• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

JAAS using a keytab fails

 
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Here is my setup:
Running Java 5.
I have two J2EE app servers (a dev instance and a qual instance) on the same hardware.
I have a .jar file on each server instance that use JAAS to authenticate with another server.
The .jar files share a keytab file for the authentication.

After one of the .jar files is used by an application a few times it fails completely on both servers, and the servers have to be restarted to restore order in the universe.

In trying to troubleshoot this I wanted to remove anything shared. So, I made a copy of the keytab file and made the appropriate changes in the login.config file. Since doing that I have not been able to get either to fail.

Can someone explain to what is going on? The keytab should not have had a lock on it and no one else I know can explain it.

I'll try to find the exception and post it.

Thanks,
Tom
 
Tom Cleal
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Here is the exception. I had to replace some of the info like the app name and the package name but that should have no bearing on the explanation.

####<Aug 3, 2007 9:32:49 AM MDT> <Error> <HTTP> <MACHINE> <mserver1> <[ACTIVE] ExecuteThread: '5' for queue: 'weblogic.kernel.Default (self-tuning)'> <<WLS Kernel>> <> <> <1186155169478> <BEA-101017> <[weblogic.servlet.internal.WebAppServletContext@62b5ce2 - appName: 'APP.ear', name: '/APP', context-path: '/APP'] Root cause of ServletException.
PACKAGE_NAME.groupd.GrpException: GSSContext is null. Verify the credential cache is valid
at PACKAGE_NAME.groupd.GrpSunKerbInitiator.initContext(Unknown Source)
at PACKAGE_NAME.groupd.GrpClient.init(Unknown Source)
at PACKAGE_NAME.groupd.GrpClient.getGroups(Unknown Source)
at APP.Auth.Groupd.getGroups(Groupd.java:74)
at jsp_servlet.__advanced_search._jspService(__advanced_search.java:297)
at weblogic.servlet.jsp.JspBase.service(JspBase.java:34)
at weblogic.servlet.internal.StubSecurityHelper$ServletServiceAction.run(StubSecurityHelper.java:223)
at weblogic.servlet.internal.StubSecurityHelper.invokeServlet(StubSecurityHelper.java:125)
at weblogic.servlet.internal.ServletStubImpl.execute(ServletStubImpl.java:283)
at weblogic.servlet.internal.TailFilter.doFilter(TailFilter.java:26)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:42)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:3243)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121)
at weblogic.servlet.internal.WebAppServletContext.securedExecute(WebAppServletContext.java:2003)
at weblogic.servlet.internal.WebAppServletContext.execute(WebAppServletContext.java:1909)
at weblogic.servlet.internal.ServletRequestImpl.run(ServletRequestImpl.java:1357)
at weblogic.work.ExecuteThread.execute(ExecuteThread.java:209)
at weblogic.work.ExecuteThread.run(ExecuteThread.java:181)
>

Thanks again,
Tom
[ August 20, 2007: Message edited by: Tom Cleal ]
 
Tom Cleal
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
OK an update.

Our app server is in a clustered environment but on the same machine. Once I get an exception on one server that server will fail for everyone BUT the person before the error occurred. The other server works fine.

It is almost like it is locking between the application and the library and not letting anyone but that user on.
 
Bring me the box labeled "thinking cap" ... and then read this tiny ad:
a bit of art, as a gift, the permaculture playing cards
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic