EJB design: Can Windows/Unix user id used in basic authentication in Tomcat
- Posted by: Mailo Sailo
- Posted on: May 21 2003 02:56 EDT
Can we use Windows/unix Login user id and password in
web application using tomcat web server.
- Can Windows/Unix user id used in basic authentication in Tomcat by Max Kington on May 21 2003 04:34 EDT
- thanks Max by Mailo Sailo on May 21 2003 06:25 EDT
- Can Windows/Unix user id used in basic authentication in Tomcat by Chetans on May 21 2003 06:36 EDT
Yes it can be done, you need to write yourself an authentication realm which interfaces with your chosen authentication store. In the Tomcat docs read webapps\tomcat-docs\realm-howto.html
thanks for replay .
I will check it out.
As you have mentioned, there are basic authentication provided by tomcat. but the question still remains how to write my authentication realm classes for windows authentication. do you know any documentation which will give me details of realm api for tomcat. and later I can build my own windows authentication ?
Hi Max ,I checked on realm for tomcat
but there are three type of realm to facilate container managed security.
1. For picking up exsiting userid/password from given Database.
2.For picking for directory structure using LDAP
3.Loading from xml file at start up or intial point.
i am intrested in picking up from exsiting files provided by
unix/windows systems ,but it needs LDAP configuration.
Can any body help is there any way to by pass LDAP and use
windows /unix userid and password directly throgh some plug-in way or else way out.
A million $:) From --Mailo
You'll have to write your own realm. Implement the correct interfaces and configure the server to use it. Read the docs for this. You'll have to google for integration to ADSI(Windows) or NIS(solaris) or "Insert what you need here". I dug up a couple, I remember doing this a long time ago, so things might have changed.
1) Java to COM bridge, Sun had a product but this has been discontinued. One public product I could find was J Integra but there are probably others Click here
2) JNDI providers for NIS (and others) from Sun
I am looking in for ready to use solution on this problem. Havent got any break yet. The reason I am looking for off-the-shelf solution is it will be a pretty common problem for a big community. At least people, who are in "intranet" development, will need to authenticate their users on domain realm.
I was going through Servlet specs and here is what it says about Basic Authentication.
=============> extract from servlet specs
SRV.12.5.1 HTTP Basic Authentication
HTTP Basic Authentication, which is based on a username and password, is the
authentication mechanism defined in the HTTP/1.0 specification. A web server
requests a web client to authenticate the user. As part of the request, the web server
passes the realm (a string) in which the user is to be authenticated. The realm string
of Basic Authentication does not have to reflect any particular security policy
domain (confusingly also referred to as a realm). The web client obtains the
username and the password from the user and transmits them to the web server. The
web server then authenticates the user in the specified realm.
Basic Authentication is not a secure authentication protocol. User passwords
are sent in simple base64 encoding, and the target server is not authenticated.
Additional protection can alleviate some of these concerns: a secure transport
mechanism (HTTPS), or security at the network level (such as the IPSEC protocol
or VPN strategies) is applied in some deployment scenarios.
=============> end of extract
>>>A web server
>>>requests a web client to authenticate the user. As part of the request, the
>>>passes the realm (a string) in which the user is to be authenticated.
This part is confusing, as it says that "web server" requests the client to authenticate the user??????????? Huh??????
Can you guys please elaborate on the same?