• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Windows authentication in JSF application

 
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi all

We are developing a web application using JSF and Hibernate on Tomcat.For this we want to get windows authentication.Can someone help me on this ? Is it possible to get windows authentication in a java web application ? Thanks in advance.
 
Saloon Keeper
Posts: 27763
196
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Yes, it is, but it's not easy. It also gets much harder if you want to use it for open Internet applications, since Windows Authentication means that you're also creating accounts on your LAN. Hopefully all you want is in-house use.

Windows Authentication in J2EE webapps requires that your web application server use a single-signon approach so that you'll inherit the security rights from your desktop. Otherwise, just use Active Directory as an LDAP authenticator and make the users sign onto the webapps separately.

You'll need a special realm authenticator for Windows SSO, but I don't remember the options available (and they'd be out of date). Also, it depends on what you're using for a J2EE appserver, since the external security infrastructure is server-dependent.

The trickier part is that in a rare (for Microsoft) moment of insight, Internet Explorer comes with access disabled for Windows webapp security. You have to switch it on for each individual client, unless they changed that and I didn't hear about it.

Other than installing and configuring the appropriate security realm and enabling the user's browsers, the actual authentication and authorization environment is the same for JSF and non-JSF JEE webapps.

All of the above, of course, assumes that you intend to use the standard J2EE container-based security system. Which I recommend for a long list of reasons. One of which is that if you use a non-standard security system, none of the above information will be of any use to you.
 
Duleep Thivanka
Greenhorn
Posts: 10
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks Tim for your thoughts.It was really helpful
 
I want my playground back. Here, I'll give you this tiny ad for it:
a bit of art, as a gift, the permaculture playing cards
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic