hope you will help me to understand couple of things.
I am developing web application, which makes additional configurations to desktop application. All of configuration stuff is saved within db.
I use Hibernate for work with database. Database server is: SQL Server 2005. Web server/servlet container: Tomcat 6.
I want users to use windows integrated security so they will access database via their NT account. There will be a chance to track modifications made by users.
There is no need to create additional credentials in case I can use Windows NT login and password.
Can someone help me with this task?
I imagine it like this:
There should be 'Sign in' page where user can enter his/her nt login and password, this information should be verified against Active Directory. If such user exists in AD -- should be saved in the session. Also Filter could be created, which will fire before servlet each time verifying if user object exists in session.
But I do not know how this login and password could be wired with SQL Server integrated security.
In desktop applications -- it is clear, but what to do in web ones?
If someone will provide me with good written tutorial or suggestions, it will be great!
Saving a password in the session should be unneccessary, and something of a security hole (though not a major one). A better solution would be to implement single sign on in your web application and in the JDBC connection. jTDS supports NTLM, as does something like jcifs (but note the NTLMv2 limitation for that particular product).
No, I don't have a link to a working example (its not a very common thing to try to do, so you might struggle to find one). But jTDS talks about doing this in its FAQs and JCIFs comes with examples. I'd start there.
Joined: Mar 09, 2010
Ok, I am going to try jTDS and promise to give my feedback here.
subject: SQL Server integrated security and Java Web Application