0
私はスプリングセキュリティを使用してシングルサインオンを実装しようとしています。このアプリケーションは、IBM Websphere Application Server 8.5(IBM JDK 7)でホストされています。IBM Websphere Application Server 8.5でのSpringセキュリティKerberos認証の失敗
私は私のセキュリティ設定ファイルは次のようになります http://docs.spring.io/autorepo/docs/spring-security-kerberos/1.0.2.BUILD-SNAPSHOT/reference/htmlsingle/を通じて行ってきた
:
<sec:http entry-point-ref="spnegoEntryPoint" use-expressions="true">
<sec:intercept-url pattern="/contents/**" access="permitAll"/>
<sec:intercept-url pattern="/favicon.ico" access="permitAll"/>
<sec:intercept-url pattern="/WEB-INF/tags/**" access="permitAll"/>
<sec:intercept-url pattern="/systemuser/login**" access="permitAll"/>
<sec:intercept-url pattern="/systemuser/authentication/failure" access="permitAll"/>
<sec:intercept-url pattern="/systemuser/logout**" access="permitAll"/>
<sec:intercept-url pattern="/systemuser/405" access="permitAll"/>
<sec:intercept-url pattern="/systemuser/noscript" access="permitAll"/>
<sec:intercept-url pattern="/systemuser/**" access="isAuthenticated()"/>
<sec:form-login login-page="/systemuser/login" authentication-failure-url="/systemuser/login?error=true"
authentication-success-handler-ref="systemUserAuthenticationSuccessHandler"/>
<sec:logout logout-url="/systemuser/logout" success-handler-ref="systemUserLogoutSuccessHandler"/>
<sec:access-denied-handler error-page="/403"/>
<!-- enable csrf protection -->
<sec:csrf/>
<sec:headers/>
<sec:custom-filter ref="spnegoAuthenticationProcessingFilter"
before="BASIC_AUTH_FILTER"/>
</sec:http>
<sec:authentication-manager alias="authenticationManager">
<sec:authentication-provider ref="kerberosAuthenticationProvider"/>
<sec:authentication-provider ref="kerberosServiceAuthenticationProvider"/>
</sec:authentication-manager>
<bean id="kerberosAuthenticationProvider"
class="org.springframework.security.kerberos.authentication.KerberosAuthenticationProvider">
<property name="userDetailsService" ref="systemUserDetailsService"/>
<property name="kerberosClient">
<bean class="com.fdiapp.authentication.systemuser.service.IbmJaasKerberosClient">
<property name="debug" value="true"/>
</bean>
</property>
</bean>
<bean id="spnegoEntryPoint"
class="org.springframework.security.kerberos.web.authentication.SpnegoEntryPoint">
<constructor-arg value="/systemuser/login"/>
</bean>
<bean id="spnegoAuthenticationProcessingFilter"
class="org.springframework.security.kerberos.web.authentication.SpnegoAuthenticationProcessingFilter">
<property name="authenticationManager" ref="authenticationManager"/>
<property name="successHandler" ref="systemUserAuthenticationSuccessHandler"/>
<property name="failureHandler" ref="systemUserAuthenticationFailureHandler"/>
</bean>
<bean id="kerberosServiceAuthenticationProvider"
class="org.springframework.security.kerberos.authentication.KerberosServiceAuthenticationProvider">
<property name="ticketValidator">
<bean
class="com.fdiapp.authentication.systemuser.service.IbmJaasKerberosTicketValidator">
<property name="servicePrincipal" value="HTTP/MYDOMAIN"/>
<property name="keyTabLocation" value="/WEB-INF/keyfile/hbdap-hkkdd001.keytab"/>
<property name="debug" value="true"/>
</bean>
</property>
<property name="userDetailsService" ref="systemUserDetailsService"/>
</bean>
<bean id="systemUserDetailsService"
class="com.fdiapp.authentication.systemuser.service.SystemUserDetailsService"/>
<bean id="systemUserAuthenticationSuccessHandler"
class="com.fdiapp.authentication.handler.SystemUserAuthenticationSuccessHandler"/>
<bean id="systemUserLogoutSuccessHandler"
class="com.fdiapp.authentication.handler.SystemUserLogoutSuccessHandler"/>
<bean id="systemUserAuthenticationFailureHandler"
class="com.fdiapp.authentication.handler.SystemUserAuthenticationFailureHandler"/>
Kerberosクライアント:
public class IbmJaasKerberosClient implements KerberosClient {
private boolean debug = true;
private static final Log LOG = LogFactory.getLog(IbmJaasKerberosClient.class);
@Override
public String login(String username, String password) {
LOG.debug("Trying to authenticate " + username + " with Kerberos");
