I have a java application running on windows, which I need to authenticate to java application (servlet container) running on linux. I'm unfamiliar of this issue, so tried googling and experminted with different technologies, here are some things I found - all weren't right for me:
Waffle - waffle works only for Windows server. I thought redirecting the incoming requests to a Windows server for the login process, but that just adds new servers which I will need to support.
Spengo - I doesn't say if it works linux, but I think it is meant for Windows server. (I mean this OS implementation - http://spnego.sourceforge.net/)
I'm using tomcat, but we are migrating to different servers, so I don't want a specific "tomcat" solution, but rather one that I can use in pure java, if possible (or a servlet filter solution, which can run on any standard serlvet container).
There are lots of patterns available. You haven't mentioned how is the communication between your Java application and the server.
You can easily get ServletFilter model to work if the communication between your applications and server is over http.
If the communication is over RMI, you can intercept RMI requests on the server and perform authentication/authorisation before completing the request.
Take a look at Spring security : http://docs.spring.io/spring-security/site/docs/3.0.x/reference/springsecurity.html
Related
We are using mod_jk as load balancer between the java client apps and the tomcat server. Any service request can reach another tomcat. That makes the handshake more difficult.
The Server is Linux based what means for us we can't use waffle (it's for windows only).
NTLM is also not a option for our company because of the security (deprecation).
Using Spengo for HTTP request authentification is not possible. We have some requests that have to be accepted without any login/permission (public permission).
Are there any other alternatives or working examples with Spengo to realize a SSO for the windows clients?
I'm thinking about what might be the best solution to create a standalone client-server application in java with these features:
Server: it must provide APIs (probably rest?)
Client: javafx webview with angularjs to make requests to webserver.
Loader; it starts the server and the client;
The user can then manage the application directly from the webview or from the browser (to the server port)
This would also be able to create in the future a "cloud" version of the application, the client instead to query the localhost will perform to a remote server.
A solution of this type is correct?
What might be useful tools for its realization and how could it be structured?
I would like in particular a solution which does not require the use of a large Java Application Server, but something more simple that it can be included as a library.
I thought same architecture which you think because it's easy. localhost binding, angularjs, bootstrap in java Webview. one of solutions is Spring MVC Rest API with embedded tomcat. it may be not lightweight.
Hello stackoverflow'ers
we are currently faced with the task to support Single Sign On in our Java based web service.
The setup is like this: Linux server running Apache as a proxy -> Jetty -> Java web service.
All of this in a Windows Domain with Windows workstations as clients accessing the web service through their browser (mainly IE, some firefox).
The SSO will go through the Windows AD DC utilizing Kerberos through SPNEGO.
From what I have gathered it would be possible to implement the SSO either step of the way, in Apache, in Jetty or in the Java Code itself.
What I haven't been able to figure out so far is which approach makes the most sense in the given environment.
We obviously need to access the REMOTE_USER one way or another later on to perform further authorization in our application, but this is the only real requirement we have.
So what are the actual pro's and con's of implementing the SSO / SPNEGO on the Apache level vs. the Jetty level vs. in our own software - if there are any ?
Any help would be greatly appreciated!
Enjoy your day,
Tom
https://github.com/michael-o/mod_spnego/ for Apache Web Server and you are done.
I want to develop a standalone java application, with web browser as front end. This application will run locally and won't be making any remote server calls. I'm essentially using java, as web-browser cannot perform file operations.
I want this application to be portable: no need of installation. Just copying a folder should be enough. I want to know how it can be done, how will javascript communicate with java code.
In continuation of #Quentin's answer.
Yes, you need web server.
There are 2 principal architectures:
Create stand alone application with embedded web server
Create ordinary web application and run it on proprietary web server.
IMHO I think that the second approach is better, however it strongly depend on your application functionality.
You can take jetty or grizzly as a web container. Both can run as in embedded or stand alone modes. You are welcome to share other details of your application with the community if you need concrete advises concerning to the design of your application.
The application would need to implement an HTTP server. Then all communication would be done over HTTP.
Write a small web application as you need and Deploy it using Jetty. Jetty is a pure Java-based HTTP server and Java Servlet container. You can use it by embedded mode also.
