JDK-8080129 : spnego works in 1.8.0_31 but broken in 1.8.0_40 and 1.8.0_45
  • Type: Bug
  • Component: security-libs
  • Sub-Component: org.ietf.jgss:krb5
  • Affected Version: 8u40
  • Priority: P4
  • Status: Closed
  • Resolution: Duplicate
  • OS: windows_2008
  • CPU: x86
  • Submitted: 2015-05-06
  • Updated: 2015-05-12
  • Resolved: 2015-05-12
Related Reports
Duplicate :  
Description
FULL PRODUCT VERSION :
java version "1.8.0_40"
Java(TM) SE Runtime Environment (build 1.8.0_40-b25)
Java HotSpot(TM) Server VM (build 25.40-b25, mixed mode)

ADDITIONAL OS VERSION INFORMATION :
Server: Windows 2008
Client: Windows 2003
Browser: Firefox 37.0.2

A DESCRIPTION OF THE PROBLEM :
Our SPNEGO code works in 1.8.0_31 but broken in 1.8.0 _40 with GSSException: Defective token detected (Mechanism level: GSSHeader did not find the right tag)

Debug Log Running with 1.8.0_31
===========================
2015-05-06 12:18:33.564 VERBOSE [http-exec-4] STDOUT - Entered SpNegoContext.acceptSecContext with state=STATE_NEW
2015-05-06 12:18:33.595 VERBOSE [http-exec-4] STDOUT - SpNegoContext.acceptSecContext: receiving token = a0 82 05 26 30 82 05 22 a0 24 30 22 06 09 2a 86 48 82 f7 12 01 02 02 06 09 2a 86 48 86 f7 12 01 02 02 06 0a 2b 06 01 04 01 82 37 02 02 0a a2 82 04 f8 04 82 04 f4 60 82 04 f0 06 09 2a 86 48 86 f7 12 01 02 02 01 00 6e 82 04 df 30 82 04 db a0 03 02 01 05 a1 03 02 01 0e a2 07 03 05 00 20 00 00 00 a3 82 04 06 61 82 04 02 30 82 03 fe a0 03 02 01 05 a1 0f 1b 0d 53 53 4f 54 45 53 54 2e 4c 4f 43 41 4c a2 2a 30 28 a0 03 02 01 02 a1 21 30 1f 1b 04 48 54 54 50 1b 17 74 6f 72 72 64 76 32 39 37 2e 73 73 6f 74 65 73 74 2e 6c 6f 63 61 6c a3 82 03 b8 30 82 03 b4 a0 03 02 01 17 a1 03 02 01 04 a2 82 03 a6 04 82 03 a2 58 a4 6e 4e ec 97 cf b5 c6 05 ce bd 22 73 14 2a 78 37 94 32 7b c2 25 4f 3f 16 be a3 26 fc 1f 6f 04 c1 4b 4d 4a 20 b1 ee 3d 55 3a 22 a3 6e ab 62 5b 22 2d b7 f4 3c f7 cb 03 c9 12 d1 0e 1f 45 9b 28 b7 e1 33 da ca 90 0e 10 3a fe 53 39 44 8e c1 9f a9 59 90 42 f0 02 a2 38 1b d9 cf 49 ac 94 f0 b3 ce 1f 36 34 33 27 86 6c 44 26 f2 8e 42 47 46 86 59 2d 52 8d c2 54 9c 41 42 ae dc 47 59 b2 23 1a 88 fe 31 ca 79 1b 2d b3 cf 52 6c 13 0d 68 b5 b9 f8 28 25 03 41 a1 b5 d8 14 03 38 31 dd de ed 9f 10 4c d4 3a f6 c0 57 86 be 33 7d 10 7f a2 38 db 23 d2 e2 c4 4a b3 ab f0 4c 61 88 36 fb cd 38 ef 56 10 06 87 a8 38 65 61 d7 9e 20 37 69 98 ca 97 f2 