How to access kerberos SPNEGO authenticated resource using spring rest template

Question

I am running into issues while trying to access kerberos SPNEGO authenticated resource using spring rest client. I am using KerberosRestTemplate.

From the docs

Leave keyTabLocation and userPrincipal empty if you want to use cached ticket.

But while I try with invoking the parameterless constructor

this.kerberosRestTemplate = new KerberosRestTemplate();

And try to access to the protected resource it fails with the following error:

org.springframework.web.client.RestClientException: Error running rest call; nested exception is java.lang.IllegalArgumentException: Null name not allowed
    at org.springframework.security.kerberos.client.KerberosRestTemplate.doExecute(KerberosRestTemplate.java:196) 
    at org.springframework.web.client.RestTemplate.execute(RestTemplate.java:538) 
    at org.springframework.web.client.RestTemplate.getForObject(RestTemplate.java:245) 
Caused by: java.lang.IllegalArgumentException: Null name not allowed
        at sun.security.krb5.PrincipalName.<init>(PrincipalName.java:356) ~[?:1.7.0_67]
        at javax.security.auth.kerberos.KerberosPrincipal.<init>(KerberosPrincipal.java:123) ~[?:1.7.0_67]
        at org.springframework.security.kerberos.client.KerberosRestTemplate.doExecute(KerberosRestTemplate.java:182)

What am I doing wrong here?

Answer 1

Please try these spring-security-kerberos. I think you are missing basic configuration which can be achieved either via xml or java configuration based .

Can also try following options:

1. Use loginOptions if you want to customise Krb5LoginModule options.
2. Use a customised httpClient.

Answer 2

Just call the constructor with null for keyTabLocation and any non-empty string for userPrincipal, like this:

 KerberosRestTemplate restTemplate = new KerberosRestTemplate(null,"-");