You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cxf.apache.org by Jim Ma <ma...@gmail.com> on 2013/04/23 08:56:27 UTC
KerberosTokenTest
Hi Colm,
After I setup the Kerboros server and ran the KerberosTokenTest following
the guide, I hit this No CallbackHandler error. It looks we didn't pass the
handler to KerberosClient. I ran it with JDK7, is there anything else I
need to configure?
testKerberosOverTransport(org.apache.cxf.systest.ws.kerberos.KerberosTokenTest)
Time elapsed: 0.434 sec <<< ERROR!
javax.xml.ws.soap.SOAPFaultException: General security error (An error
occurred
in trying to obtain a TGT: No CallbackHandler available to garner
authenticati
on information from the user)
at com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5Login
Module.java:856)
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(K
rb5LoginModule.java:715)
at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.j
ava:580)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl
.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcce
ssorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:601)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:784)
at
javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696)
at java.security.AccessController.doPrivileged(Native Method)
at
javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:695)
at javax.security.auth.login.LoginContext.login(LoginContext.java:594)
at
org.apache.ws.security.message.token.KerberosSecurity.retrieveServiceTicket(KerberosSecurity.java:133)
at
org.apache.cxf.ws.security.kerberos.KerberosClient.requestSecurityToken(KerberosClient.java:135)
at
org.apache.cxf.ws.security.policy.interceptors.KerberosTokenInterceptorProvider$KerberosTokenOutInterceptor.handleMessage(Ke
rberosTokenInterceptorProvider.java:114)
at
org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
at
org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:133)
at com.sun.proxy.$Proxy43.doubleIt(Unknown Source)
at
org.apache.cxf.systest.ws.kerberos.KerberosTokenTest.testKerberosOverTransport(KerberosTokenTest.java:92)
Thanks,
Jim
Re: KerberosTokenTest
Posted by Colm O hEigeartaigh <co...@apache.org>.
The tests that are failing are all the tests that require you to perform an
additional step. Uncomment the following bean + reference in the server.xml:
<!-- <bean id="kerberosTicketDecoderImpl"
class="org.apache.cxf.systest.ws.kerberos.server.KerberosTokenDecoderImpl"/>-->
<!--<property name="kerberosTokenDecoder"
ref="kerberosTicketDecoderImpl"/>-->
Then you need to download the KerberosTokenDecoderImpl referenced in my
blog entry and put it in that directory.
See section 1.1 here:
http://coheigea.blogspot.ie/2011/10/using-kerberos-with-web-services-part.html
Colm.
On Wed, Apr 24, 2013 at 8:10 AM, Jim Ma <ma...@gmail.com> wrote:
> Hi Colm,
> After corrected my localhost setting and re-configured the kerberos
> server , I got 6 tests passed. And there are still 7 failures (attached
> please see the test log):
>
> Tests in error:
> KerberosTokenTest.testKerberosOverSymmetricProtection:285 » SOAPFault
> The sign...
> KerberosTokenTest.testKerberosOverTransportEndorsing:235 » SOAPFault The
> signa...
> KerberosTokenTest.testKerberosOverSymmetricEndorsingEncrypted:400 »
> SOAPFault ...
> KerberosTokenTest.testKerberosOverAsymmetricEndorsing:260 » SOAPFault
> The sign...
> KerberosTokenTest.testKerberosOverAsymmetricSignedEndorsing:341 »
> SOAPFault Th...
> KerberosTokenTest.testKerberosOverSymmetricDerivedProtection:311 »
> SOAPFault G...
> KerberosTokenTest.testKerberosOverSymmetricSignedEndorsingEncrypted:430
> » SOAPFault
>
>
>
> Looks the kerberos server works. What else do you think I need to check ?
>
> Thanks,
> Jim
>
>
> On Tue, Apr 23, 2013 at 5:16 PM, Jim Ma <ma...@gmail.com> wrote:
>
>> Yes. I ran it with "mvn test -Dtest=KerberosTokenTest
>> -Djava.security.auth.login.config=src/test/resources/kerberos.jaas" under
>> trunk/systests/ws-security. It might be something wrong with my
>> environment. Let me have a look.
>> Thanks,
>> Jim
>>
>>
>> On Tue, Apr 23, 2013 at 5:11 PM, Colm O hEigeartaigh <coheigea@apache.org
>> > wrote:
>>
>>>
>>> How are you running the test? Are you passing
>>> "-Djava.security.auth.login.config=src/test/resources/kerberos.jaas"? It
>>> works fine for me on trunk with both JDK 1.6 + 1.7.
>>>
>>> Colm.