5c ad 6e b5 80 98 29 6b 6f 2c 21 04 87 6f 8e 12 be 36 0d cd 59 e3 1a 51 4d 2d e6 e9 50 05 66 1e ba 8f 52 a6 a0 96 95 b0 5c fc a9 23 b7 92 f6 86 eb 1d 19 5c 82 64 77 8d 1c ff 6f a6 97 3f f5 11 f0 3a 99 2b b2 8c 87 05 16 13 3b 9a 6a cd 02 3b 53 de 54 25 89 ec dd 29 80 c3 42 73 1b 48 b9 05 5c c4 bc ed 92 91 91 c0 a7 5e 3b 7f 9e 75 aa 91 59 0a 23 9e f5 c6 d0 e5 bc fa 29 78 45 b2 10 8e ca 34 4d f1 cc 54 72 f8 af 0f a5 5e 7b 86 cf c6 fb df 20 0d 51 84 b9 52 d9 04 3d 14 2b 7d fe 03 da 41 42 84 ce e9 15 1f f7 61 6d ee 9e 91 29 03 e4 27 8c 66 b2 e8 e3 c2 8b b4 ab a5 28 c8 92 7b 4e b0 02 b1 43 33 98 a7 48 ee 59 f4 6f 50 e9 12 e5 38 58 53 b3 d4 f7 09 4c 0c 34 b4 32 ac ee 7b 9d 3c d8 e5 27 19 8f 7b 18 ef ed bc ac 0f 8b 10 18 c3 79 78 74 c9 c9 16 9e 91 19 a3 82 a5 77 63 35 ac f1 44 b0 f3 0c 12 1f 69 9d 77 da 01 c2 f2 6c a6 a7 6d 8e cc a6 5b 3a 8e 04 3a 6c 68 19 3a 08 b6 f2 4c 77 4a a5 75 ec 03 88 53 e7 cf 0b df 5a 1e 91 0b 91 92 c0 75 fb f0 ef 43 ee ec 31 1e 45 58 3a 86 33 28 81 6b a5 4e 40 fe 8b e9 23 6f 1b 2e 0c 0e 83 46 c2 94 92 ac e2 b3 af 47 7b 36 da 7a 07 9e 5d ff c4 fb ec a7 81 1b f4 af 32 37 cf 45 d2 99 9c 6a a9 8a 68 72 1c d9 66 47 c7 f8 7c dc 5d a0 ad 72 9f fe c5 f9 65 16 a4 7d 9d bf d9 8e 5b a6 cd 32 76 2e 8f 39 2e dd 02 0f 70 f7 3a fc 71 20 c6 70 53 2a 12 1c 7a 95 f4 e7 23 1b 10 a5 6a 96 d8 54 34 3f 58 46 8c 89 5f f1 31 91 19 1d ca 39 e6 56 8b c8 45 50 ee d4 ba 4a 85 8f 1a 8f fe 07 e3 b7 07 6f 58 86 f1 46 bd 51 fc 74 1c 2a f3 d1 60 22 70 a7 6c 2e de 00 6d a7 33 56 10 6c 4f 03 7f 55 59 c3 cb 69 bc 7b 0a 84 c4 5f 0e 91 97 7c e0 ab ff 5d ef a4 18 f0 62 66 ed cd 63 a1 d3 92 34 7f 6b 30 e3 66 a7 1b 09 f5 54 78 6f 19 24 84 51 3a 9e d6 cb b0 7c f5 2c 13 1b c0 69 34 cd d0 35 f8 d4 78 9a 6a 51 9f ab a1 86 83 0f 27 5d a5 1d b2 2e a6 28 5e d4 2f 32 60 91 9f 0a 72 3b 8e fc 85 7f c7 05 58 f9 b1 eb e8 42 e1 f1 74 d5 a2 9c eb 69 d9 43 3c 62 67 db 36 be f3 67 12 b2 89 e7 ec 54 51 af 46 a2 16 ee ad de b5 30 ce 49 8f 37 2a 57 35 60 45 4b 0d 98 f2 87 a0 76 98 61 24 55 c8 97 62 f5 d2 90 7c f7 7b 35 8d cb 78 92 21 c2 41 3e 5e 7b d4 0b 96 f0 7d 3b 4d d5 4c 17 5c b9 e5 a8 d2 e9 ab ee 11 6e fa b8 7e 7d 10 c9 85 e5 71 5f 36 b1 1e 79 d4 97 73 d2 be a4 81 bb 30 81 b8 a0 03 02 01 17 a2 81 b0 04 81 ad 79 57 91 c5 00 2a 7f 17 1e d2 40 a3 c7 d3 eb 20 55 b7 ac b5 d2 d4 29 0b f4 1d 64 26 3f 11 63 35 78 30 71 a0 80 59 ac 06 a7 f3 d7 55 53 45 fc a2 4e 7e 