String validatedUsername;
try {
LoginContext loginContext = new LoginContext("", null, new KerberosClientCallbackHandler(username, password),
new LoginConfig(this.debug));
loginContext.login();
if (LOG.isDebugEnabled()) {
LOG.debug("Kerberos authenticated user: "+loginContext.getSubject());
}
validatedUsername = loginContext.getSubject().getPrincipals().iterator().next().toString();
loginContext.logout();
} catch (LoginException e) {
if(LOG.isDebugEnabled()){
LOG.error(e.getMessage());
}
throw new BadCredentialsException("Kerberos authentication failed", e);
}
return validatedUsername;
}
public void setDebug(boolean debug) {
this.debug = debug;
}
private static class LoginConfig extends Configuration {
private boolean debug;
public LoginConfig(boolean debug) {
super();
this.debug = debug;
}
@Override
public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
HashMap<String, String> options = new HashMap<String, String>();
options.put("credsType", "acceptor");
if (debug) {
options.put("debug", "true");
}
return new AppConfigurationEntry[] { new AppConfigurationEntry("com.ibm.security.auth.module.Krb5LoginModule",
AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options), };
}
}
private static class KerberosClientCallbackHandler implements CallbackHandler {
private String username;
private String password;
public KerberosClientCallbackHandler(String username, String password) {
this.username = username;
this.password = password;
}
@Override
public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
for (Callback callback : callbacks) {
if (callback instanceof NameCallback) {
NameCallback ncb = (NameCallback) callback;
ncb.setName(username);
} else if (callback instanceof PasswordCallback) {
PasswordCallback pwcb = (PasswordCallback) callback;
pwcb.setPassword(password.toCharArray());
} else {
throw new UnsupportedCallbackException(callback, "We got a " + callback.getClass().getCanonicalName()
+ ", but only NameCallback and PasswordCallback is supported");
}
}
}
}
}
Kererosチケットバリ:
public class IbmJaasKerberosTicketValidator implements KerberosTicketValidator, InitializingBean {
private String servicePrincipal;
private Resource keyTabLocation;
private Subject serviceSubject;
private boolean holdOnToGSSContext;
private boolean debug = true;
private static final Log LOG = LogFactory.getLog(IbmJaasKerberosTicketValidator.class);
@Override
public KerberosTicketValidation validateTicket(byte[] token) {
try {
return Subject.doAs(this.serviceSubject, new KerberosValidateAction(token));
}
catch (PrivilegedActionException e) {
throw new BadCredentialsException("Kerberos validation not successful", e);
}
}
@Override
public void afterPropertiesSet() throws Exception {
Assert.notNull(this.servicePrincipal, "servicePrincipal must be specified");
Assert.notNull(this.keyTabLocation, "keyTab must be specified");
if (keyTabLocation instanceof ClassPathResource) {
LOG.warn("Your keytab is in the classpath. This file needs special protection and shouldn't be in the classpath. JAAS may also not be able to load this file from classpath.");
}
String keyTabLocationAsString = this.keyTabLocation.getURL().toExternalForm();
// We need to remove the file prefix (if there is one), as it is not supported in Java 7 anymore.
// As Java 6 accepts it with and without the prefix, we don't need to check for Java 7
if (keyTabLocationAsString.startsWith("file:"))
{
keyTabLocationAsString = keyTabLocationAsString.substring(5);
}
LoginConfig loginConfig = new LoginConfig(keyTabLocationAsString, this.servicePrincipal,
this.debug);
Set<Principal> princ = new HashSet<Principal>(1);
princ.add(new KerberosPrincipal(this.servicePrincipal));
Subject sub = new Subject(false, princ, new HashSet<Object>(), new HashSet<Object>());
LoginContext lc = new LoginContext("", sub, null, loginConfig);
lc.login();
this.serviceSubject = lc.getSubject();
}
/**
* The service principal of the application.
* For web apps this is <code>HTTP/[email protected]</code>.
* The keytab must contain the key for this principal.