>>>
>>>
>>> On Tue, Apr 23, 2013 at 7:56 AM, Jim Ma <ma...@gmail.com> wrote:
>>>
>>>> Hi Colm,
>>>>
>>>> After I setup the Kerboros server and ran the KerberosTokenTest
>>>> following
>>>> the guide, I hit this No CallbackHandler error. It looks we didn't pass
>>>> the
>>>> handler to KerberosClient. I ran it with JDK7, is there anything else I
>>>> need to configure?
>>>>
>>>>
>>>> testKerberosOverTransport(org.apache.cxf.systest.ws.kerberos.KerberosTokenTest)
>>>> Time elapsed: 0.434 sec <<< ERROR!
>>>> javax.xml.ws.soap.SOAPFaultException: General security error (An error
>>>> occurred
>>>> in trying to obtain a TGT: No CallbackHandler available to garner
>>>> authenticati
>>>> on information from the user)
>>>> at
>>>> com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5Login
>>>> Module.java:856)
>>>> at
>>>> com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(K
>>>> rb5LoginModule.java:715)
>>>> at
>>>> com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.j
>>>> ava:580)
>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>> at
>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl
>>>> .java:57)
>>>> at
>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcce
>>>> ssorImpl.java:43)
>>>> at java.lang.reflect.Method.invoke(Method.java:601)
>>>> at
>>>> javax.security.auth.login.LoginContext.invoke(LoginContext.java:784)
>>>> at
>>>> javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)
>>>> at
>>>> javax.security.auth.login.LoginContext$4.run(LoginContext.java:698)
>>>> at
>>>> javax.security.auth.login.LoginContext$4.run(LoginContext.java:696)
>>>> at java.security.AccessController.doPrivileged(Native Method)
>>>> at
>>>> javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:695)
>>>> at
>>>> javax.security.auth.login.LoginContext.login(LoginContext.java:594)
>>>> at
>>>>
>>>> org.apache.ws.security.message.token.KerberosSecurity.retrieveServiceTicket(KerberosSecurity.java:133)
>>>> at
>>>>
>>>> org.apache.cxf.ws.security.kerberos.KerberosClient.requestSecurityToken(KerberosClient.java:135)
>>>> at
>>>>
>>>> org.apache.cxf.ws.security.policy.interceptors.KerberosTokenInterceptorProvider$KerberosTokenOutInterceptor.handleMessage(Ke
>>>> rberosTokenInterceptorProvider.java:114)
>>>> at
>>>>
>>>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
>>>> at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530)
>>>> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
>>>> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
>>>> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
>>>> at
>>>> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
>>>> at
>>>> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:133)
>>>> at com.sun.proxy.$Proxy43.doubleIt(Unknown Source)
>>>> at
>>>>
>>>> org.apache.cxf.systest.ws.kerberos.KerberosTokenTest.testKerberosOverTransport(KerberosTokenTest.java:92)
>>>>
>>>>
>>>> Thanks,
>>>> Jim
>>>>
>>>
>>>
>>>
>>> --
>>> Colm O hEigeartaigh
>>>
>>> Talend Community Coder
>>> http://coders.talend.com
>>>
>>
>>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: KerberosTokenTest
Posted by Jim Ma <ma...@gmail.com>.
Hi Colm,
After corrected my localhost setting and re-configured the kerberos server
, I got 6 tests passed. And there are still 7 failures (attached please see
the test log):
Tests in error:
KerberosTokenTest.testKerberosOverSymmetricProtection:285 » SOAPFault The
sign...
KerberosTokenTest.testKerberosOverTransportEndorsing:235 » SOAPFault The
signa...
KerberosTokenTest.testKerberosOverSymmetricEndorsingEncrypted:400 »
SOAPFault ...
KerberosTokenTest.testKerberosOverAsymmetricEndorsing:260 » SOAPFault The
sign...
KerberosTokenTest.testKerberosOverAsymmetricSignedEndorsing:341 »
SOAPFault Th...
KerberosTokenTest.testKerberosOverSymmetricDerivedProtection:311 »
SOAPFault G...
KerberosTokenTest.testKerberosOverSymmetricSignedEndorsingEncrypted:430 »
SOAPFault
Looks the kerberos server works. What else do you think I need to check ?
Thanks,
Jim
On Tue, Apr 23, 2013 at 5:16 PM, Jim Ma <ma...@gmail.com> wrote:
> Yes. I ran it with "mvn test -Dtest=KerberosTokenTest
> -Djava.security.auth.login.config=src/test/resources/kerberos.jaas" under
> trunk/systests/ws-security. It might be something wrong with my
> environment. Let me have a look.