57 d5 f0 22 b9 1b 11 04 bd 20 f5 dd 9a ed 03 85 70 c7 93 49 9f 9f 8f c2 dc 23 c5 8d d0 5f cc 49 dd 9c 2f 33 74 26 19 5e 59 16 5e 05 2b 62 47 32 0d 07 c8 46 41 38 07 bf ca 71 95 15 eb 04 3a 19 27 0b 33 da 3a d3 d5 35 5d ec 48 06 df 1c 0b a5 87 b7 94 62 b7 8f 33 c5 70 02 b7 a6 cf ed 23 8e a1 a2 7f 30 65 00 96 b9 3c 55 d6 d9 8d d7 16 3e f7 d9 d7 12 ef f5 c4 0d 1d e4 19 
2015-05-06 12:18:33.595 VERBOSE [http-exec-4] STDOUT - SpNegoToken NegTokenInit: reading Mechanism Oid = 1.2.840.48018.1.2.2
2015-05-06 12:18:33.595 VERBOSE [http-exec-4] STDOUT - SpNegoToken NegTokenInit: reading Mechanism Oid = 1.2.840.113554.1.2.2
2015-05-06 12:18:33.595 VERBOSE [http-exec-4] STDOUT - SpNegoToken NegTokenInit: reading Mechanism Oid = 1.3.6.1.4.1.311.2.2.10
2015-05-06 12:18:33.595 VERBOSE [http-exec-4] STDOUT - SpNegoToken NegTokenInit: reading Mech Token
2015-05-06 12:18:33.595 VERBOSE [http-exec-4] STDOUT - SpNegoContext.acceptSecContext: received token of type = SPNEGO NegTokenInit
2015-05-06 12:18:33.595 VERBOSE [http-exec-4] STDOUT - SpNegoContext: negotiated mechanism = 1.2.840.113554.1.2.2
2015-05-06 12:18:33.595 VERBOSE [http-exec-4] STDOUT - Entered Krb5Context.acceptSecContext with state=STATE_NEW
2015-05-06 12:18:33.595 VERBOSE [http-exec-4] STDOUT - Looking for keys for: HTTP/torrdv297.ssotest.local@SSOTEST.LOCAL
2015-05-06 12:18:33.595 VERBOSE [http-exec-4] STDOUT - Added key: 23version: 4
2015-05-06 12:18:33.595 VERBOSE [http-exec-4] STDOUT - >>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
2015-05-06 12:18:33.610 VERBOSE [http-exec-4] STDOUT - Using builtin default etypes for permitted_enctypes
2015-05-06 12:18:33.610 VERBOSE [http-exec-4] STDOUT - default etypes for permitted_enctypes:
2015-05-06 12:18:33.610 VERBOSE [http-exec-4] STDOUT -  17
2015-05-06 12:18:33.610 VERBOSE [http-exec-4] STDOUT -  16
2015-05-06 12:18:33.610 VERBOSE [http-exec-4] STDOUT -  23
2015-05-06 12:18:33.610 VERBOSE [http-exec-4] STDOUT - .
2015-05-06 12:18:33.610 VERBOSE [http-exec-4] STDOUT - >>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
2015-05-06 12:18:33.610 VERBOSE [http-exec-4] STDOUT - MemoryCache: add 1430929113/084856/FB991046D0FE398E85D4D834E6E24702/tu02@SSOTEST.LOCAL to tu02@SSOTEST.LOCAL|HTTP/torrdv297.ssotest.local@SSOTEST.LOCAL
2015-05-06 12:18:33.610 VERBOSE [http-exec-4] STDOUT - >>> KrbApReq: authenticate succeed.
