Win a copy of Learn Spring Security (video course) this week in the Spring forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

SQL Server integrated security and Java Web Application

 
Ihor Mochurad
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello guys,
hope you will help me to understand couple of things.

I am developing web application, which makes additional configurations to desktop application. All of configuration stuff is saved within db.

I use Hibernate for work with database. Database server is: SQL Server 2005. Web server/servlet container: Tomcat 6.

I want users to use windows integrated security so they will access database via their NT account. There will be a chance to track modifications made by users.

There is no need to create additional credentials in case I can use Windows NT login and password.

Can someone help me with this task?

I imagine it like this:

There should be 'Sign in' page where user can enter his/her nt login and password, this information should be verified against Active Directory. If such user exists in AD -- should be saved in the session. Also Filter could be created, which will fire before servlet each time verifying if user object exists in session.
But I do not know how this login and password could be wired with SQL Server integrated security.

In desktop applications -- it is clear, but what to do in web ones?

If someone will provide me with good written tutorial or suggestions, it will be great!

Thanks in advance.
 
Jan Cumps
Bartender
Posts: 2584
11
C++ Linux Netbeans IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Welcome to JavaRanch, Ihor.
 
Ihor Mochurad
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Jan,
do you have some information regarding my question?
 
Paul Sturrock
Bartender
Posts: 10336
Eclipse IDE Hibernate Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Saving a password in the session should be unneccessary, and something of a security hole (though not a major one). A better solution would be to implement single sign on in your web application and in the JDBC connection. jTDS supports NTLM, as does something like jcifs (but note the NTLMv2 limitation for that particular product).
 
Ihor Mochurad
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello Paul,

Thanks for your reply.

I agree with you that there is no need to save user's password inside session object.
Also I read some general info about jDTS, but I can't find explenation how it could be done for my specific case.

If you have a link to working sample, please, provide me with.

Thanks again!
 
Paul Sturrock
Bartender
Posts: 10336
Eclipse IDE Hibernate Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
No, I don't have a link to a working example (its not a very common thing to try to do, so you might struggle to find one). But jTDS talks about doing this in its FAQs and JCIFs comes with examples. I'd start there.

 
Ihor Mochurad
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ok, I am going to try jTDS and promise to give my feedback here.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic