Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Windows Authentication for Java Based web applications, How to?

I have a couple of Java-based web applications developed. Both the applications have separate Authentication logic based on some ActiveX directory implementation.

Now, I need to change this to Windows authentication so that whenever the user hits the URLs of my web applications, instead of redirecting him to login page I need to check his Windows credentials.

I do not want to store his windows credentials in URL.

Is there any good way to do this ?

like image 881
finepax007 Avatar asked Mar 19 '12 16:03

finepax007


People also ask

How do I use Windows authentication in Java?

If you want to restrict the users of an application, the first solution is to make them authenticate themselves. The user enters his or her user name and password and after successful verification of the values the program can be used.

How do I authenticate a Java application?

JAAS provides a standard pluggable authentication framework (PAM) for the Java platform. An application uses the JAAS API to perform authentication - the process of verifying the identity of the user who is using the application and gathering his identity information into a container called a subject.

What authentication method does Windows use?

The Windows operating system implements a default set of authentication protocols, including Kerberos, NTLM, Transport Layer Security/Secure Sockets Layer (TLS/SSL), and Digest, as part of an extensible architecture.


2 Answers

Depending on the level of integration you want your web application to have, Spring Security should have you covered in just about all aspects of what you are after.

If redirecting to a login page and authenticating the entered credentials against an Active Directory server via LDAP is acceptable, then the LDAP extension is the way to go.

If you want more of a Single Sign On (SSO) flow and your users are already authenticated against the authoritative Active Directory server in question (eg. they are logged in to the domain), then the Kerberos plugin for Spring Security may be more appealing, since your users will simply have to go to the web application and won't have to go through any other authentication steps. The systems will take care of it behind the scenes.

You can also combine / layer these approaches if you which and try Kerberos-based authentication first and if that falls through, fall back to a login form and LDAP-based authentication.

If you need to go beyond that, Spring Security is flexible enough to allow you to use OpenID or in-app authentication as well if needed.

like image 167
cdeszaq Avatar answered Oct 19 '22 21:10

cdeszaq


I'd recommending using Active Directory to expose it's windows authentication layer over LDAP, which can then be hit by something like Spring Security.

This would effectively force anyone using your application to use their windows login.

like image 2
Roy Truelove Avatar answered Oct 19 '22 22:10

Roy Truelove