Hi Team,
After upgrading my application from 3.2.5 to 3.3.0, the KerberosRestTemplate package (2.0.0, latest version) starts returning 401 on all requests. I upgraded Spring Boot to 3.2.6 instead, and KerberosRestTemplate continues to work correctly on that version.
I'm able to recreate the issue by using the KerberosRestTemplate sample code available here: https://github.com/spring-projects/spring-security-kerberos/blob/main/spring-security-kerberos-samples/sec-client-rest-template/src/main/java/demo/app/Application.java . Don't think this would be a Kerberos package issue, as it's working correctly with 3.2.6, so only is an issue for 3.3.0
Thank you.
Comment From: wilkinsona
Thanks for the report. It's hard to say for certain, but I suspect that this is a Spring Security problem rather than a Spring Boot problem, probably caused by Spring Boot 3.3 upgrading to Spring Security 6.3. To help us to figure out if this is the case, please provide a minimal sample that works with Spring Boot 3.2.6 and fails with 3.3.0.
Comment From: Jeffrey-Hassan
The minimum sample that works with 3.2.6 / 3.3.0 is the sample itself ... I can't provide something "running" as I can't provide my company's internal keytab file + intranet endpoint.
However, it looks like the issue has been raised directly to spring security team, and appears related to Apache HttpClient rather than anything Spring related. I've commented on the issue over there, which was already created: https://github.com/spring-projects/spring-security-kerberos/issues/195
Comment From: wilkinsona
Thanks. Closing in favor of the existing spring-security-kerberos issue.