Deployment is so easy if you use Jetty-Runner
java -jar jetty-runner.jar my.war
You don't need a local web server. Take JavaFX (embedded webkit) and implement a URL protocol handler for say "myprotocol". Then you can access it from the browser using something myprotocol://xxx.yyy.zzz
I am a little confused about the roles of a java application server and its differences from a web server.
I found many sites explaining the same difference between the two but not to my satisfaction.
So please explain me about the two following cases:-
1)App. Server and its difference with web server:
From these two links:
Difference between an application server and a servlet container?
What is the difference between application server and web server?
web server: It handles everything through http protocol by accepting requests from clients and sending
responses to them with the help of its servlet container(e.g Apache Tomcat)
App. Server: An application server supports the whole of JavaEE like JMS,JPA,RPC etc.
Now what I am confused with is that how can I use a lot of JavaEE APIs like JMS,JPA etc. with my Tomcat
by adding their jar files in my web application ?
Does that mean that if I use an appliation server I don't have to add those jar files?(I don't think so)
2)The roles of an appl. server (This is very important to me)
From Wikipedia
http://en.wikipedia.org/wiki/Application_Server
An application server provides services such as security,transaction support etc.
"The term is often used for web servers which support the JavaEE" -- It sounds like if we add the required jar files of JavaEE APIs a web server becomes an appl. server.What about it.
Now my question is how an application server performs the tasks of security control or transaction management by itself ?
E.g. in my web application using Spring framework I am providing security by using spring-security and transaction management by using #Transactional annotation and all those things you know.
So does the appl. server have anything to do with my security or transaction management or it has its own ways ?
Forgive my ignorance.
Using Spring, you're in fact embedding some kind of Java EE container inside your application. But even when using Spring, if you need JTA support (because you need distributed XA transactions), you'll need to use an additional transaction manager. If you need JMS, you'll need to install an additional JMS broker. If you need connection pooling, you'll need to use an additional connection pool. Sometimes it's as simple as adding additional jars to the classpath and properties or XML files. Sometimes it's harder.
A Java EE app server comes with everything bundled. You have less flexibility, but you don't need to install, configure and make everything work by yourself.
When you use the Java EE framework, that is a specification. So the application server, if it is Java EE compliant, needs to implement this. So once it is implemented the specification, then it will address Security,transaction etc because it is mentioned in the spec. So it is a contract. Whereas, in a web server, it will just pull out your static resource. There is no need for handling other stuff.
In case of the Spring framework, the framework knows how to handle transaction, security etc. So particularly the developer need not look into these aspects which are implemented by the Application Server in the other scenario.
how an application server performs the tasks of security control or transaction management by itself
It is rather the specification that address these issues, not the application server. So, the duty of the app server is to implement these.
So, if your application is Java EE compliant, then these areas will be addressed and the implementation would have been done by the app server.
May be this is oversimplification,
A web server is basically a HTTP server serving contents over http protocol. So a web server is simply about serving the contents over http protocol. A typical example would be Apache web server. This is simply a file server.
Now the question is where does the web server gets the contents from ? Possible sources are
Static contents (the contents like images/css etc) which are not generated on request but statically served.
Dynamic contents: Simply put, the contents to be served are generated upon the user request.
For the static contents, the web server does not need anything as it simply reads the file and serves it.
For dynamic contents, the web server might need help of additional components which will generate the contents to be served.
Here the Application Server comes into picture.
Now these additional components referred earlier, might interact with database or some other system etc.
In a web environment where your website is exposed to huge number of users (intended/unintended), you need typical services like transaction/security/concurrency etc. so that the user get expected responses and do not see inconsistencies in the behavior of the application.
An application server has inbuilt abilities to manage transaction/security/concurrency/resource management. generally these are referred as Managed services and environment offered by them is called Managed Environment where these basic services are managed by the application server and programmer does not have be bother for them.
Application Server needs web servers or we can say Web servers use Application server's services to generate dynamic contents.
For example, JBoss uses Tomcat as inbuilt web server. Whereas web logic has its own web server. Tomcat again can be called as application server (in principle) as it also offers managed environment for servlets (it manages concurrency and instance pool of servlets/JSPs ).
Coming your your example of Spring:
An Application server will come inbuilt with transaction/security etc whether you need it or not. The Spring offers a very nice way handling this. Spring has all these things BUT you use what you need. Not just these, but just a Java Web Sever like Tomcat is sufficient to build a full fledged services that needs an application server.