I am having problems with my file Upload form in wicket. I am not being able of uploading any file into the online server.
This script worked already, but for some time it stopped.
So I search for answers, but I was getting the same error.
My code is equal to: http://www.mkyong.com/wicket/wicket-file-upload-example/
The difference is the folder path isn't local as it is in the example but points to a remote url via https.
Additional information:
Server
Operating System: Debian GNU/Linux 7 (wheezy)
Tomcat: Tomcat 7
Permissions in taget folder: 777
Local:
Tomcat: Tomcat 7
JDK: 1.7
Wicket: 6
Test
Open upload site
Select file aa.png(It doesn't exists in the server)
Press upload
Result:
28 10 13 18:19:31:630 - ERROR - Unable to write file
java.io.IOException: The filename, directory name, or volume label syntax is incorrect at java.io.WinNTFileSystem.createFileExclusively(Native Method)
28 10 13 18:27:02:370 - ERROR - Unexpected error occurred
org.apache.wicket.WicketRuntimeException: Method onFormSubmitted of interface
org.apache.wicket.markup.html.form.IFormSubmitListener
targeted at [Form [Component id = form]] on component [Form [Component id = form]] `threw an exception`
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.apache.wicket.RequestListenerInterface.
internalInvoke(RequestListenerInterface.java:258)
... 30 more
Caused by: java.lang.IllegalStateException: Error
at com.myproject.presentation.utils.examples.FileUploadPage$1.onSubmit(FileUploadPage.java:51)
at org.apache.wicket.markup.html.form.Form$9.component(Form.java:1246)
at org.apache.wicket.markup.html.form.Form$9.component(Form.java:1240)
at org.apache.wicket.util.visit.Visits.visitPostOrderHelper(Visits.java:274)
at org.apache.wicket.util.visit.Visits.visitPostOrder(Visits.java:245)
at org.apache.wicket.markup.html.form.Form.delegateSubmit(Form.java:1239)
at org.apache.wicket.markup.html.form.Form.process(Form.java:921)
at org.apache.wicket.markup.html.form.Form.onFormSubmitted(Form.java:767)
at org.apache.wicket.markup.html.form.Form.onFormSubmitted(Form.java:700)
... 35 more
From the JavaDoc of File:
public File(URI uri)
Creates a new File instance by converting the given file: URI into an
abstract pathname.
The exact form of a file: URI is system-dependent, hence the
transformation performed by this constructor is also system-dependent.
For a given abstract pathname f it is guaranteed that
new File( f.toURI()).equals( f.getAbsoluteFile())
so long as the original abstract pathname, the URI, and the new
abstract pathname are all created in (possibly different invocations
of) the same Java virtual machine. This relationship typically does
not hold, however, when a file: URI that is created in a virtual
machine on one operating system is converted into an abstract pathname
in a virtual machine on a different operating system.
Parameters:
uri - An absolute, hierarchical URI with a scheme equal to "file", a non-empty path component, and undefined authority, query, and fragment components
Throws:
NullPointerException - If uri is null
IllegalArgumentException - If the preconditions on the parameter do not hold
Since:
1.4
No one said anything about http or https.
Related
I'm launching 3 elastic nodes using elastic operator and i tried to set up automated snapshots for these instances.
I followed this doc
I minified the json of the service account key and created a file called gcs.client.default.credentials_file with no file extension and added this file to kubernetes secrets.
