Geek Answers Handbook

Authenticating Windows Users to a Java Server

I work on a server written in Java and a client (a desktop application written in .Net) that runs on Windows computers on the same network. I would like to have some basic authentication so that the server can determine the username of the user starting the client, without having to re-enter the Windows password in the client.

Is this possible, and what is the easiest way to do this?

I looked at some of the available APIs, it looks like the org.ietf.jgss package in Java and the NegotiateStream class in .Net would probably need to talk to each other to achieve this, but I keep coming across frustrating error messages which I do not understand. I thought I would check if this is correct if I post a separate question with more detailed error information :)

+4
source share
4 answers

The approach is right. Pay attention to a number of things:

  • this will have nothing to do with "basic authentication" (in http)
  • .NET will try to use the SPNEGO GSS engine. See Sun Documentation for proper support for this mechanism.
  • Your service will have to translate the principle of service. Therefore, you need to create an Active Directory account not only for the user, but also for the service, and you need to put the service password in Java keytab.
+3
source

If you're using Active Directory, I think Spring's LDAP module can offer you a great way to access credentials.

0
source

Not familiar with the GSS mechanism. I would suggest using the common key mechanism used in ssh without a password.

0
source

This open source library http://spnego.sourceforge.net has exactly what you are looking for. It implements an HTTP servlet filter on the server so that your web application can call request.getRemoteUser () to find out the username.

0
source

More articles:


All Articles