*
* @param servicePrincipal service principal to use
* @see #setKeyTabLocation(Resource)
*/
public void setServicePrincipal(String servicePrincipal) {
this.servicePrincipal = servicePrincipal;
}
/**
* <p>The location of the keytab. You can use the normale Spring Resource
* prefixes like <code>file:</code> or <code>classpath:</code>, but as the
* file is later on read by JAAS, we cannot guarantee that <code>classpath</code>
* works in every environment, esp. not in Java EE application servers. You
* should use <code>file:</code> there.
*
* This file also needs special protection, which is another reason to
* not include it in the classpath but rather use <code>file:/etc/http.keytab</code>
* for example.
*
* @param keyTabLocation The location where the keytab resides
*/
public void setKeyTabLocation(Resource keyTabLocation) {
this.keyTabLocation = keyTabLocation;
}
/**
* Enables the debug mode of the JAAS Kerberos login module.
*
* @param debug default is false
*/
public void setDebug(boolean debug) {
this.debug = debug;
}
/**
* Determines whether to hold on to the {@link GSSContext GSS security context} or
* otherwise {@link GSSContext#dispose() dispose} of it immediately (the default behaviour).
* <p>Holding on to the GSS context allows decrypt and encrypt operations for subsequent
* interactions with the principal.
*
* @param holdOnToGSSContext true if should hold on to context
*/
public void setHoldOnToGSSContext(boolean holdOnToGSSContext) {
this.holdOnToGSSContext = holdOnToGSSContext;
}
/**
* This class is needed, because the validation must run with previously generated JAAS subject
* which belongs to the service principal and was loaded out of the keytab during startup.
*/
private class KerberosValidateAction implements PrivilegedExceptionAction<KerberosTicketValidation> {
byte[] kerberosTicket;
public KerberosValidateAction(byte[] kerberosTicket) {
this.kerberosTicket = kerberosTicket;
}
@Override
public KerberosTicketValidation run() throws Exception {
byte[] responseToken = new byte[0];
GSSName gssName = null;
GSSContext context = GSSManager.getInstance().createContext((GSSCredential) null);
boolean first = true;
while (!context.isEstablished()) {
if (first) {
kerberosTicket = tweakJdkRegression(kerberosTicket);
}
responseToken = context.acceptSecContext(kerberosTicket, 0, kerberosTicket.length);
gssName = context.getSrcName();
if (gssName == null) {
throw new BadCredentialsException("GSSContext name of the context initiator is null");
}
first = false;
}
if (!holdOnToGSSContext) {
context.dispose();
}
return new KerberosTicketValidation(gssName.toString(), servicePrincipal, responseToken, context);
}
}
/**
* Normally you need a JAAS config file in order to use the JAAS Kerberos Login Module,
* with this class it is not needed and you can have different configurations in one JVM.
*/
private static class LoginConfig extends Configuration {
private String keyTabLocation;
private String servicePrincipalName;
private boolean debug;
public LoginConfig(String keyTabLocation, String servicePrincipalName, boolean debug) {
this.keyTabLocation = keyTabLocation;
this.servicePrincipalName = servicePrincipalName;
this.debug = debug;
}
@Override
public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
HashMap<String, String> options = new HashMap<String, String>();
options.put("useKeytab", this.keyTabLocation);
options.put("principal", this.servicePrincipalName);