And added the secureSettings.secretName field to the spec of the elastic cluster and added the secret name to it which was gcs-credentials
But i get this error on the logs
{"#timestamp":"2022-12-26T18:45:40.037Z", "log.level":"ERROR", "message":"fatal exception while booting Elasticsearch", "ecs.version": "1.2.0","service.name":"ES_ECS","event.dataset":"elasticsearch.server","process.thread.name":"main","log.logger":"org.elasticsearch.bootstrap.Elasticsearch","elasticsearch.node.name":"elasticsearch-cluster-es-node-1","elasticsearch.cluster.name":"elasticsearch-cluster","error.type":"java.lang.IllegalStateException","error.message":"failed to load plugin class [org.elasticsearch.repositories.gcs.GoogleCloudStoragePlugin]","error.stack_trace":"java.lang.IllegalStateException: failed to load plugin class [org.elasticsearch.repositories.gcs.GoogleCloudStoragePlugin]\n\tat org.elasticsearch.server#8.5.0/org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:607)\n\tat org.elasticsearch.server#8.5.0/org.elasticsearch.plugins.PluginsService.loadBundle(PluginsService.java:482)\n\tat org.elasticsearch.server#8.5.0/org.elasticsearch.plugins.PluginsService.loadBundles(PluginsService.java:290)\n\tat org.elasticsearch.server#8.5.0/org.elasticsearch.plugins.PluginsService.<init>(PluginsService.java:159)\n\tat org.elasticsearch.server#8.5.0/org.elasticsearch.plugins.PluginsService.lambda$getPluginsServiceCtor$14(PluginsService.java:634)\n\tat org.elasticsearch.server#8.5.0/org.elasticsearch.node.Node.<init>(Node.java:406)\n\tat org.elasticsearch.server#8.5.0/org.elasticsearch.node.Node.<init>(Node.java:316)\n\tat org.elasticsearch.server#8.5.0/org.elasticsearch.bootstrap.Elasticsearch$2.<init>(Elasticsearch.java:214)\n\tat org.elasticsearch.server#8.5.0/org.elasticsearch.bootstrap.Elasticsearch.initPhase3(Elasticsearch.java:214)\n\tat org.elasticsearch.server#8.5.0/org.elasticsearch.bootstrap.Elasticsearch.main(Elasticsearch.java:67)\nCaused by: java.lang.reflect.InvocationTargetException\n\tat java.base/jdk.internal.reflect.DirectConstructorHandleAccessor.newInstance(DirectConstructorHandleAccessor.java:79)\n\tat java.base/java.lang.reflect.Constructor.newInstanceWithCaller(Constructor.java:500)\n\tat java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:484)\n\tat org.elasticsearch.server#8.5.0/org.elasticsearch.plugins.PluginsService.loadPlugin(PluginsService.java:600)\n\t... 9 more\nCaused by: java.lang.IllegalArgumentException: failed to load GCS client credentials from [gcs.client.default.credentials_file]\n\tat org.elasticsearch.repositories.gcs.GoogleCloudStorageClientSettings.loadCredential(GoogleCloudStorageClientSettings.java:265)\n\tat org.elasticsearch.repositories.gcs.GoogleCloudStorageClientSettings.getClientSettings(GoogleCloudStorageClientSettings.java:221)\n\tat org.elasticsearch.repositories.gcs.GoogleCloudStorageClientSettings.load(GoogleCloudStorageClientSettings.java:209)\n\tat org.elasticsearch.repositories.gcs.GoogleCloudStoragePlugin.reload(GoogleCloudStoragePlugin.java:88)\n\tat org.elasticsearch.repositories.gcs.GoogleCloudStoragePlugin.<init>(GoogleCloudStoragePlugin.java:36)\n\tat java.base/jdk.internal.reflect.DirectConstructorHandleAccessor.newInstance(DirectConstructorHandleAccessor.java:67)\n\t... 12 more\nCaused by: java.io.IOException: Invalid PKCS#8 data.\n\tat com.google.auth.oauth2.ServiceAccountCredentials.privateKeyFromPkcs8(ServiceAccountCredentials.java:496)\n\tat com.google.auth.oauth2.ServiceAccountCredentials.fromPkcs8(ServiceAccountCredentials.java:474)\n\tat com.google.auth.oauth2.ServiceAccountCredentials.fromJson(ServiceAccountCredentials.java:212)\n\tat com.google.auth.oauth2.ServiceAccountCredentials.fromStream(ServiceAccountCredentials.java:548)\n\tat com.google.auth.oauth2.ServiceAccountCredentials.fromStream(ServiceAccountCredentials.java:520)\n\tat org.elasticsearch.repositories.gcs.GoogleCloudStorageClientSettings.lambda$loadCredential$13(GoogleCloudStorageClientSettings.java:257)\n\tat java.base/java.security.AccessController.doPrivileged(AccessController.java:569)\n\tat org.elasticsearch.repositories.gcs.SocketAccess.doPrivilegedIOException(SocketAccess.java:33)\n\tat org.elasticsearch.repositories.gcs.GoogleCloudStorageClientSettings.loadCredential(GoogleCloudStorageClientSettings.java:256)\n\t... 17 more\n"}
ERROR: Elasticsearch did not exit normally - check the logs at /usr/share/elasticsearch/logs/elasticsearch-cluster.log
Try adding the following lines to your configuration (on each Elasticsearch):
elasticsearch01:
image: docker.elastic.co/elasticsearch/elasticsearch:7.6.2
...
