[Jalview-discuss] Kerberos

Jim Procter jprocter at compbio.dundee.ac.uk
Mon Jan 9 16:25:55 GMT 2012


Hello Anders.

On 09/01/2012 13:48, ASMR (Anders Sønderberg Mortensen) wrote:
> I am trying to run the latest version of the Jalview applet in a single-sign-on (SSO) environment using Kerberos authentication. I have setup my Apache web server to use kerberos authentication when a user accesses the directory, where these files are located:
>
> -rw-r--r-- 1 root root 436094 2012-01-06 15:06 jalviewApplet.jar
> -rw-r--r-- 1 root root    623 2012-01-06 15:09 jalviewtest.aln
> -rw-r--r-- 1 root root    448 2012-01-06 15:28 jalviewtest.html
>
> The user can load the html file and the applet just fine with SSO, but when the applet tries to access the .aln file a new login prompt is displayed by the applet. Is there any chance that the applet can reuse the kerberos authentication session so the user does not need to provide credentials again?
I'm pretty sure there is a way of doing this, but I'm not familiar 
enough with the JAAS architecture to know the solution without some 
digging around.

I've opened a bug here: http://issues.jalview.org/browse/JAL-1038

What I think is going on is as follows:
1. JalviewLite is being launched with a properly configured security 
context provided by the browser
2. It's trying to use a generic URL data retrieval method 
(URL.openStream()) to retrieve data from the server.
=> Instead of reusing the existing context, Java seems to be wanting to 
create a new security context for the connection.

Could you confirm this is happening by sending me the output from the 
java console when you put in an incorrect password ?  (it would be even 
better if you were using unobfuscated debug version of jalviewLite at 
http://www.jalview.org/examples/debug/jalviewApplet.jar - so the line 
numbers make sense).

Jim.
ps. One other thing: you might be able to get around the problem simply 
by adding the data you are loading into the applet to its classpath. If 
you make a zip containing the data, and add it to the 'archive' tag like 
'jalviewApplet.jar,mydata.zip', the applet should then load the data 
from mydata.zip. You'll be able to see that happening in the debug 
output on the console.


More information about the Jalview-discuss mailing list