> Thanks,
> Jim
>
>
> On Tue, Apr 23, 2013 at 5:11 PM, Colm O hEigeartaigh <co...@apache.org>wrote:
>
>>
>> How are you running the test? Are you passing
>> "-Djava.security.auth.login.config=src/test/resources/kerberos.jaas"? It
>> works fine for me on trunk with both JDK 1.6 + 1.7.
>>
>> Colm.
>>
>>
>> On Tue, Apr 23, 2013 at 7:56 AM, Jim Ma <ma...@gmail.com> wrote:
>>
>>> Hi Colm,
>>>
>>> After I setup the Kerboros server and ran the KerberosTokenTest following
>>> the guide, I hit this No CallbackHandler error. It looks we didn't pass
>>> the
>>> handler to KerberosClient. I ran it with JDK7, is there anything else I
>>> need to configure?
>>>
>>>
>>> testKerberosOverTransport(org.apache.cxf.systest.ws.kerberos.KerberosTokenTest)
>>> Time elapsed: 0.434 sec <<< ERROR!
>>> javax.xml.ws.soap.SOAPFaultException: General security error (An error
>>> occurred
>>> in trying to obtain a TGT: No CallbackHandler available to garner
>>> authenticati
>>> on information from the user)
>>> at
>>> com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5Login
>>> Module.java:856)
>>> at
>>> com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(K
>>> rb5LoginModule.java:715)
>>> at
>>> com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.j
>>> ava:580)
>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>> at
>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl
>>> .java:57)
>>> at
>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcce
>>> ssorImpl.java:43)
>>> at java.lang.reflect.Method.invoke(Method.java:601)
>>> at
>>> javax.security.auth.login.LoginContext.invoke(LoginContext.java:784)
>>> at
>>> javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)
>>> at
>>> javax.security.auth.login.LoginContext$4.run(LoginContext.java:698)
>>> at
>>> javax.security.auth.login.LoginContext$4.run(LoginContext.java:696)
>>> at java.security.AccessController.doPrivileged(Native Method)
>>> at
>>> javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:695)
>>> at
>>> javax.security.auth.login.LoginContext.login(LoginContext.java:594)
>>> at
>>>
>>> org.apache.ws.security.message.token.KerberosSecurity.retrieveServiceTicket(KerberosSecurity.java:133)
>>> at
>>>
>>> org.apache.cxf.ws.security.kerberos.KerberosClient.requestSecurityToken(KerberosClient.java:135)
>>> at
>>>
>>> org.apache.cxf.ws.security.policy.interceptors.KerberosTokenInterceptorProvider$KerberosTokenOutInterceptor.handleMessage(Ke
>>> rberosTokenInterceptorProvider.java:114)
>>> at
>>>
>>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
>>> at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530)
>>> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
>>> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
>>> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
>>> at
>>> org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
>>> at
>>> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:133)
>>> at com.sun.proxy.$Proxy43.doubleIt(Unknown Source)
>>> at
>>>
>>> org.apache.cxf.systest.ws.kerberos.KerberosTokenTest.testKerberosOverTransport(KerberosTokenTest.java:92)
>>>
>>>
>>> Thanks,
>>> Jim
>>>
>>
>>
>>
>> --
>> Colm O hEigeartaigh
>>
>> Talend Community Coder
>> http://coders.talend.com
>>
>
>
Re: KerberosTokenTest
Posted by Jim Ma <ma...@gmail.com>.
Yes. I ran it with "mvn test -Dtest=KerberosTokenTest
-Djava.security.auth.login.config=src/test/resources/kerberos.jaas" under
trunk/systests/ws-security. It might be something wrong with my
environment. Let me have a look.
Thanks,
Jim
On Tue, Apr 23, 2013 at 5:11 PM, Colm O hEigeartaigh <co...@apache.org>wrote:
>
> How are you running the test? Are you passing
> "-Djava.security.auth.login.config=src/test/resources/kerberos.jaas"? It
> works fine for me on trunk with both JDK 1.6 + 1.7.
>
> Colm.
>
>
> On Tue, Apr 23, 2013 at 7:56 AM, Jim Ma <ma...@gmail.com> wrote:
>
>> Hi Colm,
>>
>> After I setup the Kerboros server and ran the KerberosTokenTest following
>> the guide, I hit this No CallbackHandler error. It looks we didn't pass
>> the
>> handler to KerberosClient. I ran it with JDK7, is there anything else I
>> need to configure?
>>
>>
>> testKerberosOverTransport(org.apache.cxf.systest.ws.kerberos.KerberosTokenTest)
>> Time elapsed: 0.434 sec <<< ERROR!
