Kerberos spring javax.security.auth.login.LoginException: Unable to get password from user
I am implementing kerberos authentication in an existing spring java application. My unix team provided me with the SPN file, krb5.conf and keytab. I am trying with code and configuration, but cannot get the password from the custom exception as in the attached logs below.
Can anyone please fix me if I am doing something wrong or what might go wrong? Let me know if you need more information on this. It would be nice if someone can tell me how to check if the keberos configuration is correct or not?
Here's what I've tried. I use:
- JDK 1.6
- spring-security-kerberos-core-1.0.0.M2.jar
- spring-security-core-3.0.1.RELEASE.jar
- spring-security-config-3.0.1.RELEASE.jar
- spring-websecurity 3.0.1.RELEASE.jar
My security-config.xml:
<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:util="http://www.springframework.org/schema/util"
xmlns:beans="http://www.springframework.org/schema/beans"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/util
http://www.springframework.org/schema/util/spring-util-3.0.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.0.xsd">
<beans:bean class="com.ci.util.TrimmingPropertyPlaceholderConfigurer">
<beans:property name="searchSystemEnvironment" value="true" />
<beans:property name="locations">
<beans:list>
<beans:value>file:${install.home}/config/application.properties
</beans:value>
<beans:value>file:${install.home}/config/environment.properties
</beans:value>
</beans:list>
</beans:property>
</beans:bean>
<http entry-point-ref="spnegoEntryPoint" auto-config="false">
<intercept-url pattern="/selectBlacklisting*" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<intercept-url pattern="/j_spring_security_check*" access="IS_AUTHENTICATED_ANONYMOUSLY"/>
<intercept-url pattern="/**" access="IS_AUTHENTICATED_FULLY" />
<custom-filter ref="spnegoAuthenticationProcessingFilter" position="BASIC_AUTH_FILTER" />
<form-login login-page="/selectBlacklisting.form" default-target-url="/" always-use-default-target="true"/>
</http>
<authentication-manager alias="authenticationManager">
<authentication-provider ref="kerberosServiceAuthenticationProvider" />
<authentication-provider ref="kerberosAuthenticationProvider"/>
</authentication-manager>
<beans:bean id="spnegoEntryPoint"
class="org.springframework.security.extensions.kerberos.web.SpnegoEntryPoint" />
<beans:bean id="spnegoAuthenticationProcessingFilter"
class="org.springframework.security.extensions.kerberos.web.SpnegoAuthenticationProcessingFilter">
<beans:property name="authenticationManager" ref="authenticationManager" />
</beans:bean>
<beans:bean id="kerberosServiceAuthenticationProvider"
class="org.springframework.security.extensions.kerberos.KerberosServiceAuthenticationProvider">
<beans:property name="ticketValidator">
<beans:bean
class="org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator">
<beans:property name="servicePrincipal" value="${servicePrincipal.url}"/>
<beans:property name="keyTabLocation" value="${keyTabLocation.url}" />
<beans:property name="debug" value="true"/>
</beans:bean>
</beans:property>
<beans:property name="userDetailsService" ref="dummyUserDetailsService" />
</beans:bean>
<beans:bean id="kerberosAuthenticationProvider" class="org.springframework.security.extensions.kerberos.KerberosAuthenticationProvider">
<beans:property name="kerberosClient">
<beans:bean class="org.springframework.security.extensions.kerberos.SunJaasKerberosClient">
<beans:property name="debug" value="true" />
</beans:bean>
</beans:property>
<beans:property name="userDetailsService" ref="dummyUserDetailsService" />
</beans:bean>
<beans:bean class="org.springframework.security.extensions.kerberos.GlobalSunJaasKerberosConfig">
<beans:property name="debug" value="true" />
<beans:property name="krbConfLocation" value="${krbConfLocation.url}" />
</beans:bean>
<beans:bean id="dummyUserDetailsService" class="com.ci.manager.interceptor.DummyUserDetailService"/>
</beans:beans>
Property values ββused in the above security-config.xml:
servicePrincipal.url=HTTP/xyzcard-sit1.systems.private@SYSTEMS.PRIVATE
keyTabLocation.url=file:/MY_APP_ITE3/appmanager/50.T0.17/config/xyzcard-sit1.keytab
krbConfLocation.url=/etc/krb5/krb5.conf
My DummyUserDetailService:
public class DummyUserDetailService implements UserDetailsService {
private static final Logger LOGGER = Logger.getLogger(DummyUserDetailService.class);
public DummyUserDetailService(){
LOGGER.info("DummyUserDetailService constructor called>>>>>>>>>");
}
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
LOGGER.info("loadUserByUsername method called>>>>>>>>>"+username);
LOGGER.info("loadUserByUsername method called>AuthorityUtils.createAuthorityList>>>>>>>>"+AuthorityUtils.createAuthorityList("ROLE_USER"));
return new User(username, "notUsed",true, true, true, true, AuthorityUtils.createAuthorityList("ROLE_USER"));
}
}
My web.xml:
<web-app xmlns="http://java.sun.com/xml/ns/j2ee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd"
version="2.4">
<display-name>Customer Intelligence Management Tool</display-name>
<distributable/>
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>
org.springframework.web.filter.DelegatingFilterProxy
</filter-class>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>/WEB-INF/security-config.xml</param-value>
</context-param>
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<servlet>
<servlet-name>app-manager</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/applicationContext.xml,
/WEB-INF/app-manager-servlet.xml
</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>app-manager</servlet-name>
<url-pattern>*.form</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>15</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>/WEB-INF/jsp/index.jsp</welcome-file>
</welcome-file-list>
<error-page>
<error-code>500</error-code>
<location>/WEB-INF/jsp/Error.jsp</location>
</error-page>
<error-page>
<error-code>404</error-code>
<location>/WEB-INF/jsp/FileNotFound.jsp</location>
</error-page>
</web-app>