2015-05-06 12:18:33.610 VERBOSE [http-exec-4] STDOUT - Krb5Context setting peerSeqNumber to: 2037767067
2015-05-06 12:18:33.626 VERBOSE [http-exec-4] STDOUT - >>> EType: sun.security.krb5.internal.crypto.ArcFourHmacEType
2015-05-06 12:18:33.626 VERBOSE [http-exec-4] STDOUT - Krb5Context setting mySeqNumber to: 717237544
2015-05-06 12:18:33.626 VERBOSE [http-exec-4] STDOUT - >>> Constrained deleg from GSSCaller{UNKNOWN}
2015-05-06 12:18:33.626 VERBOSE [http-exec-4] STDOUT - SPNEGO Negotiated Mechanism = 1.2.840.113554.1.2.2 Kerberos V5
2015-05-06 12:18:33.626 VERBOSE [http-exec-4] STDOUT - SpNegoContext.acceptSecContext: mechanism wanted = 1.2.840.113554.1.2.2
2015-05-06 12:18:33.626 VERBOSE [http-exec-4] STDOUT - SpNegoContext.acceptSecContext: negotiated result = ACCEPT_COMPLETE
2015-05-06 12:18:33.626 VERBOSE [http-exec-4] STDOUT - SpNegoContext.acceptSecContext: sending token of type = SPNEGO NegTokenTarg
2015-05-06 12:18:33.626 VERBOSE [http-exec-4] STDOUT - SpNegoToken NegTokenTarg: sending additional token for MS Interop
2015-05-06 12:18:33.626 VERBOSE [http-exec-4] STDOUT - SpNegoContext.acceptSecContext: sending token = a1 81 ed 30 81 ea a0 03 0a 01 00 a1 0b 06 09 2a 86 48 86 f7 12 01 02 02 a2 6a 04 68 60 66 06 09 2a 86 48 86 f7 12 01 02 02 02 00 6f 57 30 55 a0 03 02 01 05 a1 03 02 01 0f a2 49 30 47 a0 03 02 01 17 a2 40 04 3e 01 66 b8 f5 16 02 42 df 36 46 84 5a cc ed 7f 1d 18 83 fe fc a1 3e 9a 69 bd 50 41 74 a1 a9 2a 09 cc f9 e6 d7 db a0 35 61 d4 23 9c 2e 84 4b d8 a1 41 1e 54 03 af 86 ce 77 b2 50 f5 ed a8 09 a3 6a 04 68 60 66 06 09 2a 86 48 86 f7 12 01 02 02 02 00 6f 57 30 55 a0 03 02 01 05 a1 03 02 01 0f a2 49 30 47 a0 03 02 01 17 a2 40 04 3e 01 66 b8 f5 16 02 42 df 36 46 84 5a cc ed 7f 1d 18 83 fe fc a1 3e 9a 69 bd 50 41 74 a1 a9 2a 09 cc f9 e6 d7 db a0 35 61 d4 23 9c 2e 84 4b d8 a1 41 1e 54 03 af 86 ce 77 b2 50 f5 ed a8 09 
2015-05-06 12:18:33.751 VERBOSE [http-exec-4] STDOUT - getKDCFromDNS using UDP
2015-05-06 12:18:33.814 VERBOSE [http-exec-4] STDOUT - Found ticket for HTTP/torrdv297.ssotest.local@SSOTEST.LOCAL to go to krbtgt/SSOTEST.LOCAL@SSOTEST.LOCAL expiring on Wed May 06 22:13:18 EDT 2015
2015-05-06 12:18:33.814 VERBOSE [http-exec-4] STDOUT - Entered Krb5Context.initSecContext with state=STATE_NEW
2015-05-06 12:18:33.814 VERBOSE [http-exec-4] STDOUT - Found ticket for HTTP/torrdv297.ssotest.local@SSOTEST.LOCAL to go to krbtgt/SSOTEST.LOCAL@SSOTEST.LOCAL expiring on Wed May 06 22:13:18 EDT 2015
