Home.... | log in.... | Pub my question! | Sign-up....
Java-index >> Security >> Other Security APIs, Tools, and Issues

Windows Authentication

Hi all,

I have to implement a Java web application (runing on IIS) with Windows Authentication's feature as follow:

1. If the client's Windows user has logged into a specified domain (example: AAA) then using the Intergrated Windows Authentication and user's information is retrieved for later processing.

2. If client's Windows user domain is not the specified domain (AAA) then using Basic Authentication -> the Network Password Dialog is displayed. After that the user's information is also retrieved for later processing.

I have used the JCIFS NTLM HTTP Authentication (http://jcifs.samba.org/src/docs/ntlmhttpauth.html) to implement this feature. It works fine, but I can not retrieve the user's information in the servlet application.

Any idea ?

Thanks in advance !

[823 byte] By [munumberonea] at [2007-11-26 15:12:55]
«« reflect and create
»» problem with mysql connector while porting the application to linux
# 1
Sorry, but what does a "Java web application (runing on IIS)" mean? As I know, there are 3 kinds of Java applications that live on a web server:1. An applet2. A Java WebStart app3. A servlet or JSP on a Java EE server
wangwja at 2007-7-8 9:04:04 > top of Java-index,Security,Other Security APIs, Tools, and Issues...
# 2
Thanks for your care. My application is servlet.
munumberonea at 2007-7-8 9:04:04 > top of Java-index,Security,Other Security APIs, Tools, and Issues...
# 3
I'm not familiar with servlets deploying on IIS. I know if it's a normal file, you can just right click the file in IIS manager and add the 2 authentication schemes you need.Have you tried checking the REMOTE_USER environment variable from the servlet?
wangwja at 2007-7-8 9:04:04 > top of Java-index,Security,Other Security APIs, Tools, and Issues...
# 4
Thanks for your suggestion, If I changed to Tomcat server the feature is OK ? If yes, what's the solution ?
munumberonea at 2007-7-8 9:04:04 > top of Java-index,Security,Other Security APIs, Tools, and Issues...
# 5

Sorry, I don't know how to play Tomcat with Windows Authentication.

However, I know that CGI programs (say, Perl) running in IIS knows about the info of the client when Windows Integrated Authentication is on by looking for the environment variable REMOTE_USER. I hope a Java servlet can also see it.

wangwja at 2007-7-8 9:04:04 > top of Java-index,Security,Other Security APIs, Tools, and Issues...
# 6
I used getRemoteUser() function to get the user name but it return null !Can you help me ?
munumberonea at 2007-7-8 9:04:04 > top of Java-index,Security,Other Security APIs, Tools, and Issues...
# 7
I take a look at http://jcifs.samba.org/src/docs/ntlmhttpauth.html. It did says "getRemoteUser does not return null."
wangwja at 2007-7-8 9:04:04 > top of Java-index,Security,Other Security APIs, Tools, and Issues...
# 8
It is now OK ! Thank you !
munumberonea at 2007-7-8 9:04:04 > top of Java-index,Security,Other Security APIs, Tools, and Issues...
# 9
You're welcome, I really have no idea how I helped you. ;)
wangwja at 2007-7-8 9:04:04 > top of Java-index,Security,Other Security APIs, Tools, and Issues...
# 10
Hi,Could you please let me know how you could implement the integrated windows authentication using JAVA.Thanks!
java_savvya at 2007-7-8 9:04:04 > top of Java-index,Security,Other Security APIs, Tools, and Issues...
Security
Other Security APIs, Tools, and Issues

Security New Topic

Security Hot Topic

Security

All Classified