Application logs showing exception:
015-04-20 13:07:42 ERROR org.springframework.web.context.ContextLoader[ContextLoader.java:219(initWebApplicationContext)] - Context initialization failed
org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.authentication.ProviderManager#0': Cannot create inner bean '(inner bean)' of type [org.springframework.security.config.authentication.AuthenticationManagerFactoryBean] while setting bean property 'parent'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name '(inner bean)': FactoryBean threw exception on object creation; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.authenticationManager': Cannot resolve reference to bean 'kerberosServiceAuthenticationProvider' while setting bean property 'providers' with key [0]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'kerberosServiceAuthenticationProvider' defined in ServletContext resource [/WEB-INF/security-config.xml]: Cannot create inner bean 'org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator#6e41b5' of type [org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator] while setting bean property 'ticketValidator'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator#6e41b5' defined in ServletContext resource [/WEB-INF/security-config.xml]: Invocation of init method failed; nested exception is javax.security.auth.login.LoginException: Unable to obtain password from user
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveInnerBean(BeanDefinitionValueResolver.java:281)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:125)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1308)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1067)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:511)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:450)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:290)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:287)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:189)
at org.springframework.beans.factory.support.DefaultListableBeanFactory.preInstantiateSingletons(DefaultListableBeanFactory.java:562)
at org.springframework.context.support.AbstractApplicationContext.finishBeanFactoryInitialization(AbstractApplicationContext.java:871)
at org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:423)
at org.springframework.web.context.ContextLoader.createWebApplicationContext(ContextLoader.java:272)
at org.springframework.web.context.ContextLoader.initWebApplicationContext(ContextLoader.java:196)
at org.springframework.web.context.ContextLoaderListener.contextInitialized(ContextLoaderListener.java:47)
at org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:3764)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4216)
at org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:760)
at org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:740)
at org.apache.catalina.core.StandardHost.addChild(StandardHost.java:544)
at org.apache.catalina.startup.HostConfig.deployWAR(HostConfig.java:825)
at org.apache.catalina.startup.HostConfig.deployWARs(HostConfig.java:714)
at org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:490)
at org.apache.catalina.startup.HostConfig.start(HostConfig.java:1138)
at org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:311)
at org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:120)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1022)
at org.apache.catalina.core.StandardHost.start(StandardHost.java:736)
at org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1014)
at org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
at org.apache.catalina.core.StandardService.start(StandardService.java:448)
at org.apache.catalina.core.StandardServer.start(StandardServer.java:700)
at org.apache.catalina.startup.Catalina.start(Catalina.java:552)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:295)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:433)
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name '(inner bean)': FactoryBean threw exception on object creation; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.authenticationManager': Cannot resolve reference to bean 'kerberosServiceAuthenticationProvider' while setting bean property 'providers' with key [0]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'kerberosServiceAuthenticationProvider' defined in ServletContext resource [/WEB-INF/security-config.xml]: Cannot create inner bean 'org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator#6e41b5' of type [org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator] while setting bean property 'ticketValidator'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator#6e41b5' defined in ServletContext resource [/WEB-INF/security-config.xml]: Invocation of init method failed; nested exception is javax.security.auth.login.LoginException: Unable to obtain password from user
at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:150)
at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.getObjectFromFactoryBean(FactoryBeanRegistrySupport.java:109)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveInnerBean(BeanDefinitionValueResolver.java:274)
... 39 more
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.authenticationManager': Cannot resolve reference to bean 'kerberosServiceAuthenticationProvider' while setting bean property 'providers' with key [0]; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'kerberosServiceAuthenticationProvider' defined in ServletContext resource [/WEB-INF/security-config.xml]: Cannot create inner bean 'org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator#6e41b5' of type [org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator] while setting bean property 'ticketValidator'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator#6e41b5' defined in ServletContext resource [/WEB-INF/security-config.xml]: Invocation of init method failed; nested exception is javax.security.auth.login.LoginException: Unable to obtain password from user