>> javax.xml.ws.soap.SOAPFaultException: General security error (An error
>> occurred
>> in trying to obtain a TGT: No CallbackHandler available to garner
>> authenticati
>> on information from the user)
>> at
>> com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5Login
>> Module.java:856)
>> at
>> com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(K
>> rb5LoginModule.java:715)
>> at
>> com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.j
>> ava:580)
>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl
>> .java:57)
>> at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcce
>> ssorImpl.java:43)
>> at java.lang.reflect.Method.invoke(Method.java:601)
>> at
>> javax.security.auth.login.LoginContext.invoke(LoginContext.java:784)
>> at
>> javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)
>> at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698)
>> at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696)
>> at java.security.AccessController.doPrivileged(Native Method)
>> at
>> javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:695)
>> at javax.security.auth.login.LoginContext.login(LoginContext.java:594)
>> at
>>
>> org.apache.ws.security.message.token.KerberosSecurity.retrieveServiceTicket(KerberosSecurity.java:133)
>> at
>>
>> org.apache.cxf.ws.security.kerberos.KerberosClient.requestSecurityToken(KerberosClient.java:135)
>> at
>>
>> org.apache.cxf.ws.security.policy.interceptors.KerberosTokenInterceptorProvider$KerberosTokenOutInterceptor.handleMessage(Ke
>> rberosTokenInterceptorProvider.java:114)
>> at
>>
>> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
>> at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530)
>> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
>> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
>> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
>> at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
>> at
>> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:133)
>> at com.sun.proxy.$Proxy43.doubleIt(Unknown Source)
>> at
>>
>> org.apache.cxf.systest.ws.kerberos.KerberosTokenTest.testKerberosOverTransport(KerberosTokenTest.java:92)
>>
>>
>> Thanks,
>> Jim
>>
>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
Re: KerberosTokenTest
Posted by Colm O hEigeartaigh <co...@apache.org>.
How are you running the test? Are you passing
"-Djava.security.auth.login.config=src/test/resources/kerberos.jaas"? It
works fine for me on trunk with both JDK 1.6 + 1.7.
Colm.
On Tue, Apr 23, 2013 at 7:56 AM, Jim Ma <ma...@gmail.com> wrote:
> Hi Colm,
>
> After I setup the Kerboros server and ran the KerberosTokenTest following
> the guide, I hit this No CallbackHandler error. It looks we didn't pass the
> handler to KerberosClient. I ran it with JDK7, is there anything else I
> need to configure?
>
>
> testKerberosOverTransport(org.apache.cxf.systest.ws.kerberos.KerberosTokenTest)
> Time elapsed: 0.434 sec <<< ERROR!
> javax.xml.ws.soap.SOAPFaultException: General security error (An error
> occurred
> in trying to obtain a TGT: No CallbackHandler available to garner
> authenticati
> on information from the user)
> at com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5Login
> Module.java:856)
> at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(K
> rb5LoginModule.java:715)
> at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.j
> ava:580)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl
> .java:57)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcce
> ssorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:601)
> at javax.security.auth.login.LoginContext.invoke(LoginContext.java:784)
> at
> javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)
> at javax.security.auth.login.LoginContext$4.run(LoginContext.java:698)
> at javax.security.auth.login.LoginContext$4.run(LoginContext.java:696)
> at java.security.AccessController.doPrivileged(Native Method)
> at
> javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:695)
> at javax.security.auth.login.LoginContext.login(LoginContext.java:594)
> at
>
> org.apache.ws.security.message.token.KerberosSecurity.retrieveServiceTicket(KerberosSecurity.java:133)
> at
>
> org.apache.cxf.ws.security.kerberos.KerberosClient.requestSecurityToken(KerberosClient.java:135)
> at
>
> org.apache.cxf.ws.security.policy.interceptors.KerberosTokenInterceptorProvider$KerberosTokenOutInterceptor.handleMessage(Ke
> rberosTokenInterceptorProvider.java:114)
> at
>
> org.apache.cxf.phase.PhaseInterceptorChain.doIntercept(PhaseInterceptorChain.java:271)
> at org.apache.cxf.endpoint.ClientImpl.doInvoke(ClientImpl.java:530)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:463)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:366)
> at org.apache.cxf.endpoint.ClientImpl.invoke(ClientImpl.java:319)
> at org.apache.cxf.frontend.ClientProxy.invokeSync(ClientProxy.java:96)
> at
> org.apache.cxf.jaxws.JaxWsClientProxy.invoke(JaxWsClientProxy.java:133)
> at com.sun.proxy.$Proxy43.doubleIt(Unknown Source)
> at
>
> org.apache.cxf.systest.ws.kerberos.KerberosTokenTest.testKerberosOverTransport(KerberosTokenTest.java:92)
>
>
> Thanks,
> Jim
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com