• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • Liutauras Vilda
  • Jeanne Boyarsky
  • paul wheaton
Sheriffs:
  • Ron McLeod
  • Devaka Cooray
  • Henry Wong
Saloon Keepers:
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Tim Moores
  • Mikalai Zaikin
Bartenders:
  • Frits Walraven

SQL Server integrated security and Java Web Application

 
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello guys,
hope you will help me to understand couple of things.

I am developing web application, which makes additional configurations to desktop application. All of configuration stuff is saved within db.

I use Hibernate for work with database. Database server is: SQL Server 2005. Web server/servlet container: Tomcat 6.

I want users to use windows integrated security so they will access database via their NT account. There will be a chance to track modifications made by users.

There is no need to create additional credentials in case I can use Windows NT login and password.

Can someone help me with this task?

I imagine it like this:

There should be 'Sign in' page where user can enter his/her nt login and password, this information should be verified against Active Directory. If such user exists in AD -- should be saved in the session. Also Filter could be created, which will fire before servlet each time verifying if user object exists in session.
But I do not know how this login and password could be wired with SQL Server integrated security.

In desktop applications -- it is clear, but what to do in web ones?

If someone will provide me with good written tutorial or suggestions, it will be great!

Thanks in advance.
 
Bartender
Posts: 2662
19
Netbeans IDE C++ Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Welcome to JavaRanch, Ihor.
 
Ihor Mochurad
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks Jan,
do you have some information regarding my question?
 
Bartender
Posts: 10336
Hibernate Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Saving a password in the session should be unneccessary, and something of a security hole (though not a major one). A better solution would be to implement single sign on in your web application and in the JDBC connection. jTDS supports NTLM, as does something like jcifs (but note the NTLMv2 limitation for that particular product).
 
Ihor Mochurad
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hello Paul,

Thanks for your reply.

I agree with you that there is no need to save user's password inside session object.
Also I read some general info about jDTS, but I can't find explenation how it could be done for my specific case.

If you have a link to working sample, please, provide me with.

Thanks again!
 
Paul Sturrock
Bartender
Posts: 10336
Hibernate Eclipse IDE Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
No, I don't have a link to a working example (its not a very common thing to try to do, so you might struggle to find one). But jTDS talks about doing this in its FAQs and JCIFs comes with examples. I'd start there.

 
Ihor Mochurad
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Ok, I am going to try jTDS and promise to give my feedback here.
 
Alas, poor Yorick, he knew this tiny ad:
Gift giving made easy with the permaculture playing cards
https://coderanch.com/t/777758/Gift-giving-easy-permaculture-playing
reply
    Bookmark Topic Watch Topic
  • New Topic