufficient".
> Then we added a JAAS Kerberos configuration with "Ranking"=0, "Class Name"="com.sun.security.auth.module.Krb5LoginModule", an empty "Realm" and the following options:
>
> {code:java}
> doNotPrompt=true
> principal="http/dnsname@windows_domain_name"
> useKeyTab=true
> keyTab="/opt/sling/krb5.keytab"
> storeKey=true{code}
>
>
> When running a `curl -u : --negotiate` against the web server, we get the following error:
>
> {code:java}
> > GET /bin/browser.html HTTP/1.1
> > Host: dnsname
> > User-Agent: curl/7.59.0
> > Accept: */*
> >
> < HTTP/1.1 500 Server Error
> < Server: nginx/1.13.8
> < Date: Tue, 10 Jul 2018 15:05:12 GMT
> < Content-Type: text/html;charset=utf-8
> < Transfer-Encoding: chunked
> < Connection: keep-alive
> <
> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
> <html>
> <head>
> <title>500 Internal Server Error</title>
> </head>
> <body>
> <h1>Internal Server Error (500)</h1>
> <p>The requested URL /bin/browser.html resulted in an error in com.composum.sling.nodes.browser.BrowserServlet.</p>
> <h3>Exception:</h3>
> <pre>
> java.lang.NullPointerException
> at com.composum.sling.core.util.LinkUtil.getExtension(LinkUtil.java:342)
> at com.composum.sling.core.util.LinkUtil.getExtension(LinkUtil.java:299)
> at com.composum.sling.core.util.LinkUtil.getUrl(LinkUtil.java:136)
> at com.composum.sling.core.util.LinkUtil.getUrl(LinkUtil.java:94)
> at com.composum.sling.core.util.LinkUtil.getUrl(LinkUtil.java:45)
> at com.composum.sling.core.servlet.AbstractConsoleServlet.doGet(AbstractConsoleServlet.java:80)
> at org.apache.sling.api.servlets.SlingSafeMethodsServlet.mayService(SlingSafeMethodsServlet.java:266)
> at org.apache.sling.api.servlets.SlingSafeMethodsServlet.service(SlingSafeMethodsServlet.java:342)
> at org.apache.sling.api.servlets.SlingSafeMethodsServlet.service(SlingSafeMethodsServlet.java:374)
> at org.apache.sling.engine.impl.request.RequestData.service(RequestData.java:552)
> at org.apache.sling.engine.impl.filter.SlingComponentFilterChain.render(SlingComponentFilterChain.java:44)
> at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:77)
> at org.apache.sling.engine.impl.SlingRequestProcessorImpl.processComponent(SlingRequestProcessorImpl.java:282)
> at org.apache.sling.engine.impl.filter.RequestSlingFilterChain.render(RequestSlingFilterChain.java:49)
> at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:77)
> at org.apache.sling.engine.impl.debug.RequestProgressTrackerLogFilter.doFilter(RequestProgressTrackerLogFilter.java:107)
> at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:68)
> at org.apache.sling.i18n.impl.I18NFilter.doFilter(I18NFilter.java:131)
> at org.apache.sling.engine.impl.filter.AbstractSlingFilterChain.doFilter(AbstractSlingFilterChain.java:68)
> at org.apache.sling.engine.impl.SlingRequestProcessorImpl.doProcessRequest(SlingRequestProcessorImpl.java:151)
> at org.apache.sling.engine.impl.SlingMainServlet.service(SlingMainServlet.java:234)
> at org.apache.felix.http.base.internal.handler.ServletHandler.handle(ServletHandler.java:120)
> at org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:86)
> at org.apache.felix.http.sslfilter.internal.SslFilter.doFilter(SslFilter.java:96)
> at org.apache.felix.http.base.internal.handler.FilterHandler.handle(FilterHandler.java:135)
> at org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:81)
> at org.apache.sling.i18n.impl.I18NFilter.doFilter(I18NFilter.java:131)
> at org.apache.felix.http.base.internal.handler.FilterHandler.handle(FilterHandler.java:135)
> at org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:81)
> at org.apache.sling.engine.impl.log.RequestLoggerFilter.doFilter(RequestLoggerFilter.java:72)
> at org.apache.felix.http.base.internal.handler.FilterHandler.handle(FilterHandler.java:135)
> at org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:81)
> at org.apache.sling.engine.impl.parameters.RequestParameterSupportConfigurer.doFilter(RequestParameterSupportConfigurer.java:63)
> at org.apache.felix.http.base.internal.handler.FilterHandler.handle(FilterHandler.java:135)
> at org.apache.felix.http.base.internal.dispatch.InvocationChain.doFilter(InvocationChain.java:81)
> at org.apache.felix.http.base.internal.dispatch.Dispatcher$1.doFilter(Dispatcher.java:146)
> at org.apache.felix.http.base.internal.whiteboard.WhiteboardManager.invokePreprocessors(WhiteboardManager.java:1000)
> at org.apache.felix.http.base.internal.dispatch.Dispatcher.dispatch(Dispatcher.java:91)
> at org.apache.felix.http.base.internal.dispatch.DispatcherServlet.service(DispatcherServlet.java:49)
