Can Windows/Unix user id used in basic authentication in Tomcat


EJB design: Can Windows/Unix user id used in basic authentication in Tomcat

  1. Hi,

    Can we use Windows/unix Login user id and password in
    web application using tomcat web server.


    Threaded Messages (6)

  2. Hi Mailo,

    Yes it can be done, you need to write yourself an authentication realm which interfaces with your chosen authentication store. In the Tomcat docs read webapps\tomcat-docs\realm-howto.html

  3. thanks Max[ Go to top ]

    Hi Max,

    thanks for replay .
    I will check it out.
  4. Mailo,

       As you have mentioned, there are basic authentication provided by tomcat. but the question still remains how to write my authentication realm classes for windows authentication. do you know any documentation which will give me details of realm api for tomcat. and later I can build my own windows authentication ?

  5. realms usage[ Go to top ]

    Hi Max ,I checked on realm for tomcat
    but there are three type of realm to facilate container managed security.
    1. For picking up exsiting userid/password from given Database.
    2.For picking for directory structure using LDAP
    3.Loading from xml file at start up or intial point.

    i am intrested in picking up from exsiting files provided by
    unix/windows systems ,but it needs LDAP configuration.

    Can any body help is there any way to by pass LDAP and use
    windows /unix userid and password directly throgh some plug-in way or else way out.

    A million $:) From --Mailo
  6. realms usage[ Go to top ]

    Hi Mailo

    You'll have to write your own realm. Implement the correct interfaces and configure the server to use it. Read the docs for this. You'll have to google for integration to ADSI(Windows) or NIS(solaris) or "Insert what you need here". I dug up a couple, I remember doing this a long time ago, so things might have changed.

    1) Java to COM bridge, Sun had a product but this has been discontinued. One public product I could find was J Integra but there are probably others Click here

    2) JNDI providers for NIS (and others) from Sun

  7. realms usage - Reloaded[ Go to top ]

    Max, Mailo

       I am looking in for ready to use solution on this problem. Haven’t got any break yet. The reason I am looking for off-the-shelf solution is it will be a pretty common problem for a big community. At least people, who are in "intranet" development, will need to authenticate their users on domain realm.

      I was going through Servlet specs and here is what it says about Basic Authentication.

    =============> extract from servlet specs
    Final Version
    SRV.12.5.1 HTTP Basic Authentication
    HTTP Basic Authentication, which is based on a username and password, is the
    authentication mechanism defined in the HTTP/1.0 specification. A web server
    requests a web client to authenticate the user. As part of the request, the web server
    passes the realm (a string) in which the user is to be authenticated. The realm string
    of Basic Authentication does not have to reflect any particular security policy
    domain (confusingly also referred to as a realm). The web client obtains the
    username and the password from the user and transmits them to the web server. The
    web server then authenticates the user in the specified realm.
    Basic Authentication is not a secure authentication protocol. User passwords
    are sent in simple base64 encoding, and the target server is not authenticated.
    Additional protection can alleviate some of these concerns: a secure transport
    mechanism (HTTPS), or security at the network level (such as the IPSEC protocol
    or VPN strategies) is applied in some deployment scenarios.
    =============> end of extract

    >>>A web server
    >>>requests a web client to authenticate the user. As part of the request, the
    >>>web server
    >>>passes the realm (a string) in which the user is to be authenticated.

    This part is confusing, as it says that "web server" requests the client to authenticate the user??????????? Huh??????

    Can you guys please elaborate on the same?