I am using JCIFS with Kerberos module library (jcifs-krb5-1.3.17) in a Java application that authenticates in a Windows KDC Server and after that try to access a shared folder on network using the Kerberos ticket retrieved.
The app that I'm using is the same that is present in JCIFS website example (KerberosAuthExample.java).
When using JDK1.6, it works perfectly.
However, when I tried using JDK1.7 it returned the following exception:
jcifs.smb.SmbAuthentication: Access is denied.
I've already tried executing as a PrivilegedAction using the subject retrieved from authentication, but it returns the same result.
Is somebody facing the same problem?
Can you please help me?
Thanks in advance,
Stuchi
The way we read Kerberos keytab path is different in jdk7. below is the code for reading keytab, if we are using spring security kerberos extension.
String keyTabPath = this.keyTabLocation.getURL().toExternalForm();
if (runtimeVersion.startsWith("1.7"))
{
if (keyTabPath.startsWith("file:"))
{
keyTabPath = keyTabPath.substring(5);
}
}
For code details, read SunJaasKerberosTicketValidator:afterPropertiesSet()
JCIFS project is not active (last release in 2011) and i am not sure either it's based on JAAS standard (javax.security.auth).
Better try spring security kerberos extenstion. For more details on spring security kerberos , read chapter-12 of Spring Security3-authored by Peter Mularien.
Related
I am trying to connect my Java application to Enterprise Vault using LDAP authentication method.
spring won't provide a direct way to connect with like it provide for
TOKEN
spring.cloud.vault.uri=https:8080/vault/uri
spring.cloud.vault.namespace=admin
spring.cloud.vault.authentication=TOKEN
spring.cloud.vault.token=some-token
and APPROLE
spring.cloud.vault.uri=https:8080/vault/uri
spring.cloud.vault.namespace=admin
spring.cloud.vault.authentication=APPROLE
spring.cloud.vault.app-role.role-id=
spring.cloud.vault.app-role.secret-id=
spring.cloud.vault.app-role.role=
spring.cloud.vault.app-role.app-role-path=
Can somebody help me to connect with Enterprise Vault using LDAP method
Hi #Pramendra Raghuwanshi,
Hope this helps. https://www.vaultproject.io/docs/auth/ldap
As per this link, there are 2 options
Use Vault CLI to authenticate using a LDAP account and set the environment variable VAULT_TOKEN
Use the API, to do LDAP authentication and get the token and then set the environment variable VAULT_TOKEN
So, if you use VAULT_TOKEN variable in your Spring boot config, it should work. The authentication and setting the VAULT_TOKEN shall be a pre-requisite task before staring the Spring boot app. Something which can be automated as part of your app start up process?
Surprisingly spring cloud vault doesn't support LDAP as auth method; Even no documentation exits on why it doesn't support or constraints etc..
This standalone (https://github.com/BetterCloud/vault-java-driver) impl does support LDAP autentication but there is no community/opensource support for this.
Hi, I am trying to use single-sign on with keycloak and springboot 2 app
I got local keycloak setup realm and client.
I followed this example : spring-boot-keycloak-tutorial
This works fine, my issue is that I want to implement single sign on. Which means I don't want the user to login using keycloak login page.
If the users are logged in to the network (using Windows machine), and try to access the page, then they should be able to access the application without login because they are valid network users.
I don't seem to find an example on how to setup SSO and pass the credentials directly from windows to keycloak
You can configure your realm to use Kerberos user federation. This will enable SSO using the active directory.
See the official example page
You then need to make sure that your browser to support the SSO.
It turned out that the keycloak-spring-boot-adapter does not work for spring boot 2.0+
I changed my spring version to 1.5.3 instead of 2.0.5 and this solved the problem.
I am not sure if there is an alternative for spring boot 2.0
I am working on a Spring boot application and have received a requirement where a certain endpoint must be accessible only by authorized users that too the user must be present physically at the system serving the app. An optional case is the user could also be able to access the endpoint if the user has SSH access to the server. This makes me think that some sort of key (a file or a program) can be used to unlock the endpoint. Not being a person proficient in security, this has put me at a loss on how to implement such a feature using Spring Boot. Any help is appreciated.
Spring boot doesn't have built in support for this scenario, but what you actually need is PAM (Linux Pluggable Authentication Modules) port for java (JPam can be a good solution).
You can write your own AuthenticationProvider for spring security which will do something like this in it's validation method:
Pam pam = new Pam();
boolean authenticated = pam.authenticateSuccessful(username, password));
This library is good enough documented (pdf)
Another PAM for java solution can be found here libpam4j
I would like create an application which authenticate against an LDAP Server an the users authorities are derived from the database.I can find a complete exemple.note that i'am not familiar with Spring security . it will be great if you guide me or any one how have source code can share it with me.
In the spring sample projects on Github you will find several sample applications, have a look here.
we just started with apache shiro and it works fine in a simple jdbc or ldap based environment.
Be our requirements are the following:
Authentication of the users agains a ldap server
Roles+Permissions should be stored inside a database
Has anyone some pointers on how this can be done?
There is a different question but the example is exactly what you looking for.
How do concepts of User (UserAccount) and Realm relate in Apache Shiro?