<rt id="bn8ez"></rt>
<label id="bn8ez"></label>

  • <span id="bn8ez"></span>

    <label id="bn8ez"><meter id="bn8ez"></meter></label>

    posts - 23,comments - 12,trackbacks - 0

    Easy Windows Authentication with Tomcat 4.x Category: Java

    The original blog entry by Robert Rasmussen has disappeared from the Internet (cannot find server) so I'm reproducing it here via Google's caching feature. I've made a few changes to pretty up the formatting, but that's about it.


    I've been pulled into a little internal project, and one of the requirements is that users should be able to authenticate with their Windows login and password. IIS may or may not be in the picture.

    Since the server is a Windows 2000 machine, this turns out to be extremely simple to do thanks to Andy Armstrong's JAAS login modules.

    Once you've downloaded the login modules, set your classpath accordingly and make sure that the directory holding NTSystem.dll is in your %PATH% variable. Next, in the "Sample config" folder you'll find a tagish.login file and a java.security.sample file. The last line in the .sample file is significant, and it needs to be in your $JAVA_HOME/jre/lib/security folder (in a file named java.security). You should copy the tagish.login file there as well. If your users will always be logging into the same domain (which is the case in my situation), just set the defaultDomain property in tagish.login, like this:

    NTLogin
    {
        com.tagish.auth.win32.NTSystemLogin required returnNames=true returnSIDs=false defaultDomain=YOUR_DOMAIN_HERE;
    };
    

    Now, all you need to do to use Windows authentication in your webapps is to make one addition to your server.xml file (or to your specific context's definition):

    <Realm className="org.apache.catalina.realm.JAASRealm" debug="99"
           appName="NTLogin"
           userClassNames="com.tagish.auth.win32.NTPrincipal"
           roleClassNames="com.tagish.auth.win32.NTPrincipal" />
    

    I'll admit this config is slightly hokey. If you look at the Catalina JAASCallbackHandler (which is hardwired to JAASRealm), the way that I have the realm configured above pretty much counts on the User principal (in effect, the user name) being the first principal returned. This is evil, but it works. It would be nice if either Catalina allowed a pluggable CallbackHandler so that I could take advantage of the NTPrincipal.getType() method or if Andy's code returned subclasses of NTPrincipal like UserPrincipal or GroupPrincipal that I could specify in server.xml.

    Once you've got this all configured, the various groups your users belong to equate to role names (so if I belong to an administrators group, my authenticated user will be in role "administrators"), and you can configure security in your webapps using these roles.


    二月 17, 2003 04:11 下午 MST Permalink

    反向跟蹤 URL: http://raibledesigns.com/trackback/rd/sunsets/easy_windows_authentication_with_tomcat
    留言:

    Thanks for posting this, Matt.

    {0}發表于 Robert Rasmussen on 2003年02月17日, 09:18 下午 MST #

    I have tired this module and used the form authenication in the tomcat. Howerver, it seems cannot login in successfully as it always go into the pages. Please help!!

    {0}發表于 Jimmy Wong on 2003年02月18日, 12:42 上午 MST #

    Make sure the path to NTSystem.dll is in your PATH environment variable and that tagishauth.jar is in your $CATALINA_HOME/common/lib. Currently, I believe this only works on a Windows machine. HTH, Matt

    {0}發表于 Matt on 2003年02月18日, 07:00 上午 MST #

    If I am running a JVM under an already authenticated NT user, does anyone know how I can easily get the NT domain that the user authenticated to ? Thanks !

    {0}發表于 Nicholas Whitehead on 2003年02月20日, 11:59 上午 MST #

    How can I get Subject in my web application with JAASRealm?

    {0}發表于 Roman Velichko on 2003年08月06日, 12:21 上午 MDT #

    The same way you always have - request.getRemoteUser()

    {0}發表于 Matt Raible on 2003年08月06日, 08:10 上午 MDT #

    This tutorial is out of date...Andy Armstrong updated tagish a few months back...it now has more useful types like NTUserPrincipal and NTGroupPrincipal and a few bug fixes. Also, depending on your requirements, the NTLM functionality added in JDK1.4.2 might help.