ulimits:
memlock:
soft: -1
hard: -1
Also check this link on Elasticsearch for more detailed information.
I'm trying to connect to a SAP system via Java Middleware (Dell Boomi) to inspect existing document types.
When inspecting a base IDOC Type (e.g. ORDERS05) everything works ok.
When trying to inspect a custom type (e.g. ZORDERS05) I get a rather obscure exception from the java JCO classes:
Feb 25, 2016 6:56:56 PM CET WARNING [com.boomi.connector.sap.browse.SAPIDocSchemaBuilder buildSchema] Unable to find IDoc base type: ZORDERS05, extension:
com.sap.conn.jco.AbapException: (126) SEGMENT_UNKNOWN: SEGMENT_UNKNOWN Message 257 of class EA type E, Par[1]: ZHEADER, Par[2]: 740
at com.sap.conn.jco.rt.MiddlewareJavaRfc$JavaRfcClient.execute(MiddlewareJavaRfc.java:2083)
at com.sap.conn.jco.rt.ClientConnection.execute(ClientConnection.java:1185)
at com.sap.conn.jco.rt.ClientConnection.execute(ClientConnection.java:1014)
at com.sap.conn.jco.rt.RfcDestination.execute(RfcDestination.java:1458)
at com.sap.conn.jco.rt.RfcDestination.execute(RfcDestination.java:1428)
at com.sap.conn.jco.rt.AbapFunction.execute(AbapFunction.java:332)
at com.boomi.connector.sap.SAPConnection.executeFunction(SAPConnection.java:103)
at com.boomi.connector.sap.browse.SAPIDocSchemaBuilder.buildSchema(SAPIDocSchemaBuilder.java:49)
at com.boomi.connector.sap.browse.SAPSchemaBrowser.buildIDocProfile(SAPSchemaBrowser.java:210)
at com.boomi.connector.sap.browse.SAPSchemaBrowser.browse(SAPSchemaBrowser.java:84)
at com.boomi.connector.custom.CustomConnectorBrowseAction.browse(CustomConnectorBrowseAction.java:77)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at com.boomi.util.ClassUtil$InvokerWithClassLoader.invoke(ClassUtil.java:360)
at com.sun.proxy.$Proxy72.browse(Unknown Source)
at com.boomi.connector.BrowseMessageHandler.handle(BrowseMessageHandler.java:116)
at com.boomi.container.core.MessagePollerThread$BaseTask.handleMessage(MessagePollerThread.java:657)
at com.boomi.container.core.MessagePollerThread$AsyncTask.run(MessagePollerThread.java:742)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
Any hint on how to troubleshoot this problem?
SAP side the objects seem to be really identical (both base types, no extension etc...)
The note from Ravindra HV is correct, this problem is caused from a misconfiguration on the SAP side.
In order to fix this the SAP team had to release the custom segments (ZHEADER) inside the custom IDOC type.
See answer to this: http://scn.sap.com/thread/3436578
I created sample class Testws with one simple method sayHi(String name) that simply showing welcome message. The target is to create web service application for this class and applying OWSM policies.
All the needed file is generated from Jdeveloper 11.1.1.7 and I added the oracle/wss_username_token_client_policy to the client side in TestwsPortClient. Problem is that when I run the main method from TestwsPortClient I got the following error:
SEVERE: java.io.FileNotFoundException: .\config\jps-config.xml (The system cannot find the path specified)
Although I tried (But it did not work) to set the system propriety to find the missing file as follow:
System.setProperty("oracle.security.jps.config",
"C:\\Users\\user\\AppData\\Roaming\\JDeveloper\\system11.1.1.7.40.64.93\\DefaultDomain\\config\\fmwconfig\\jps-config.xml");
Here is the Client Class TestwsPortClient:
public static void main(String[] args) {
testwsService = new TestwsService();
SecurityPoliciesFeature securityFeatures =
new SecurityPoliciesFeature(new String[] { "oracle/wss_username_token_client_policy" });
Testws testws = testwsService.getTestwsPort(securityFeatures);
// Add your code to call the desired methods.
