It's not a secret anymore!*
The moose likes Tomcat and the fly likes Windwos  Authentication using local window xp users and Tomcat (Prompt window to the users) Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Products » Tomcat
Bookmark "Windwos  Authentication using local window xp users and Tomcat (Prompt window to the users)" Watch "Windwos  Authentication using local window xp users and Tomcat (Prompt window to the users)" New topic
Author

Windwos Authentication using local window xp users and Tomcat (Prompt window to the users)

Ramesh James
Greenhorn

Joined: Jan 12, 2010
Posts: 3
In simple words I want to acheive this:

· User opens Internet explorer and write the URL to the page hosted on the Tomcat server
· Tomcat asks for user authentication
· Browser prompts user for Windows user name and pwd in dialog box
· Browser sends username and pwd to tomcat· Tomcat recieves user/pwd and validate againest the Windows XP local user account.
. Windows Domain server responds 'user good'
. Tomcat considers user authenticated, send requested page to browser.

Windows XP local user mean to Right Click on - My Computer - Manage- Users & Groups.

Tim Holloway
Saloon Keeper

Joined: Jun 25, 2001
Posts: 16012
    
  19

You can define container-managed security using the security elements in your webapp's web.xml file. That will instruct Tomcat to present a login when a secured URL is accessed. Depending on the options you set that can be a pop-up window or a JSP form. For external apps, the form is preferable because the encryption options on the popup are extremely feeble. In-house it may not matter.

To authenticate the userid/password, you define a Tomcat security Realm. There's an LDAP realm that can be used to authenticate against Active Directory. A lot of people do this, and it can be tricky to get set up, especially if you're not an LDAP expert, but it only has to be done once.

This isn't an "AYHTDI" (All You Have To Do Is) sort of task. There's a fair amount of work, and it's complicated enough that I recommend you read the J2EE and Tomcat docs, because there's a limit on how much complicated stuff we can spend time explaining here. But it's worth it.


Customer surveys are for companies who didn't pay proper attention to begin with.
Ramesh James
Greenhorn

Joined: Jan 12, 2010
Posts: 3
Sorry to say but in my last post I said I need to validate with local window xp users. later on I came to know that I need to validate users with AD (Active Directory). I made changes in server.xml and create new JNDI realm.
Please find the below code for server.xml
<Realm className="org.apache.catalina.realm.JNDIRealm" debug="99"

connectionURL="ldap://servername.r1-core.r1.xyz.net:389"
connectionName="USERNAME@R1-CORE"
connectionPassword="*******"
referrals="follow"
userPattern="cn={0},DC=r1-core,DC=r1,DC=aig,DC=net"
userSearch="(sAMAccountName={0})"
userRoleName="memberOf"
userSubTree="true"
/>

Here R1-CORE is domin.

I am already user on R1-CORE domain so I have given my name userid & pwd for R1-Core Domain for connectionName & connectionPassword.

Please find the below code for web.xml.
<security-constraint>
<display-name>Example Security Constraint</display-name>
<web-resource-collection>
<web-resource-name>Sample</web-resource-name>
<!-- Define the context-relative URL(s) to be protected -->
<url-pattern>/*</url-pattern>
</web-resource-collection>

<auth-constraint>
<!-- Anyone with one of the listed roles may access this area Active-Directory-Group-Name-->
<role-name>Users</role-name>
</auth-constraint>
</security-constraint>

<!-- Default login configuration uses form-based authentication -->
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>JNDIRealm</realm-name>
</login-config>

<!-- Security roles referenced by this web application -->
<security-role>
<role-name>Users</role-name>
</security-role>

After that I have restarted the tomcat and hit the url http://localhost:8080/Sample/index.html. window throw popup for login. I entered username (R1-CORE\usrname) & pwd(********) and tomcat has thrown below error.

an 14, 2010 11:48:32 AM org.apache.catalina.realm.JNDIRealm authenticate
SEVERE: Exception performing authentication
javax.naming.InvalidNameException: cn=R1-CORE\usrname,DC=r1-core,DC=r1,DC=xyz,DC=net: [LDAP: error code 34 - 0000208F: LdapErr: DSID-0C090654, comment: Error processing name, data 0, vece

After that I have restarted the tomcat and hit the url http://localhost:8080/Sample/index.html. window throw popup for login. I entered username (usrname) without domin R1-CORE & pwd(********) and tomcat has not doing any thing. I mean stop all the activity.


Please suggest !!

Pat Gonzalez
Greenhorn

Joined: Oct 18, 2009
Posts: 19

Have you looked at this single sign-on project... http://spnego.sourceforge.net/

The setup looks overwhelming but as long as you follow the instructions and just
do what you're told, it's actually pretty straight forward.

 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Windwos Authentication using local window xp users and Tomcat (Prompt window to the users)