0

How do I setup a spring ws client i.e, "WebServiceTemplate" to make requests to a service and authenticate using kerberos. The service is a spring ws endpoint on tomcat that is kerberized.

Came across the following post Spring Security Kerberos/SPNEGO Extension

Does this setup allow the spring ws client to authenticate using kerberos ?

<sec:http entry-point-ref="spnegoEntryPoint">
    <sec:intercept-url pattern="/secure/**" access="IS_AUTHENTICATED_FULLY" />
    <sec:custom-filter ref="spnegoAuthenticationProcessingFilter" position="BASIC_PROCESSING_FILTER" />
</sec:http>

<bean id="spnegoEntryPoint" class="org.springframework.security.extensions.kerberos.web.SpnegoEntryPoint" />

<bean id="spnegoAuthenticationProcessingFilter" class="org.springframework.security.extensions.kerberos.web.SpnegoAuthenticationProcessingFilter">
    <property name="authenticationManager" ref="authenticationManager" />
</bean>

<sec:authentication-manager alias="authenticationManager">
    <sec:authentication-provider ref="kerberosServiceAuthenticationProvider" />
</sec:authentication-manager>

<bean id="kerberosServiceAuthenticationProvider" class="org.springframework.security.extensions.kerberos.KerberosServiceAuthenticationProvider">
    <property name="ticketValidator">
        <bean class="org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator">
            <property name="servicePrincipal" value="HTTP/web.springsource.com" />
            <property name="keyTabLocation" value="classpath:http-web.keytab" />
        </bean>
    </property>
    <property name="userDetailsService" ref="dummyUserDetailsService" />
</bean>

<!-- Just returns the User authenticated by Kerberos and gives him the ROLE_USER -->
<bean id="dummyUserDetailsService" class="org.springframework.security.extensions.kerberos.sample.DummyUserDetailsService"/>

If I can use this to authenticate to the service using kerberos, can someone tell me the purpose of the below line. What should go into the implementation of "dummyUserDetailsService"

<bean id="dummyUserDetailsService" class="org.springframework.security.extensions.kerberos.sample.DummyUserDetailsService"/>

Also, how do I setup to make these calls over SSL

Thanks much,

ash

user290870
  • 1,591
  • 3
  • 19
  • 27

1 Answers1

0

The Spring config that you have mentioned is for setting up the web application (server side) so that it can handle the Kerberos authentication. Your question is actually about how to make a client work with the server that can do the Kerberos authentication. My advice would be to first make your server work with kerberos authentication. You can initially test it using a browser.

After that you can use a normal Java client code to connect to the server. See the following thread for more info: Simple Kerberos client in Java?

Community
  • 1
  • 1
Umesh Rajbhandari
  • 1,222
  • 9
  • 9