System.setProperty("oracle.security.jps.config",
"C:\\Users\\user\\AppData\\Roaming\\JDeveloper\\system11.1.1.7.40.64.93\\DefaultDomain\\config\\fmwconfig\\jps-config.xml");
List<CredentialProvider> credProviders =new ArrayList<CredentialProvider>();
String username = "weblogic";
String password = "weblogic1";
CredentialProvider cp =new ClientUNTCredentialProvider(username.getBytes(), password.getBytes());
credProviders.add(cp);
Map<String, Object> rc = ((BindingProvider)testws).getRequestContext();
rc.put(WSSecurityContext.CREDENTIAL_PROVIDER_LIST, credProviders);
testws.sayHi("Salman");
}
Here the exception stack trace:
Note: the stack trace is too long this is just part of it where I think it will gives an idea about the error
SEVERE: java.io.FileNotFoundException: .\config\jps-config.xml (The system cannot find the path specified)
SEVERE: java.io.FileNotFoundException: .\config\jps-config.xml (The system cannot find the path specified)
INFO: WSM-09004 Component auditing cannot be initialized.
INFO: Recipient Alias property not configured in the policy. Defaulting to encrypting with signers certificate.
WARNING: JPS-00065 Jps platform factory creation failed. Reason: java.lang.ClassNotFoundException: oracle.security.jps.se.JpsSEPlatformFactory.
WARNING: JPS-00065 Jps platform factory creation failed. Reason: {0}.
......
at $Proxy34.sayHi(Unknown Source)
at test.TestwsPortClient.main(TestwsPortClient.java:44)
Caused by: oracle.security.jps.JpsException: JPS-00065: Jps platform factory creation failed. Reason: java.lang.ClassNotFoundException: oracle.security.jps.se.JpsSEPlatformFactory.
at oracle.security.jps.ee.JpsPlatformFactory$2.run(JpsPlatformFactory.java:197)
at oracle.security.jps.ee.JpsPlatformFactory$2.run(JpsPlatformFactory.java:190)
........
Since the java 7 update 25 launched by Oracle our application no longer functions.
Initially we got some warning about codebase & sercurity tags missing in the Manifest file, which we fixed.
The problem we now end up with is that in the Console we only get the following lines:
#### Java Web Start Error:
#### null
We also get an application Error dialog with the message: Unable to launch the application.
The details button gives the following details in the Exception:
java.lang.NullPointerException
at com.sun.jnlp.JNLPClassLoader.getPermissions(Unknown Source)
at java.security.SecureClassLoader.getProtectionDomain(SecureClassLoader.java:206)
at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142)
at java.net.URLClassLoader.defineClass(URLClassLoader.java:449)
at java.net.URLClassLoader.access$100(URLClassLoader.java:71)
at java.net.URLClassLoader$1.run(URLClassLoader.java:361)
at java.net.URLClassLoader$1.run(URLClassLoader.java:355)
at java.security.AccessController.doPrivileged(Native Method)
at java.net.URLClassLoader.findClass(URLClassLoader.java:354)
at com.sun.jnlp.JNLPClassLoader.findClass(Unknown Source)
at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
at desktop.DesktopProxySelector.<init>(DesktopProxySelector.java:24) <- code smippet below
at desktop.Main.main(Main.java:139) <- code smippet below
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at com.sun.javaws.Launcher.executeApplication(Unknown Source)
at com.sun.javaws.Launcher.executeMainClass(Unknown Source)
at com.sun.javaws.Launcher.doLaunchApp(Unknown Source)
at com.sun.javaws.Launcher.run(Unknown Source)
at java.lang.Thread.run(Thread.java:724)
The relevant code parts are:
Desktop.Main.main
/**
* Main method, starts the application
*/
public static void main(String[] args) {
System.setProperty("java.net.useSystemProxies", "true");
//Logger.getLogger("httpclient.wire.header.level").setLevel(Level.FINEST);
//Logger.getLogger("org.apache.commons.httpclient.level").setLevel(Level.FINEST);
java.net.ProxySelector.setDefault(new DesktopProxySelector(java.net.ProxySelector.getDefault()));
(The last line is line number 139)
desktop.DesktopProxySelector:
public class DesktopProxySelector extends ProxySelector {
public DesktopProxySelector(ProxySelector defaultSelector) {
URI httpsUri = new CentralConfigurationService().getCentralLocation();
(The last line is line number 24 where the exception occures)
Can someone give us some clues hints (or better a solution) for this new behaviour of java caused by this 'minor' update.
