I am trying to setup Kerberos web authentication on Websphere (8.5.5). I have done my setup but when i try to access the login url i get the following NPE
com.ibm.ws.webcontainer.webapp.WebApp logServletError SRVE0293E: [Servlet Error]-[Initializer]: java.lang.NullPointerException
at net.sourceforge.spnego.SpnegoFilterConfig.doClientModule(SpnegoFilterConfig.java:179)
at net.sourceforge.spnego.SpnegoFilterConfig.<init>(SpnegoFilterConfig.java:138)
at net.sourceforge.spnego.SpnegoFilterConfig.getInstance(SpnegoFilterConfig.java:314)
at net.sourceforge.spnego.SpnegoHttpFilter.init(SpnegoHttpFilter.java:193)
I don't understand the error, or how to fix it. Thanks
UPDATE
<?xml version="1.0" encoding="UTF-8"?><web-app id="WebApp_1431678248278" version="2.4" xmlns="http://java.sun.com/xml/ns/j2ee" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://java.sun.com/xml/ns/j2ee http://java.sun.com/xml/ns/j2ee/web-app_2_4.xsd">
<display-name>warname_war</display-name>
<description>ApplicationDescription</description>
<!--Servlets-->
<servlet>
<servlet-name>Initializer</servlet-name>
<servlet-class>com.package.subpackage.Initializer</servlet-class>
<init-param>
<param-name>initFile</param-name>
<param-value>/WEB-INF/conf/init.xml</param-value>
</init-param>
<init-param>
<param-name>initModule</param-name>
<param-value>/WEB-INF/conf/init-module.xml</param-value>
</init-param>
<init-param>
<param-name>initAuthentication</param-name>
<param-value>/WEB-INF/conf/init-authentication.xml</param-value>
</init-param>
<init-param>
<param-name>WindowOnSuccessCloseTimeout</param-name>
<param-value>500</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet>
<servlet-name>CreateSecurityDb</servlet-name>
<servlet-class>com.package.subpackage.CreateSecurityDatabaseServlet</servlet-class>
<init-param>
<param-name>initFile</param-name>
<param-value>/WEB-INF/conf/init.xml</param-value>
</init-param>
<init-param>
<param-name>initAuthentication</param-name>
<param-value>/WEB-INF/conf/init-authentication.xml</param-value>
</init-param>
<init-param>
<param-name>sqlScriptsFolder</param-name>
<param-value>/sql</param-value>
</init-param>
<load-on-startup>2</load-on-startup>
</servlet>
<servlet>
<servlet-name>Data Service</servlet-name>
<servlet-class>com.package.subpackage.web.webmethod.DataServlet</servlet-class>
<load-on-startup>2</load-on-startup>
</servlet>
<servlet>
<servlet-name>Logger</servlet-name>
<servlet-class>com.package.subpackage.context.DataServletImpl</servlet-class>
<load-on-startup>2</load-on-startup>
</servlet>
<servlet>
<servlet-name>Status</servlet-name>
<servlet-class>com.package.subpackage.healthcheck.HealthCheckServlet</servlet-class>
<load-on-startup>2</load-on-startup>
</servlet>
<!--Servlet mappings-->
<servlet-mapping>
<servlet-name>Data Service</servlet-name>
<url-pattern>/dataService/*</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Initializer</servlet-name>
<url-pattern>/main</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Logger</servlet-name>
<url-pattern>/logger</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>Status</servlet-name>
<url-pattern>/status</url-pattern>
</servlet-mapping>
<servlet-mapping>
<servlet-name>CreateSecurityDb</servlet-name>
<url-pattern>/createSecurityDatabase</url-pattern>
</servlet-mapping>
<!--Filters-->
<filter>
<filter-name>LoginFormFilter</filter-name>
<filter-class>com.package.otherpackage.authentication.UnifiedLoginFilter</filter-class>
<init-param>
<param-name>factoryName</param-name>
<param-value>SSOAuthenticator</param-value>
</init-param>
<init-param>
<param-name>servletType</param-name>
<param-value>webHtml</param-value>
</init-param>
<init-param>
<param-name>useCaching</param-name>
<param-value>true</param-value>
</init-param>
</filter>
<filter>
<filter-name>LogoutFilter</filter-name>
<filter-class>com.package.otherpackage.authentication.impl.logic.filter.UnifiedLogoutFilter</filter-class>
<init-param>
<param-name>factoryName</param-name>
<param-value>SSOAuthenticator</param-value>
</init-param>
</filter>
<filter>
<filter-name>ResourceFilter</filter-name>
<filter-class>com.package.subpackage.utils.ResourceFilter</filter-class>
</filter>
<filter>
<filter-name>InitDbConFilter</filter-name>
<filter-class>com.package.subpackage.webmethod.InitDbConnectionFilter</filter-class>
</filter>
<!--Filter Mappings-->
<filter-mapping>
<filter-name>InitDbConFilter</filter-name>
<servlet-name>Initializer</servlet-name>
</filter-mapping>
<filter-mapping>
<filter-name>LoginFormFilter</filter-name>
<servlet-name>Initializer</servlet-name>
</filter-mapping>
<filter-mapping>
<filter-name>InitDbConFilter</filter-name>
<servlet-name>Data Service</servlet-name>
</filter-mapping>
<filter-mapping>
<filter-name>LoginFormFilter</filter-name>
<servlet-name>Data Service</servlet-name>
</filter-mapping>
<filter-mapping>
<filter-name>LoginFormFilter</filter-name>
<url-pattern>/index.html</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>LogoutFilter</filter-name>
<servlet-name>Initializer</servlet-name>
</filter-mapping>
<filter-mapping>
<filter-name>ResourceFilter</filter-name>
<url-pattern>/plugins/*</url-pattern>
</filter-mapping>
<filter-mapping>
<filter-name>ResourceFilter</filter-name>
<url-pattern>/lib/atf/*</url-pattern>
</filter-mapping>
<!--location to prevent users from listing some resources-->
<welcome-file-list>
<welcome-file>/main</welcome-file>
</welcome-file-list>
<session-config>
<session-timeout>30</session-timeout>
</session-config>
<listener>
<listener-class>com.package.subpackage.context.TCSessionListener</listener-class>
</listener>
<application-policy name="spnego-client">
This is my web.xml file
The reason i was getting the NPE is that by default websphere uses the wsjaas.conf file. You can change this by editing a system launch properties file /AppServer/properties/systemlaunch/base/.systemlaunch.properties.
There you have configured the java.security.auth.login.config In the default wsjaas.conf there was a missing entry ("spnego-client") that the spnego API expects.