Windows Authentication in Tomcat

[john_polinsky]

Hello there,

How Tomcat is usually configured when it is wanted to get information
from Windows Server (e.g. Active Directory running in W2k or Win2003)?
What Realms should be used in Tomcat and how this is done, any document
available?

Second question is, that if I e.g. for testing purposes want to use my
local PC's Windows's username and passwords for Tomcat's authentication
how that can be done? In this case I would have only my own PC running
Windows without Windows Network Servers.

Can anyone give any tips to these questions?

Cheers!

 

[Dave Glasser]

(e-mail address removed) wrote on 7 Sep 2005 03:10:41 -0700 in
comp.lang.java.programmer:

Hello there,

How Tomcat is usually configured when it is wanted to get information
from Windows Server (e.g. Active Directory running in W2k or Win2003)?
What Realms should be used in Tomcat and how this is done, any document
available?

You would want to use Tomcat's JNDI realm to authenticate credentials
against an Active Directory domain. It's well-documented within the
Tomcat documentation.

Also, I've never used it, but this looks promising for SSO:

http://jcifs.samba.org/src/docs/ntlmhttpauth.html

(Assuming users are using IE, of course.)

Second question is, that if I e.g. for testing purposes want to use my
local PC's Windows's username and passwords for Tomcat's authentication
how that can be done? In this case I would have only my own PC running
Windows without Windows Network Servers.

This class:

http://java.sun.com/j2se/1.4.2/docs...m/sun/security/auth/module/NTLoginModule.html

will tell you who the logged-in local user is, but unfortunately
doesn't authenticate the password. It might give you some clues as to
what approach to take. (Which obviously would involve JNI calls.) If
you google for "NTLoginModule.java" you can find the source code for
it.



--
Check out QueryForm, a free, open source, Java/Swing-based
front end for relational databases.

http://qform.sourceforge.net

If you're a musician, check out RPitch Relative Pitch
Ear Training Software.

http://rpitch.sourceforge.net

 

[john_polinsky]

Thank you very much Dave!

Cheers!

(e-mail address removed) wrote on 7 Sep 2005 03:10:41 -0700 in
comp.lang.java.programmer:


You would want to use Tomcat's JNDI realm to authenticate credentials
against an Active Directory domain. It's well-documented within the
Tomcat documentation.

Also, I've never used it, but this looks promising for SSO:

http://jcifs.samba.org/src/docs/ntlmhttpauth.html

(Assuming users are using IE, of course.)


This class:

http://java.sun.com/j2se/1.4.2/docs...m/sun/security/auth/module/NTLoginModule.html

will tell you who the logged-in local user is, but unfortunately
doesn't authenticate the password. It might give you some clues as to
what approach to take. (Which obviously would involve JNI calls.) If
you google for "NTLoginModule.java" you can find the source code for
it.



--
Check out QueryForm, a free, open source, Java/Swing-based
front end for relational databases.

http://qform.sourceforge.net

If you're a musician, check out RPitch Relative Pitch
Ear Training Software.

http://rpitch.sourceforge.net