2015-05-06 12:18:33.814 VERBOSE [http-exec-4] STDOUT - Service ticket not found in the subject



Debug Log Running with 1.8.0_40
===========================
2015-05-06 12:28:29.978 VERBOSE [http-exec-2] STDOUT - Entered SpNegoContext.acceptSecContext with state=STATE_NEW
2015-05-06 12:28:30.009 VERBOSE [http-exec-2] STDOUT - SpNegoContext.acceptSecContext: receiving token = a0 82 05 26 30 82 05 22 a0 24 30 22 06 09 2a 86 48 82 f7 12 01 02 02 06 09 2a 86 48 86 f7 12 01 02 02 06 0a 2b 06 01 04 01 82 37 02 02 0a a2 82 04 f8 04 82 04 f4 60 82 04 f0 06 09 2a 86 48 86 f7 12 01 02 02 01 00 6e 82 04 df 30 82 04 db a0 03 02 01 05 a1 03 02 01 0e a2 07 03 05 00 20 00 00 00 a3 82 04 06 61 82 04 02 30 82 03 fe a0 03 02 01 05 a1 0f 1b 0d 53 53 4f 54 45 53 54 2e 4c 4f 43 41 4c a2 2a 30 28 a0 03 02 01 02 a1 21 30 1f 1b 04 48 54 54 50 1b 17 74 6f 72 72 64 76 32 39 37 2e 73 73 6f 74 65 73 74 2e 6c 6f 63 61 6c a3 82 03 b8 30 82 03 b4 a0 03 02 01 17 a1 03 02 01 04 a2 82 03 a6 04 82 03 a2 58 a4 6e 4e ec 97 cf b5 c6 05 ce bd 22 73 14 2a 78 37 94 32 7b c2 25 4f 3f 16 be a3 26 fc 1f 6f 04 c1 4b 4d 4a 20 b1 ee 3d 55 3a 22 a3 6e ab 62 5b 22 2d b7 f4 3c f7 cb 03 c9 12 d1 0e 1f 45 9b 28 b7 e1 33 da ca 90 0e 10 3a fe 53 39 44 8e c1 9f a9 59 90 42 f0 02 a2 38 1b d9 cf 49 ac 94 f0 b3 ce 1f 36 34 33 27 86 6c 44 26 f2 8e 42 47 46 86 59 2d 52 8d c2 54 9c 41 42 ae dc 47 59 b2 23 1a 88 fe 31 ca 79 1b 2d b3 cf 52 6c 13 0d 68 b5 b9 f8 28 25 03 41 a1 b5 d8 14 03 38 31 dd de ed 9f 10 4c d4 3a f6 c0 57 86 be 33 7d 10 7f a2 38 db 23 d2 e2 c4 4a b3 ab f0 4c 61 88 36 fb cd 38 ef 56 10 06 87 a8 38 65 61 d7 9e 20 37 69 98 ca 97 f2 5c ad 6e b5 80 98 29 6b 6f 2c 21 04 87 6f 8e 12 be 36 0d cd 59 e3 1a 51 4d 2d e6 e9 50 05 66 1e ba 8f 52 a6 a0 96 95 b0 5c fc a9 23 b7 92 f6 86 eb 1d 19 5c 82 64 77 8d 1c ff 6f a6 97 3f f5 11 f0 3a 99 2b b2 8c 87 05 16 13 3b 9a 6a cd 02 3b 53 de 54 25 89 ec dd 29 80 c3 42 73 1b 48 b9 05 5c c4 bc ed 92 91 91 c0 a7 5e 3b 7f 9e 75 aa 91 59 0a 23 9e f5 c6 d0 e5 bc fa 29 78 45 b2 10 8e ca 34 4d f1 cc 54 72 f8 af 0f a5 5e 7b 86 cf c6 fb df 20 0d 51 84 b9 52 d9 04 3d 14 2b 7d fe 03 da 41 42 84 ce e9 15 1f f7 61 6d ee 9e 91 29 03 e4 27 8c 66 b2 e8 e3 c2 8b b4 ab a5 28 c8 92 7b 4e b0 02 b1 43 33 98 a7 48 ee 59 f4 6f 50 e9 12 e5 38 58 53 b3 d4 f7 09 4c 0c 34 b4 32 ac ee 7b 9d 3c d8 e5 27 19 8f 7b 18 ef ed bc ac 0f 8b 10 18 c3 79 78 74 c9 c9 16 9e 91 19 a3 82 