options.put("credsType", "acceptor");
if (this.debug) {
options.put("debug", "true");
}
return new AppConfigurationEntry[] { new AppConfigurationEntry("com.ibm.security.auth.module.Krb5LoginModule",
AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, options), };
}
}
private static byte[] tweakJdkRegression(byte[] token) throws GSSException {
if (token == null || token.length < 48) {
return token;
}
int[] toCheck = new int[] { 0x06, 0x09, 0x2A, 0x86, 0x48, 0x82, 0xF7, 0x12, 0x01, 0x02, 0x02, 0x06, 0x09, 0x2A,
0x86, 0x48, 0x86, 0xF7, 0x12, 0x01, 0x02, 0x02 };
for (int i = 0; i < 22; i++) {
if ((byte) toCheck[i] != token[i + 24]) {
return token;
}
}
byte[] nt = new byte[token.length];
System.arraycopy(token, 0, nt, 0, 24);
System.arraycopy(token, 35, nt, 24, 11);
System.arraycopy(token, 24, nt, 35, 11);
System.arraycopy(token, 46, nt, 46, token.length - 24 - 11 - 11);
return nt;
}
}
私は、次のエラーメッセージ取得しています:java.security.PrivilegedActionException:によって引き起こさ
[8/11/16 11:33:59:201 HKT] 000000c4 SpnegoAuthent W org.springframework.security.kerberos.web.authentication.SpnegoAuthenticationProcessingFilter doFilter Negotiate Header was invalid: Negotiate YIIH7gYGKwYBBQUCoIIH4jCCB96gMDAuBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICHgYKKwYBBAGCNwICCqKCB6gEggekYIIHoAYJKoZIhvcSAQICAQBuggePMIIHi6ADAgEFoQMCAQ6iBwMFACAAAACjggYjYYIGHzCCBhugAwIBBaESGxBIQkFQLkFEUk9PVC5IU0JDoiMwIaADAgECoRowGBsESFRUUBsQYmRmZGl3ZWIuaGsuaHNiY6OCBdkwggXVoAMCARehAwIBBqKCBccEggXDQGLqPfkN7NB70wA794JtYhl1p8tBNq2T9bF0T0crDWlj8n0H4IEUrncX6cn55JOjSyrmdLKMJxJaBnXiZoWzTUWMZG+iGu1EFw1JAZjpsAN1ahNCffWs9BqS8Gtmf2Ti03HTZhE756NKjtgPD4ZbDxFoNiLmtAZcunoefULV7XksZpBYHD7ZnSemybiMClJrVkXvX/cTD6V0ufNsvqC2GpYgTbhScIzNpY4M2ErZztdoIm7Vl8u9TQ+sb7WfDFaTrt6/+Vhm6CDublHskif7NEUojmtvIAG8A/7wHi65CZAy/6O8X7UkU0elG4geS6IGdR0BpeDz+m3vaI5neiAifFunEJPKtSbBzCl45AVGVtJU+I8Mq0WPUof7QbDBFeIO79f3UPVME6AwAfItT5bA3e1xJIh0GdiRI7wDvt5vILlASEpVh5YAc/YOjNMaxMvnqRphBJydlCxSZ5c77JQPl7liAaWQGijWuCpO6a0OTFzEUTDqKNwQuu2MPOljr4Bknq5AyZ+N4kMzET9dxktpZT8iqQD4DCApiJhMmCrXe+dByhoOs5rHLwLzBFE+dlob6wlSZcweRx/fSJeF8QilAy5/fbm8oX7habqMq13YHh8ipxBmJlDvJZrYbYaK+L6m5EMB/cMZgLNZCYzNdd+zFkR7QcTlpACECO0vn2QPrnV5kibMrU4L3Onp78vHKy+1hJn/7wbaygeTt7zBbxqFV/t3pCluvhZeSW5ziGUkN8r/8fWmPtn9Z9wD43IzQpFKf0hbSIVbSXfsu6DIT9ydjhKX/7UL6En9BNDn9Tbqz2KU5CxH4byAx48FksCZowsSXqjoyEnmdtImE86fEMTqgJSBnJqRsyn5J0IWy2ALxwRpA9IXsDo778ctV9E4lkEAkwxLj6nwtXkUi8VFI5XeLllIX7Bu2kLfYds2K1h3mOxLcv8OEoj/skEmxO6p5Lv2vcKl+gH2tbspxpwD7i7v1cLqlXVGf4aYKPs6j4E6YW5baZ+nNbUxzSOCc6+H7QI7I4xwyNDCEEG0xGiAqrvc3CS7QLfgoSzREayMz+0QAl2FlyT57C5Kh2I41XWpFohGlHmxpSfToiGbhaF37qLbEzBEqv77t1IIHw63nMJZEdTktqdwUN4qgRMMkHinjvhjWTJF6mNDgbHbxNLynX2YG/ebSxlPUEEgf1an0mBKTS8qJc6F+usPajeGYM+pJO4eWQqKmPGHjkDL3+hoDOJ1MP1t+rtWxmbvIBpdOJ5pzXzgV4KvSTFc4SrYBSOWYQl9VddCGKzr0uzGO2RMEnm6lNooRHXdch2zKrr6zED34Wjp1penLw4+n+H3T74Nan4lFz2Ppmq3EXc39dBGhSB0Y45pcLYPXP/ip9npw+MK1bofH0bqCSRq6bzC72Pm1pD5v1LL2rtrhbo58c+w95m12KQ4etPwlhD2Znss+dpcuFCZfnCSG5fT1kVaGBVrjWiFAy93omjld1G2LO7zGmA6CWaVYEmaC3BOHqmHRLr6300z4HT71n7i6DRg4jvwF5InbQq5O2PEuoYIl+uDa8pfErUPjh53KvoEOzVdaW8moLC8PalPt3N7R8oiNXvOW2fc7dGnbFaT5KavkUFcz1zYEXYL+WQB8MsMGJH0iwAk7MLO8e7GA4RCktSnIrA6n67dA0J/vlkcCM8WF/xrYeJgf5CZJMfRdlPVI+7nhdKWJtIPoy5IFjO3mW27PftXAJLIt8JyqCIJZbvvGP8fMgIpPslTFoav+MQ5SLFCwLra5ulEMKu3Lk3w9NETFaBQtmQHwgrc33+Ci9RPKDxvItxq7qx4UxCW287+3O/+ihozwrGBfepncH4m5NTdC9dgd+nvADplXFFoAasL7ffqO+0gABBWR+SSfj7rw2GW8JiDxc8TpeZriVoqzuoelsVxLkfIziIlBPsD89uv/dPmD75RPlDfABRPg2VCV1hV/8TrZzAbV4OkggFNMIIBSaADAgEXooIBQASCATy0A+HrORiz1Q9qaXPtQEQfD9fXQlLQWWFVVIBMHGu0f+goJYpJoLFDkfqTf0+wgyTuspdXaRWeUb3qlnEd3Vf6CCsrUzcuD5DyfFOpmSSGa9nOehaBAIUPcM+U8xWODQ5VZBUbLmUA1LzgwTW8Y/Sd95Tvo8ToGzBESzLquXj5CTgiXGqhlQPgAohuiAULg2C9mPaL+1tvVVlckjwHHxA14esHrfHvG254EmP7GPpmhAqo431oTF2lG5vXszIH6bFNcvw+HQAj9UtIVX59ZRqtIuJiAtjLrCXwHYmo8nZKtd0HWlvIHaviOaDts9DcxLzpekt7JFdt3lFUW0zePRQ3H4Byuvtd0Mpk8z1uwhnyj19xc7vgBaUBSu0M+k6FuMRur2ZKK2wZTjZDLOhlLgStVA+lwWFaVqdCgzTb