> at javax.servlet.http.HttpServlet.service(HttpServlet.java:725)
> at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:864)
> at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:535)
> at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255)
> at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:1595)
> at org.eclipse.jetty.server.handler.ScopedHandler.nextHandle(ScopedHandler.java:255)
> at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1253)
> at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:203)
> at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:473)
> at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:1564)
> at org.eclipse.jetty.server.handler.ScopedHandler.nextScope(ScopedHandler.java:201)
> at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1155)
> at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:144)
> at org.eclipse.jetty.server.handler.ContextHandlerCollection.handle(ContextHandlerCollection.java:219)
> at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:132)
> at org.eclipse.jetty.server.Server.handle(Server.java:531)
> at org.eclipse.jetty.server.HttpChannel.handle(HttpChannel.java:352)
> at org.eclipse.jetty.server.HttpConnection.onFillable(HttpConnection.java:260)
> at org.eclipse.jetty.io.AbstractConnection$ReadCallback.succeeded(AbstractConnection.java:281)
> at org.eclipse.jetty.io.FillInterest.fillable(FillInterest.java:102)
> at org.eclipse.jetty.io.ChannelEndPoint$2.run(ChannelEndPoint.java:118)
> at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.doProduce(EatWhatYouKill.java:319)
> at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.tryProduce(EatWhatYouKill.java:175)
> at org.eclipse.jetty.util.thread.strategy.EatWhatYouKill.run(EatWhatYouKill.java:133)
> at org.eclipse.jetty.util.thread.ReservedThreadExecutor$ReservedThread.run(ReservedThreadExecutor.java:366)
> at org.eclipse.jetty.util.thread.QueuedThreadPool.runJob(QueuedThreadPool.java:754)
> at org.eclipse.jetty.util.thread.QueuedThreadPool$2.run(QueuedThreadPool.java:672)
> at java.lang.Thread.run(Thread.java:748)
> </pre>
> <h3>Request Progress:</h3>
> <pre>
> 0 TIMER_START{Request Processing}
> 1 COMMENT timer_end format is {<elapsed microseconds>,<timer name>} <optional message>
> 7 LOG Method=GET, PathInfo=null
> 9 TIMER_START{handleSecurity}
> 935 TIMER_END{924,handleSecurity} authenticator org.apache.sling.auth.core.impl.SlingAuthenticator@135b75c4 returns true
> 1688 TIMER_START{ResourceResolution}
> 1774 TIMER_END{83,ResourceResolution} URI=/bin/browser.html resolves to Resource=ServletResource, servlet=com.composum.sling.nodes.browser.BrowserServlet, path=/bin/browser
> 1790 LOG Resource Path Info: SlingRequestPathInfo: path='/bin/browser', selectorString='null', extension='html', suffix='null'
> 1790 TIMER_START{ServletResolution}
> 1794 TIMER_START{resolveServlet(/bin/browser)}
> 1806 TIMER_END{11,resolveServlet(/bin/browser)} Using servlet com.composum.sling.nodes.browser.BrowserServlet
> 1808 TIMER_END{17,ServletResolution} URI=/bin/browser.html handled by Servlet=com.composum.sling.nodes.browser.BrowserServlet
> 1811 LOG Applying Requestfilters
> 1818 LOG Calling filter: org.apache.sling.i18n.impl.I18NFilter
> 1822 LOG Calling filter: org.apache.sling.engine.impl.debug.RequestProgressTrackerLogFilter
> 1828 LOG Applying Componentfilters
> 1836 TIMER_START{com.composum.sling.nodes.browser.BrowserServlet#0}
> 2150 TIMER_END{313,com.composum.sling.nodes.browser.BrowserServlet#0}
> 2194 LOG Filter timing: filter=org.apache.sling.engine.impl.debug.RequestProgressTrackerLogFilter, inner=0, total=0, outer=0
> 2707 LOG Applying Error filters
> 2710 LOG Calling filter: org.apache.sling.i18n.impl.I18NFilter
> 2718 TIMER_START{handleError:throwable=java.lang.NullPointerException}
> 3386 TIMER_END{667,handleError:throwable=java.lang.NullPointerException} Using handler org.apache.sling.servlets.resolver.internal.defaults.DefaultErrorHandlerServlet
> 4113 TIMER_END{4112,Request Processing} Dumping SlingRequestProgressTracker Entries
> </pre>
> <hr>
> <address>ApacheSling/2.6 (jetty/9.4.9.v20180320, OpenJDK 64-Bit Server VM 1.8.0_151, Linux 4.4.0-119-generic amd64)</address>
> </body>
> </html>
> {code}
>
> When doing the same against /system/console/bundles the reply is
> {code:java}
> < HTTP/1.1 401 Unauthorized
> < Server: nginx/1.13.8
> < Date: Tue, 10 Jul 2018 15:18:30 GMT
> < Content-Length: 0
> < Connection: keep-alive
> < WWW-Authenticate: Basic realm="OSGi Management Console"
> <{code}
> Here we are missing the "WWW-Authenticate: Negotiate" header.
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)