a5 77 63 35 ac f1 44 b0 f3 0c 12 1f 69 9d 77 da 01 c2 f2 6c a6 a7 6d 8e cc a6 5b 3a 8e 04 3a 6c 68 19 3a 08 b6 f2 4c 77 4a a5 75 ec 03 88 53 e7 cf 0b df 5a 1e 91 0b 91 92 c0 75 fb f0 ef 43 ee ec 31 1e 45 58 3a 86 33 28 81 6b a5 4e 40 fe 8b e9 23 6f 1b 2e 0c 0e 83 46 c2 94 92 ac e2 b3 af 47 7b 36 da 7a 07 9e 5d ff c4 fb ec a7 81 1b f4 af 32 37 cf 45 d2 99 9c 6a a9 8a 68 72 1c d9 66 47 c7 f8 7c dc 5d a0 ad 72 9f fe c5 f9 65 16 a4 7d 9d bf d9 8e 5b a6 cd 32 76 2e 8f 39 2e dd 02 0f 70 f7 3a fc 71 20 c6 70 53 2a 12 1c 7a 95 f4 e7 23 1b 10 a5 6a 96 d8 54 34 3f 58 46 8c 89 5f f1 31 91 19 1d ca 39 e6 56 8b c8 45 50 ee d4 ba 4a 85 8f 1a 8f fe 07 e3 b7 07 6f 58 86 f1 46 bd 51 fc 74 1c 2a f3 d1 60 22 70 a7 6c 2e de 00 6d a7 33 56 10 6c 4f 03 7f 55 59 c3 cb 69 bc 7b 0a 84 c4 5f 0e 91 97 7c e0 ab ff 5d ef a4 18 f0 62 66 ed cd 63 a1 d3 92 34 7f 6b 30 e3 66 a7 1b 09 f5 54 78 6f 19 24 84 51 3a 9e d6 cb b0 7c f5 2c 13 1b c0 69 34 cd d0 35 f8 d4 78 9a 6a 51 9f ab a1 86 83 0f 27 5d a5 1d b2 2e a6 28 5e d4 2f 32 60 91 9f 0a 72 3b 8e fc 85 7f c7 05 58 f9 b1 eb e8 42 e1 f1 74 d5 a2 9c eb 69 d9 43 3c 62 67 db 36 be f3 67 12 b2 89 e7 ec 54 51 af 46 a2 16 ee ad de b5 30 ce 49 8f 37 2a 57 35 60 45 4b 0d 98 f2 87 a0 76 98 61 24 55 c8 97 62 f5 d2 90 7c f7 7b 35 8d cb 78 92 21 c2 41 3e 5e 7b d4 0b 96 f0 7d 3b 4d d5 4c 17 5c b9 e5 a8 d2 e9 ab ee 11 6e fa b8 7e 7d 10 c9 85 e5 71 5f 36 b1 1e 79 d4 97 73 d2 be a4 81 bb 30 81 b8 a0 03 02 01 17 a2 81 b0 04 81 ad 8b 95 5a f7 4c f3 89 5d 36 af 2e 55 e7 a2 2a 9a 57 43 0c 93 ac ec cd 2f db 4b b5 37 02 7f ef e2 96 fc b7 c5 dd 92 28 d6 08 21 60 1b 06 bc a7 07 11 c1 75 e1 1c a2 7f 9e ed bb 85 0c 23 0e 6b 34 1c 5e b4 f1 b9 58 d5 9b cd 6a 89 db b1 ae 76 cc b4 d0 66 0a 9e 08 92 71 71 26 62 08 a0 ae 97 99 ae 04 0d 5f 80 68 2a 51 19 3f 1b 99 d9 3b 66 b1 0d ea 10 88 0e 79 1e 48 ef d4 1c 7c 3b e2 bc 89 07 70 04 9c c2 94 2d bb 76 4f c5 a0 89 cc 49 3d 3b 68 41 c3 30 ce fb c3 6b 77 91 71 c4 9d 1d 42 7e 9a a5 4f 9e 70 a9 82 9f ba 03 40 1c 
2015-05-06 12:28:30.009 VERBOSE [http-exec-2] STDOUT - SpNegoToken NegTokenInit: reading Mechanism Oid = 1.2.840.48018.1.2.2
2015-05-06 12:28:30.009 VERBOSE [http-exec-2] STDOUT - SpNegoToken NegTokenInit: reading Mechanism Oid = 1.2.840.113554.1.2.2
2015-05-06 12:28:30.009 VERBOSE [http-exec-2] STDOUT - SpNegoToken NegTokenInit: reading Mechanism Oid = 1.3.6.1.4.1.311.2.2.10
2015-05-06 12:28:30.009 VERBOSE [http-exec-2] STDOUT - SpNegoToken NegTokenInit: reading Mech Token
