Home.... | log in.... | Pub my question! | Sign-up....
Java-index >> Security >> Kerberos & Java GSS (JGSS)

Http Authentication server side

I searched the internetand this forum a lot without finding a non commercial solution to this common scenario.

Inside an active directory based intranet I would like to authenticate the users who access a java web application running on Tomcat.

The requisites to meet are:

- the users connect with IE6 and they are authenticated with their login credentials using Kerberos.

- the application needs to know the name of the user.

The web application will run with a specific windows account. Is there a way to perform a task using the credentials of the authenticated user ?

What I'm looking for is an implementation of the following scenario: User John connects to the web application and besides other tasks, read/writes files from a directory where only John has permissions to do (as configured through windows acl).

Thanks for any help.

Filippo

[903 byte] By [setecastronomya] at [2007-11-27 3:32:40]
«« Temporarily disable mouselistener in a method
»» "Inatall My own program to windows"
# 1

So far as I know, to do this you would have to run the server side of HTTP Negotiate (SPNEGO) in Tomcat. This protocol uses HTTP Authorization exchanges to carry out the GSS-API exchange that allows Tomcat to trust the browser user's identity. In this context the GSS-API mechanism would be Kerberos (or NTLM if Kerberos failed). The browser (if HTTP Negotiate capable, like IE) would send Kerberos credentials to the server during the context exchange, thereby achieving what you want.

I believe this is what commercial products like Vintela and IT Practice do.

Question to the Sun developers: SE6 supports the client side of HTTP Negotiate (so a Java client can talk to e.g. IIS). Are there any plans to support the server side? The case of IE/Windows workstations accessing Java web servers/servlet engines is a much more common requirement than "the other way round".

Thanks,

Alec

alec_gilchrista at 2007-7-12 8:35:42 > top of Java-index,Security,Kerberos & Java GSS (JGSS)...
Security
Kerberos & Java GSS (JGSS)

Security New Topic

Security Hot Topic

Security

All Classified