For windows there is integrated windows authentication.
We can configure active directory and join the cleint to the domain.
Then all the services on the client that communicates with the iis on the server can use the integrated authentication transparently.
Is there something similar for java, linux and some application server ?
Regards
I recommend you to use LDAP and PAM.
There is a similar question, where you can find info.
Hope that helps,
You may want to look at the steps for Moodle, to get NTLM working in Apache, on Linux, as that may be what you are looking for, since you already have active directory.
http://docs.moodle.org/en/NTLM_authentication#APACHE_Configuration
This will be between apache and the browser, so, if you want it to work with Tomcat, then you may need to have to use JK (http://tomcat.apache.org/connectors-doc/) to have connections come in to apache then be forwarded to tomcat, after authentication takes place.
Related
I need to state up front that I am not a Java developer. So it is fair to assume that I know very little about the tooling etc. that Java dev's will be naturally familiar with.
So, I have created a Jersey web api (2.25.1) on my home server running Windows 2012. It serves data to a Xamarin application. I need to deploy this to a Linux server (Ubuntu) on AWS which my friend spun up.
At the moment, the only access I have is via SSH (Putty).
Tomcat (and Glassfish) have been installed on the Linux machine.
How do I go about deploying that application to that AWS server?
The official Jersey documentation seems to be MIA, and my Googling efforts don't yield much. There's a lot of SO questions with a similar title to this one. But I have not found any of the answers (and in many cases, questions) helpful to my cause.
Cheers
I assume that you are using maven to create your jersey web app .
Upon build you will get a *.war file .Copy the same to tomcat/webapps folder .
Start your tomcat then.
To take your file there on remote use winscp tool with your ssh credentials.
I have a java application running on windows, which I need to authenticate to java application (servlet container) running on linux. I'm unfamiliar of this issue, so tried googling and experminted with different technologies, here are some things I found - all weren't right for me:
Waffle - waffle works only for Windows server. I thought redirecting the incoming requests to a Windows server for the login process, but that just adds new servers which I will need to support.
Spengo - I doesn't say if it works linux, but I think it is meant for Windows server. (I mean this OS implementation - http://spnego.sourceforge.net/)
I'm using tomcat, but we are migrating to different servers, so I don't want a specific "tomcat" solution, but rather one that I can use in pure java, if possible (or a servlet filter solution, which can run on any standard serlvet container).
There are lots of patterns available. You haven't mentioned how is the communication between your Java application and the server.
You can easily get ServletFilter model to work if the communication between your applications and server is over http.
If the communication is over RMI, you can intercept RMI requests on the server and perform authentication/authorisation before completing the request.
Take a look at Spring security : http://docs.spring.io/spring-security/site/docs/3.0.x/reference/springsecurity.html
I recently did a quick mock up of a web service using C# on IIS. All users are using Windows so, in the web service, I was able to get the current user via NTLM.
Now I have to migrate this to a Java web service running on Tomcat or WebSphere.
What authentication options are open to me? I see that Apache HttpComponents has an NTLM feature but I can only find instructions on how to use it on the client side. Can I use it in my web service to determine the current user? (Remember, all users will be Windows users)
Just to clarify: this is for use in a company intranet and all users will be logged in to Windows. This is why NTLM seems to be the right way to go.
Try WAFFLE windows authentication framework.
(http://waffle.codeplex.com/)
It is one of the third party libraries suggested in the tomcat documentation. (https://tomcat.apache.org/tomcat-7.0-doc/windows-auth-howto.html)
It comes with zero configurations and all you have to do is to modify your web.xml to you waffle as in this tutorial (http://code.dblock.org/2010/05/20/single-sign-on-tomcat-negotiate-authenticator-kerberos-ntlm-w-waffle.html)
Hello stackoverflow'ers
we are currently faced with the task to support Single Sign On in our Java based web service.
The setup is like this: Linux server running Apache as a proxy -> Jetty -> Java web service.
All of this in a Windows Domain with Windows workstations as clients accessing the web service through their browser (mainly IE, some firefox).
The SSO will go through the Windows AD DC utilizing Kerberos through SPNEGO.
From what I have gathered it would be possible to implement the SSO either step of the way, in Apache, in Jetty or in the Java Code itself.
What I haven't been able to figure out so far is which approach makes the most sense in the given environment.
We obviously need to access the REMOTE_USER one way or another later on to perform further authorization in our application, but this is the only real requirement we have.
So what are the actual pro's and con's of implementing the SSO / SPNEGO on the Apache level vs. the Jetty level vs. in our own software - if there are any ?
Any help would be greatly appreciated!
Enjoy your day,
Tom
https://github.com/michael-o/mod_spnego/ for Apache Web Server and you are done.
I'm writing a Java Tomcat intranet app that uses NTLM to lookup a user's name. This is in a Win7 Active Directory environment.
Is it better to use Waffle or Spnego for this? (Or something better?)
Waffle has a huge following now, and will do the job well. But I am bias :)
Turns out the answer was simple LDAP lookups using the Java libraries javax.naming.directory.*.