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:328)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:106)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveManagedList(BeanDefinitionValueResolver.java:355)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:153)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1308)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1067)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:511)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:450)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:290)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:287)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:189)
at org.springframework.security.config.authentication.AuthenticationManagerFactoryBean.getObject(AuthenticationManagerFactoryBean.java:27)
at org.springframework.security.config.authentication.AuthenticationManagerFactoryBean.getObject(AuthenticationManagerFactoryBean.java:20)
at org.springframework.beans.factory.support.FactoryBeanRegistrySupport.doGetObjectFromFactoryBean(FactoryBeanRegistrySupport.java:143)
... 41 more
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'kerberosServiceAuthenticationProvider' defined in ServletContext resource [/WEB-INF/security-config.xml]: Cannot create inner bean 'org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator#6e41b5' of type [org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator] while setting bean property 'ticketValidator'; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator#6e41b5' defined in ServletContext resource [/WEB-INF/security-config.xml]: Invocation of init method failed; nested exception is javax.security.auth.login.LoginException: Unable to obtain password from user
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveInnerBean(BeanDefinitionValueResolver.java:281)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveValueIfNecessary(BeanDefinitionValueResolver.java:120)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.applyPropertyValues(AbstractAutowireCapableBeanFactory.java:1308)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1067)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:511)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:450)
at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:290)
at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:222)
at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:287)
at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:189)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveReference(BeanDefinitionValueResolver.java:322)
... 55 more
Caused by: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator#6e41b5' defined in ServletContext resource [/WEB-INF/security-config.xml]: Invocation of init method failed; nested exception is javax.security.auth.login.LoginException: Unable to obtain password from user
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1403)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:513)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:450)
at org.springframework.beans.factory.support.BeanDefinitionValueResolver.resolveInnerBean(BeanDefinitionValueResolver.java:270)
... 65 more
Caused by: javax.security.auth.login.LoginException: Unable to obtain password from user
at com.sun.security.auth.module.Krb5LoginModule.promptForPass(Krb5LoginModule.java:789)
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:654)
at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:542)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$5.run(LoginContext.java:706)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokeCreatorPriv(LoginContext.java:703)
at javax.security.auth.login.LoginContext.login(LoginContext.java:575)
at org.springframework.security.extensions.kerberos.SunJaasKerberosTicketValidator.afterPropertiesSet(SunJaasKerberosTicketValidator.java:125)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1460)
at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1400)
... 68 more
Server logs:
Apr 22, 2015 8:29:38 AM org.apache.catalina.loader.WebappClassLoader validateJarFile
INFO: validateJarFile(/MY_APP_ITE3/appmanager/50.T0.17/catalina_base/work/Catalina/localhost/app-manager/WEB-INF/lib/j2ee-1.4.jar) - jar not loaded. See Servlet Spec 2.3, section 9.7.2. Offending class: javax/servlet/Servlet.class
Debug is true storeKey true useTicketCache false useKeyTab true doNotPrompt true ticketCache is null isInitiator false KeyTab is file:/MY_APP_ITE3/appmanager/50.T0.17/catalina_base/conf/xyzcard-sit1.keytab refreshKrb5Config is false principal is HTTP/xyzcard-sit1.systems.private@SYSTEMS.PRIVATE tryFirstPass is false useFirstPass is false storePass is false clearPass is false
>>> KeyTabInputStream, readName(): SYSTEMS.PRIVATE
>>> KeyTabInputStream, readName(): HTTP
>>> KeyTabInputStream, readName(): srv-xyzcard-sit1.systems.private
>>> KeyTab: load() entry length: 88; type: 23
Key for the principal HTTP/xyzcard-sit1.systems.private@SYSTEMS.PRIVATE not available in file:/MY_APP_ITE3/appmanager/50.T0.17/catalina_base/conf/xyzcard-sit1.keytab
[Krb5LoginModule] authentication failed
Unable to obtain password from user
Apr 22, 2015 8:29:52 AM org.apache.catalina.core.StandardContext start
+3
source to share
2 answers
Thanks for answering. I solved the problem, the problem was in my keychain. My keytab file did not contain the SPN that I was looking for. It was generated with the wrong SPN. I tried with some dummy SPNs and found that I was getting the same exception and then asked the command to check or generate a new keytab.
0
source to share
This may be because property values ββwere not allowed in security-config. Can you run the following code and try again?
<beans:property name="servicePrincipal" value="HTTP/xyzcard-sit1.systems.private@SYSTEMS.PRIVATE"/>
<beans:property name="keyTabLocation" value="file:YOUR KEY TAB LOCATION >>/mykey.keytabl" />
Your error came from the javax.security.auth.login.LoginContext method, so it must be something like a keytab file or service principle not set correctly.
+3
source to share