• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Windwos Authentication using local window xp users and Tomcat (Prompt window to the users)

 
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
In simple words I want to acheive this:

· User opens Internet explorer and write the URL to the page hosted on the Tomcat server
· Tomcat asks for user authentication
· Browser prompts user for Windows user name and pwd in dialog box
· Browser sends username and pwd to tomcat· Tomcat recieves user/pwd and validate againest the Windows XP local user account.
. Windows Domain server responds 'user good'
. Tomcat considers user authenticated, send requested page to browser.

Windows XP local user mean to Right Click on - My Computer - Manage- Users & Groups.

 
Saloon Keeper
Posts: 27762
196
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
You can define container-managed security using the security elements in your webapp's web.xml file. That will instruct Tomcat to present a login when a secured URL is accessed. Depending on the options you set that can be a pop-up window or a JSP form. For external apps, the form is preferable because the encryption options on the popup are extremely feeble. In-house it may not matter.

To authenticate the userid/password, you define a Tomcat security Realm. There's an LDAP realm that can be used to authenticate against Active Directory. A lot of people do this, and it can be tricky to get set up, especially if you're not an LDAP expert, but it only has to be done once.

This isn't an "AYHTDI" (All You Have To Do Is) sort of task. There's a fair amount of work, and it's complicated enough that I recommend you read the J2EE and Tomcat docs, because there's a limit on how much complicated stuff we can spend time explaining here. But it's worth it.
 
Ramesh James
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Sorry to say but in my last post I said I need to validate with local window xp users. later on I came to know that I need to validate users with AD (Active Directory). I made changes in server.xml and create new JNDI realm.
Please find the below code for server.xml
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"

connectionURL="ldap://servername.r1-core.r1.xyz.net:389"
connectionName="USERNAME@R1-CORE"
connectionPassword="*******"
referrals="follow"
userPattern="cn={0},DC=r1-core,DC=r1,DC=aig,DC=net"
userSearch="(sAMAccountName={0})"
userRoleName="memberOf"
userSubTree="true"
/>

Here R1-CORE is domin.

I am already user on R1-CORE domain so I have given my name userid & pwd for R1-Core Domain for connectionName & connectionPassword.

Please find the below code for web.xml.
<security-constraint>
<display-name>Example Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Sample</web-resource-name>
<!-- Define the context-relative URL(s) to be protected -->
<url-pattern>/*</url-pattern>
</web-resource-collection>

<auth-constraint>
<!-- Anyone with one of the listed roles may access this area Active-Directory-Group-Name-->
<role-name>Users</role-name>
</auth-constraint>
</security-constraint>

<!-- Default login configuration uses form-based authentication -->
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>JNDIRealm</realm-name>
</login-config>

<!-- Security roles referenced by this web application -->
<security-role>
<role-name>Users</role-name>
</security-role>

After that I have restarted the tomcat and hit the url http://localhost:8080/Sample/index.html. window throw popup for login. I entered username (R1-CORE\usrname) & pwd(********) and tomcat has thrown below error.

an 14, 2010 11:48:32 AM org.apache.catalina.realm.JNDIRealm authenticate
SEVERE: Exception performing authentication
javax.naming.InvalidNameException: cn=R1-CORE\usrname,DC=r1-core,DC=r1,DC=xyz,DC=net: [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090654, comment: Error processing name, data 0, vece

After that I have restarted the tomcat and hit the url http://localhost:8080/Sample/index.html. window throw popup for login. I entered username (usrname) without domin R1-CORE & pwd(********) and tomcat has not doing any thing. I mean stop all the activity.


Please suggest !!

 
Greenhorn
Posts: 19
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Have you looked at this single sign-on project... http://spnego.sourceforge.net/

The setup looks overwhelming but as long as you follow the instructions and just
do what you're told, it's actually pretty straight forward.

 
My first bit of advice is that if you are going to be a mime, you shouldn't talk. Even the tiny ad is nodding:
a bit of art, as a gift, the permaculture playing cards
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic