aspose file tools*
The moose likes JDBC and the fly likes SQL Server integrated security and Java Web Application Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Java 8 in Action this week in the Java 8 forum!
JavaRanch » Java Forums » Databases » JDBC
Bookmark "SQL Server integrated security and Java Web Application" Watch "SQL Server integrated security and Java Web Application" New topic
Author

SQL Server integrated security and Java Web Application

Ihor Mochurad
Greenhorn

Joined: Mar 09, 2010
Posts: 4
Hello guys,
hope you will help me to understand couple of things.

I am developing web application, which makes additional configurations to desktop application. All of configuration stuff is saved within db.

I use Hibernate for work with database. Database server is: SQL Server 2005. Web server/servlet container: Tomcat 6.

I want users to use windows integrated security so they will access database via their NT account. There will be a chance to track modifications made by users.

There is no need to create additional credentials in case I can use Windows NT login and password.

Can someone help me with this task?

I imagine it like this:

There should be 'Sign in' page where user can enter his/her nt login and password, this information should be verified against Active Directory. If such user exists in AD -- should be saved in the session. Also Filter could be created, which will fire before servlet each time verifying if user object exists in session.
But I do not know how this login and password could be wired with SQL Server integrated security.

In desktop applications -- it is clear, but what to do in web ones?

If someone will provide me with good written tutorial or suggestions, it will be great!

Thanks in advance.
Jan Cumps
Bartender

Joined: Dec 20, 2006
Posts: 2477
    
    7

Welcome to JavaRanch, Ihor.


OCUP UML fundamental and ITIL foundation
youtube channel
Ihor Mochurad
Greenhorn

Joined: Mar 09, 2010
Posts: 4
Thanks Jan,
do you have some information regarding my question?
Paul Sturrock
Bartender

Joined: Apr 14, 2004
Posts: 10336

Saving a password in the session should be unneccessary, and something of a security hole (though not a major one). A better solution would be to implement single sign on in your web application and in the JDBC connection. jTDS supports NTLM, as does something like jcifs (but note the NTLMv2 limitation for that particular product).


JavaRanch FAQ HowToAskQuestionsOnJavaRanch
Ihor Mochurad
Greenhorn

Joined: Mar 09, 2010
Posts: 4
Hello Paul,

Thanks for your reply.

I agree with you that there is no need to save user's password inside session object.
Also I read some general info about jDTS, but I can't find explenation how it could be done for my specific case.

If you have a link to working sample, please, provide me with.

Thanks again!
Paul Sturrock
Bartender

Joined: Apr 14, 2004
Posts: 10336

No, I don't have a link to a working example (its not a very common thing to try to do, so you might struggle to find one). But jTDS talks about doing this in its FAQs and JCIFs comes with examples. I'd start there.

Ihor Mochurad
Greenhorn

Joined: Mar 09, 2010
Posts: 4
Ok, I am going to try jTDS and promise to give my feedback here.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: SQL Server integrated security and Java Web Application
 
Similar Threads
Question about designing a web-service security mechanism used with desktop client
Glasfish: JDBC Realm and Session Tracking.
jdbc:odbc password definition
EJB, JDBC Realm, Session tracking
IIS Integrated Authentication + Tomcat Form-based (or basic) Authentication