Skip navigation
rodakr

Configure SPNEGO on AS 7.x

Posted by rodakr Dec 19, 2011

For more Information read this:

http://community.jboss.org/docs/DOC-16876

 

 

Server Side ( standalone.xml )

 

/etc/krb5.keytab

User needs read right on this file. ( how to create this is same as in AS 5.1 .. )

 

rpm's :

 

libgssapi.i386

libgsasl.i386

 

Some Parameters for AS7 JVM ( tested with Java 6 )

 

-Djavax.security.auth.useSubjectCredsOnly=false  -Dsun.security.jgss.native=true -Dsun.security.jgss.lib=/usr/lib/libgssapi.so.2


Optional Debug Options : -Djavax.net.debug=true -Dsun.security.krb5.debug=true

..

..

 

<subsystem xmlns="urn:jboss:domain:security:1.1">
<security-domains>
<security-domain name="host" cache-type="default">
<authentication>
<login-module code="com.sun.security.auth.module.Krb5LoginModule"
flag="required">

    <module-option name="debug" value="true"/>
<module-option name="principal"
value="HTTP/myserver.myServerDomain.com@MyWindowsDomain.com"/>
<module-option name="storeKey" value="true"/>
<module-option name="useKeyTab" value="true"/>
<module-option name="doNotPrompt" value="true"/>
<module-option name="keyTab" value="/etc/krb5.keytab"/>
</login-module>
</authentication>

</security-domain>
<security-domain
name="SPNEGO" cache-type="default">
<authentication>
<login-module code="org.jboss.security.negotiation.spnego.SPNEGOLoginModule"
flag="requisite">
<module-option name="password-stacking" value="useFirstPass"/>
  <module-option name="serverSecurityDomain" value="host"/>
<module-option name="removeRealmFromPrincipal" value="true"/>
</login-module>
</authentication>
</security-domain>

 

 

..

..

 

In you Web App ( WAR )

 

  • Add to your Application Delivery WAR/WEB-INF/jboss-web.xml

This is needed so Web Container support Negotiation Authentication:


<jboss-web>
<security-domain>java:/jaas/SPNEGO</security-domain>
<valve>
  <class-name>org.jboss.security.negotiation.NegotiationAuthenticator</class-name>
</valve>

   <jacc-star-role-allow>true</jacc-star-role-allow>
</jboss-web>


  • Add to your Application Delivery WAR/WEB-INF/web.xml


<security-constraint>
<display-name>Security Constraint on Conversation
</display-name>

       <web-resource-collection>
<web-resource-name>examplesWebApp</web-resource-name>
  <url-pattern>/*</url-pattern>
  <http-method>GET</http-method>
  <http-method>POST</http-method>
</web-resource-collection>

<auth-constraint>
<role-name>RequiredRole</role-name>
</auth-constraint>
</security-constraint>


<login-config>
<auth-method>SPNEGO</auth-method>
<realm-name>SPNEGO</realm-name>
</login-config>

 

    <security-role>
<description> role required to log in to the Application   </description>
<role-name>RequiredRole</role-name>
</security-role>

 

Enjoy Login to you Web Application using your Windows Login...

Filter Blog