When we run the application straight from the cli using java -jar Desktop.jar the application wil run file, so the issue has clearly something todo with the changes in java web start.
#trashgod: the error clearly has something to do with the Permissions change in 7u25, since the NullPointerException occurs in com.sun.jnlp.JNLPClassLoader.getPermissions.
Just to explain what I think happens (I am a colleague of Wouter):
desktop.Main instantiates a desktop.DesktopProxySelector (our class),
desktop.DesktopProxySelector instantiates desktop.configuration.CentralConfigurationService
desktop.configuration.CentralConfigurationService instantiates a java.net.URI.
On the first line of the DesktopProxySelector init where the CentralConfigurationService is instantiated the getPermissions method, called by the JNLPClassLoader, throws the NullPointerException. So something is going wrong while loading the CentralConfigurationService class by java webstart with getting the permissions for the class. Could that have anything to do with the fact that a URI class is instantiated, which requires extra permissions (a connection to a remote uri is setup)?
Eventually the problem was solved.
The problem was caused between a mismatch in the included jar files in the main MANIFEST.MF file vs the jar files mentioned in the launch.jnlp.
Apperently it is now required to have all jar files that will be used also be present in the launch.jnlp file.
(In the past it was decided to keep this file manually in sink, which obviously was not always maintained in a propper way. Now this process is automated, so the problem should no longer happen to us.)
So I have some code which I'm testing to make sure it works nicely for authentication. It works fine against straight kerberos, so I figured there should only be some minor hiccups with AD. Unfortunately, I cannot get around a KrbException: KDC has no support for encryption type (14).
I know the error is an encryption type mismatch. But I can kinit just fine, it's only in the code that I hit an issue. I'm not setting anything, so I think it should be inheriting the same defaults as kinit, but that obviously isn't the case.
The code-
System.setProperty("sun.security.krb5.debug", "true");
System.setProperty("java.security.krb5.realm", "TEST.SQRRL.COM");
System.setProperty("java.security.krb5.kdc", "172.16.101.128");
System.setProperty("java.security.auth.login.config", "./conf/jaas.conf");
System.setProperty("javax.security.auth.useSubjectCredsOnly", "true");
// "Client" references the JAAS configuration in the jaas.conf file.
