This week's book giveaway is in the OCMJEA forum.
We're giving away four copies of OCM Java EE 6 Enterprise Architect Exam Guide and have Paul Allen & Joseph Bambara on-line!
See this thread for details.
The moose likes JSP and the fly likes Windows Authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of OCM Java EE 6 Enterprise Architect Exam Guide this week in the OCMJEA forum!
JavaRanch » Java Forums » Java » JSP
Bookmark "Windows Authentication" Watch "Windows Authentication" New topic
Author

Windows Authentication

manoj samarasinghe
Greenhorn

Joined: Nov 17, 2004
Posts: 16
Hi,

i am trying to use Windows Authentication for my struts project.
but i am new to that area. I need to restrict some people by accessing
certain jsp pages. And some pages should be allowed only to view but not to edit.How can i restrict different users for view,edit,... for the same page?

I need a way to disable some links in the main page for certain users.(Those who have non administative rights)

please give mea solution or any resources tutorial etc regarding this.

thanks
manoj


manojmanoj
Niki Nono
Ranch Hand

Joined: Mar 20, 2005
Posts: 256
hi manoj
u must be having the admin and non admin rights for users in the database or file.
just b4 the jsp page opens put a check and disable all the links based on the privileges assigned for the user.
for authentication maybe u can use the prompt alert box for comparing the username and password.
If that isnt what u wanted then i havent understood ur prob properly.


Life called,so here I am.<br />Cheers<br />Niki.:-)
Heonkoo Lee
Ranch Hand

Joined: Feb 10, 2005
Posts: 85
Does your server support JAAS? If so, there must be a way to use LDAP (or Active Directory Service) login module via login configuration xml file. I think the authentication part is relatively easy if you can configure the login module xml file (server-specific) and security constraints in deployment descriptor file correctly. However, tricky part is the authorization because you want fine-grained control.

You can either create fine-grained roles in LDAP or use combination of roles defined in LDAP and page access attributes (read-only or edit) stored in database. When user logs in, you probably want to gather user's role info and access attributes to put them in his session. Also, you need to make sure to update the attributes table if a new user account is added to the LDAP server.

Hope this helps.

Good luck!
Paul Sturrock
Bartender

Joined: Apr 14, 2004
Posts: 10336

Why specifically do you want to use a Windows authentication mechanism? Do you have a requirement for single sign on, or could you tolerate a different mechanism for your app? I ask because single sign on is quite involved and authentication mechanisms provided with container are much easier to get to grips with.

If you do have to use windows for authentication, you've got a couple of routes you can explore. Have a look at the NTLM authentication scheme and download Samba. Alternatively look at Kerberos (and NTLM) and Taglish. Both use JAAS - so if you don't know how that works start by looking at this API.


JavaRanch FAQ HowToAskQuestionsOnJavaRanch
Poobhathy Kannan
Ranch Hand

Joined: May 26, 2004
Posts: 94
Chris Maeda gives instructions for configuring Tomcat for JAAS-based Windows authentication.

Have a look here


it would help you.


http://learnertobeginner.blogspot.com/
Jeroen Wenting
Ranch Hand

Joined: Oct 12, 2000
Posts: 5093
sounds more like another "I want my serverside application to access the client computer directly" kind of question...


42
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Windows Authentication