org.springframework.security.authentication.BadCredentialsException: Kerberos validation not successful
at com.fdiapp.authentication.systemuser.service.IbmJaasKerberosTicketValidator.validateTicket(IbmJaasKerberosTicketValidator.java:50)
at org.springframework.security.kerberos.authentication.KerberosServiceAuthenticationProvider.authenticate(KerberosServiceAuthenticationProvider.java:64)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
at org.springframework.security.kerberos.web.authentication.SpnegoAuthenticationProcessingFilter.doFilter(SpnegoAuthenticationProcessingFilter.java:145)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:199)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:110)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:85)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:57)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:50)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)
at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:192)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:160)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:344)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:261)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:195)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:91)
at org.springframework.web.multipart.support.MultipartFilter.doFilterInternal(MultipartFilter.java:118)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107)
at com.ibm.ws.webcontainer.filter.FilterInstanceWrapper.doFilter(FilterInstanceWrapper.java:195)
at com.ibm.ws.webcontainer.filter.WebAppFilterChain.doFilter(WebAppFilterChain.java:91)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.doFilter(WebAppFilterManager.java:967)
at com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:1107)
at com.ibm.ws.webcontainer.servlet.CacheServletWrapper.handleRequest(CacheServletWrapper.java:87)
at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:940)
at com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.java:1817)
at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:200)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:463)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewRequest(HttpInboundLink.java:530)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.processRequest(HttpInboundLink.java:316)
at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java:287)
at com.ibm.io.async.AsyncChannelFuture$1.run(AsyncChannelFuture.java:205)
at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1881)
org.ietf.jgss.GSSExceptionの、メジャーコード:13、マイナーをコード:0 メジャー文字列:無効な資格情報 マイナー文字列:メカニズム1.3.6.1.5.5.2のメカニズム資格情報を取得できません java.security.AccessController.doPrivileged(AccessController.java:458) javax.security.auth.Subject.doAs(Subject.java:572) atcom.fdiapp.authentication.systemuser.service.IbmJaasKerberosTicketValidator.validateTicket(IbmJaasKerberosTicketValidator.java:47)で
誰も私が作ることができますどのように私を提案でした上記の設定は実行可能ですか?
または 私が認証できるように、spnとketabファイルを使用して、ネゴシエートヘッダーからユーザーを取得するにはどうすればよいですか。