    {0}發表于 Robert Rasmussen on 2003年08月06日, 10:58 上午 MDT #

    request.getRemoteUser() does return a String not JAAS's Subject.

    {0}發表于 Tomasz Luczynski on 2004年03月09日, 03:23 上午 MST #

    [Trackback] This is the solution for my previous post. Samba NTLM Authentication: (Get it here.) This package configures exactly as described. I used the example servlet (NtlmHttpAuthExample) included with the package and set up the filter as in the docs. ...

    {0}發表于 Chris Maeda on 2004年07月18日, 10:24 上午 MDT
    站點: http://www.cmaeda.com/index.php?p=22 #

    My blog has current info for setting up Tagish 1.03 with Tomcat5.

    {0}發表于 Chris Maeda on 2004年07月18日, 10:38 上午 MDT
    站點: http://cmaeda.com/index.php?p=22 #

    {0}發表于 69.193.88.30 on 2004年11月09日, 03:12 上午 MST
    站點: http://www.jenniferconnor.com/ #

    {0}發表于 69.193.88.30 on 2004年11月14日, 01:53 上午 MST
    站點: http://www.36busty.com/00005602.shtml #

    {0}發表于 69.42.81.244 on 2005年01月01日, 02:32 上午 MST
    站點: http://www.johnhuron.com/ #

    Hi Matt, Are you still using tagish library with Tomcat 5.x versions?? If yes, could you please point out the final installing directions. With the present blog instructions from Chris Maeda, they doesn't work at all. You can see the problems at http://www.cmaeda.com/index.php?p=22 Please advice. thanks aks

    {0}發表于 Vicky on 2005年04月01日, 10:45 上午 MST #

    I prefer not to put my config in $JAVA_HOME/jre/lib/security/java.security instead, use this property when you start tomcat: -Djava.security.auth.login.config=c:/path/to/your/tagish.login

    {0}發表于 Joe Scalise on 2005年08月08日, 02:41 下午 MDT
    站點: http://www.einvite.com #

    posted on 2005-08-18 11:07 my java 閱讀(632) 評論(0)  編輯  收藏 所屬分類: java身份認證轉帖
    主站蜘蛛池模板: 四虎亚洲国产成人久久精品| 国产小视频在线观看免费| 久久国产亚洲精品麻豆| 一本一道dvd在线观看免费视频 | 91老湿机福利免费体验| 亚洲日本乱码在线观看| 中文字幕无码免费久久| 亚洲大成色www永久网站| 久久这里只精品国产免费10| 亚洲va在线va天堂va四虎 | 亚洲综合校园春色| 在线观看视频免费完整版| 亚洲国产精品一区二区三区在线观看 | 亚洲综合在线另类色区奇米| 中文字幕免费在线看线人动作大片| 亚洲人成网站在线观看青青| 中国一级特黄的片子免费 | 亚洲色在线无码国产精品不卡| 日韩在线天堂免费观看| 少妇亚洲免费精品| 亚洲国产精品成人久久| 一级毛片免费观看| 国产亚洲国产bv网站在线| 日韩电影免费在线观看视频| 污污视频网站免费观看| 亚洲中文字幕无码中文字在线| 免费网站观看WWW在线观看| 亚洲男女性高爱潮网站| 蜜桃精品免费久久久久影院| 一个人看的免费观看日本视频www| 亚洲成AV人片在线观看| 中国在线观看免费国语版| 黄页免费视频播放在线播放| 最新国产AV无码专区亚洲| 国产精品免费网站| 国产亚洲高清在线精品不卡| 亚洲AV午夜成人影院老师机影院| 中文字幕乱码免费视频| 特级毛片爽www免费版| 亚洲日韩乱码久久久久久| 免费在线精品视频|