JDK 7.0 and Spnego Extension don't work!

[zbhiwandiwala]

We have upgraded our JDk to 7.0, spring security to 3.1.1 and upgraded kerberos extensions to 1.0.0.M2.

We first had to patch M2 extensions for the Base64 encoder.

Now after tons of debugging we figured out it was not using the keytab at all, since java 7 has new code logic when the isInitator flag is set to false, it does not read any of the stuff we have configured for KerberosAuthenticationProvider.

That had to be changed in the LoginConfig class of SunJaasTicketValidator class, so now we pass in the flag as true.
Inspite of that the service principal name is NOT found in the keytab. Can anyone please help us out in this regard, we have pretty much tried all type of things to make it work.

At this point it seem the spengo extension seems useless with respect to jdk 7.0.

[aehrensberger]

Agreed - I too have been trying to get the spring extension to work with JDK 7 and have had no success.

Would be nice if someone 'in the know' could confirm that it has indeed been tested and verified with JDK 7?

[aehrensberger]

How does this thread have 69 views but only one reply?

Has anybody had success with kerberos, spring and jdk 7 at all? Has anybody else tried it?

[zbhiwandiwala]

Here is a link to a post from October 26 2012 on stackoverflow.

http://stackoverflow.com/questions/1...cess-is-denied

Clearly this is busted. Can one of the spring moderators or the developers of the extension please verify this?

[Rob Winch]

As unfortunate as it is, the Spring Security Kerberos extension has not recieved much attention. As an extension, it was donated and maintained entirely by the community. In all honesty, I have not used the extension with Java 7 so I cannot really comment much further. If you find specific issues, please do log them in the JIRA. If you find solutions to the problems please do submit pull requests.