• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Windows Authentication in JSF project

 
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi All,

I have a JSF project running on a JBoss 4.2.2 AS (on a Debian server), and I would like to set up a windows authentication (from Active Directory) for this project. The first problem is I cannot get the username and the password of the user who opened my page. I tried to do this with "com.sun.security.auth.module.NTSystem" class, and it worked fine when I used my JBoss under Windows 2003 server, under Debian I only received an error message about I can use it only in Windows.

Is there any platform-independent solution for this problem?

Thanks,
Tamas
 
Saloon Keeper
Posts: 27763
196
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
There's 2 ways to use Windows security in JEE. The easy way is to connect the appserver to Active Directory using LDAP. In pure Tomcat, there's an LDAP security realm that does this that you set up in the Tomcat application Context. For JBoss, I think that it goes in the jboss configuration file for that webapp. This is all portable Java, and should work the same way under both Windows and Linux - although NOTE: The gcj Java system that's installed as the default JVM under Debian is NOT 100% compliant; you have to use a Sun JVM or equivalent.

There's also a messier and less portable way to authenticate against Windows. It requires a specialized module PLUS changing some desktop browser settings for IE or Firefox. The advantage of that method is that you don't get a separate login for your webapp - since you're already logged into Windows, it inherits your Windows security context. Which can be convenient, as long as you don't need to use a different identity in your webapp and are OK with the idea that being logged into Windows means that anyone who has access to your Windows machine is automatically granted access to the webapp.

The second (more integral) approach is not part of the standard distribution - it requires a third-party add-on, plus, as I said, every computer that wants to use it has to be configured, since that ability is turned off by default (I know that's unusual for Microsoft, but that's how it is). Most people are content just to use the LDAP security Realm.
reply
    Bookmark Topic Watch Topic
  • New Topic