• Post Reply Bookmark Topic Watch Topic
  • New Topic

Windows Authentication in JSF project  RSS feed

 
Tamas Malatinszki
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,

I have a JSF project running on a JBoss 4.2.2 AS (on a Debian server), and I would like to set up a windows authentication (from Active Directory) for this project. The first problem is I cannot get the username and the password of the user who opened my page. I tried to do this with "com.sun.security.auth.module.NTSystem" class, and it worked fine when I used my JBoss under Windows 2003 server, under Debian I only received an error message about I can use it only in Windows.

Is there any platform-independent solution for this problem?

Thanks,
Tamas
 
Tim Holloway
Bartender
Posts: 18531
61
Android Eclipse IDE Linux
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
There's 2 ways to use Windows security in JEE. The easy way is to connect the appserver to Active Directory using LDAP. In pure Tomcat, there's an LDAP security realm that does this that you set up in the Tomcat application Context. For JBoss, I think that it goes in the jboss configuration file for that webapp. This is all portable Java, and should work the same way under both Windows and Linux - although NOTE: The gcj Java system that's installed as the default JVM under Debian is NOT 100% compliant; you have to use a Sun JVM or equivalent.

There's also a messier and less portable way to authenticate against Windows. It requires a specialized module PLUS changing some desktop browser settings for IE or Firefox. The advantage of that method is that you don't get a separate login for your webapp - since you're already logged into Windows, it inherits your Windows security context. Which can be convenient, as long as you don't need to use a different identity in your webapp and are OK with the idea that being logged into Windows means that anyone who has access to your Windows machine is automatically granted access to the webapp.

The second (more integral) approach is not part of the standard distribution - it requires a third-party add-on, plus, as I said, every computer that wants to use it has to be configured, since that ability is turned off by default (I know that's unusual for Microsoft, but that's how it is). Most people are content just to use the LDAP security Realm.
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!