Meaningless Drivel is fun!
The moose likes Security and the fly likes Can silent login be achieved? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "Can silent login be achieved?" Watch "Can silent login be achieved?" New topic

Can silent login be achieved?

Kelly Dolan
Ranch Hand

Joined: Jan 08, 2002
Posts: 109
I have a JBoss web application that currently uses FORM-based authentication to request a userid/password from a user and once submitted, a custom login module contacts a custom security service to authenticate the user. This works perfectly.

I now want to change this scenario to be able to auto-detect the userid/password with which the user logged into his Windows workstation, pass this information along with the initial HTTP request, have the custom login module contact the custom security service and authenticate the user. In the case the credentials are not valid, display the "denied" version of the form and let the user enter a different userid/password.

I have been researching this, read many articles about windows integration authentication and tried to prototype something that works. I have applied changes to IE as the articles describe but I bypass the instructions for configuring the server to use login modules that authenticate the credentials with Windows itself because this is not what I need to do. Unfortunately, I have yet to get my scenario to work.

Has anyone ever tried to do this? Does anyone know if it is even possible? All thoughts, suggestions, etc. are greatly appreciated.

Ulf Dittmer

Joined: Mar 22, 2005
Posts: 42965
This blog entry talks about using the Windows Login for web apps, and indicates that it is possible without too much work.
I agree. Here's the link:
subject: Can silent login be achieved?
It's not a secret anymore!