2015-05-06 12:28:30.009 VERBOSE [http-exec-2] STDOUT - SpNegoContext.acceptSecContext: received token of type = SPNEGO NegTokenInit
2015-05-06 12:28:30.009 VERBOSE [http-exec-2] STDOUT - SpNegoContext: negotiated mechanism = 1.2.840.113554.1.2.2
2015-05-06 12:28:30.009 VERBOSE [http-exec-2] STDOUT - The underlying mechanism context has not been initialized
2015-05-06 12:28:30.009 VERBOSE [http-exec-2] STDOUT - SpNegoContext.acceptSecContext: mechanism wanted = 1.2.840.113554.1.2.2
2015-05-06 12:28:30.009 VERBOSE [http-exec-2] STDOUT - SpNegoContext.acceptSecContext: negotiated result = ACCEPT_INCOMPLETE
2015-05-06 12:28:30.009 VERBOSE [http-exec-2] STDOUT - SpNegoContext.acceptSecContext: sending token of type = SPNEGO NegTokenTarg
2015-05-06 12:28:30.009 VERBOSE [http-exec-2] STDOUT - SpNegoContext.acceptSecContext: sending token = a1 14 30 12 a0 03 0a 01 01 a1 0b 06 09 2a 86 48 86 f7 12 01 02 02 
2015-05-06 12:28:30.025 DEBUG   [http-exec-2] com.xxx.AuthenticationService - Authentication user failed
GSSException: Defective token detected (Mechanism level: GSSHeader did not find the right tag)
	at sun.security.jgss.GSSHeader.<init>(GSSHeader.java:97)
	at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:306)
	at sun.security.jgss.GSSContextImpl.acceptSecContext(GSSContextImpl.java:285)
....
	at org.apache.catalina.authenticator.SingleSignOn.invoke(SingleSignOn.java:312)
	at com.quest.nitro.web.tomcat.SmAuthValve.invoke(SmAuthValve.java:236)
	at com.quest.nitro.web.tomcat.DenyRemoteRequestValve.filterRequest(DenyRemoteRequestValve.java:88)
	at com.quest.nitro.web.tomcat.DenyRemoteRequestValve.invoke(DenyRemoteRequestValve.java:95)
	at com.quest.nitro.web.tomcat.RequestEncValve.invoke(RequestEncValve.java:60)
	at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
	at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:421)
	at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1074)
	at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:611)
	at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:316)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
	at java.lang.Thread.run(Thread.java:745)

Something change in jdk 1.8.0_40 cause this problem? We also found similar problem disscussed in sourceforge
http://sourceforge.net/p/spnego/discussion/1003769/thread/990913cc/?page=1


REPRODUCIBILITY :
This bug can be reproduced always.