LoginContext loginCtx = null;
loginCtx = new LoginContext("Server", new LoginCallbackHandler("test".toCharArray()));
loginCtx.login();
subject = loginCtx.getSubject();
and the jaas.conf
Server {
com.sun.security.auth.module.Krb5LoginModule required
useKeyTab=false
storeKey=true
useTicketCache=true
principal="accumulo#test.SQRRL.COM";
};
And, the stack trace-
>>>KRBError:
sTime is Tue Nov 27 18:16:36 EST 2012 1354058196000
suSec is 257213
error code is 14
error Message is KDC has no support for encryption type
realm is test.SQRRL.COM
sname is krbtgt/test.SQRRL.COM
msgType is 30
javax.security.auth.login.LoginException: KDC has no support for encryption type (14)
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:696)
at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:542)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at authenticators.KerberosAuthenticator.<init>(KerberosAuthenticator.java:37)
at main.ServerImpl.<init>(ServerImpl.java:91)
at main.PlugServer.run(PlugServer.java:22)
at main.PlugServer.main(PlugServer.java:42)
Caused by: KrbException: KDC has no support for encryption type (14)
at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:66)
at sun.security.krb5.KrbAsReq.getReply(KrbAsReq.java:446)
at sun.security.krb5.Credentials.sendASRequest(Credentials.java:401)
at sun.security.krb5.Credentials.acquireTGT(Credentials.java:373)
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:662)
... 15 more
Caused by: KrbException: Identifier doesn't match expected value (906)
at sun.security.krb5.internal.KDCRep.init(KDCRep.java:133)
at sun.security.krb5.internal.ASRep.init(ASRep.java:58)
at sun.security.krb5.internal.ASRep.<init>(ASRep.java:53)
at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:50)
... 19 more
Exception in thread "main" java.lang.RuntimeException: javax.security.auth.login.LoginException: KDC has no support for encryption type (14)
at main.PlugServer.run(PlugServer.java:36)
at main.PlugServer.main(PlugServer.java:42)
Caused by: javax.security.auth.login.LoginException: KDC has no support for encryption type (14)
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:696)
at com.sun.security.auth.module.Krb5LoginModule.login(Krb5LoginModule.java:542)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:683)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:680)
at javax.security.auth.login.LoginContext.login(LoginContext.java:579)
at authenticators.KerberosAuthenticator.<init>(KerberosAuthenticator.java:37)
at main.ServerImpl.<init>(ServerImpl.java:91)
at main.PlugServer.run(PlugServer.java:22)
... 1 more
Caused by: KrbException: KDC has no support for encryption type (14)
at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:66)
at sun.security.krb5.KrbAsReq.getReply(KrbAsReq.java:446)
at sun.security.krb5.Credentials.sendASRequest(Credentials.java:401)
at sun.security.krb5.Credentials.acquireTGT(Credentials.java:373)
at com.sun.security.auth.module.Krb5LoginModule.attemptAuthentication(Krb5LoginModule.java:662)
... 15 more
Caused by: KrbException: Identifier doesn't match expected value (906)
at sun.security.krb5.internal.KDCRep.init(KDCRep.java:133)
at sun.security.krb5.internal.ASRep.init(ASRep.java:58)
at sun.security.krb5.internal.ASRep.<init>(ASRep.java:53)
at sun.security.krb5.KrbAsRep.<init>(KrbAsRep.java:50)
... 19 more
So, I got it past this stage. I can only guess that the DES support in active directory for Windows Server 2012 is broken, as I ended up tweaking my krb5.conf file and setting the two default ticket types and permitted types to just aes256-cts-hmac-sha1-96 and it worked for the one user. After enabling aes256 for other users in AD, it continued to work.
You need to access the user's account and check the 'use kerberos DES encryption types' checkbox.
You'll need to login to your DS as an admin to do this of course.
Looking at init() in KDCRep.java, the only part that looks it could be throwing your error is:
150 if ((subDer.getTag() & 0x1F) == 0x00) {
151 pvno = subDer.getData().getBigInteger().intValue();
152 if (pvno != Krb5.PVNO) {
153 throw new KrbApErrException(Krb5.KRB_AP_ERR_BADVERSION);
154 }
155 } else {
156 throw new Asn1Exception(Krb5.ASN1_BAD_ID);
157 }
It does seem a bit odd that the error's being printed as a KrbException, but it could work since KrbApErrException is a subclass of KrbException. init() can't throw any other subclasses of KrbException, though.
Scratch that. A better possibility is that it's one of the Asn1Exceptions in there, since the constructor in KrbAsRep.java catches and rethrows those errors as KrbExceptions (with an appropriate initCause that would match up pretty well with the stack trace).
"Identifier doesn't match expected value (906)" leads me to believe it's throwing a Asn1Exception(Krb5.ASN1_BAD_ID), since Krb5.ASN1_BAD_ID has value 906. That's not overly helpful, since that seems to be the default error in init().
See if you can generate the DerValue corresponding to your configuration and inspect it manually, seeing where init() would reject it, then step backward from there, looking at what part of your configuration created the erroneous bits.
Upon further inspection, the message "KDC has no support for encryption type" leads me to believe Krb5.KDC_ERR_ETYPE_NOSUPP must have been used. But, as that's only used for the default instance of Etype, that might not mean much.