This is the technique we've used. When a user logs into our Intranet, they
are redirected to an ASP page on our IIS server. The ASP/IIS combo has
access to obtain the NT username of the current user. It then redirects
back to the J2EE app server (Orion in our case) with the username encoded
as a URL variable. Not very secure, but it is only for internal users on
our intranet, and no majorly sensitive data is accessible. It is more for
customisation than security.
I can't think of any other way of doing it, but it still seems like a messy
work around hack.
That handles the identification of the current user. We're still working on
how to interface with our NT domain user list to get that info into our JSP
web setup. I'm guessing you could do it using LDAP/JNDI, but haven't had
enough of a chance to play around and get it working. We are using a simple
database login with a list of Intranet users and their NT login.
Julian Doherty
Technical Manager, Website Design Projects
Education Review Office
04 474 9577
Joe Cheng
<[EMAIL PROTECTED]> To: [EMAIL PROTECTED]
Sent by: A cc:
mailing list Subject: Re: taking NT Authentication
for JSP App.
about Java Server
Pages
specification and
reference
<JSP-INTEREST@JAV
A.SUN.COM>
06/01/2002 16:32
Please respond to
A mailing list
about Java Server
Pages
specification and
reference
Merrill's right, this technique absolutely won't work because the most it
could do is get the username at the server, not the client.
Maybe if you're using IIS as your webserver, you could set the directory
security to enforce NT authentication, then see if the request has any
security-related headers. I believe this works OK in ASP, not sure if I've
ever heard of anyone doing it with JSP.
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff
JSP-INTEREST".
For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST
DIGEST".
Some relevant FAQs on JSP/Servlets can be found at:
http://archives.java.sun.com/jsp-interest.html
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.jsp
http://www.jguru.com/faq/index.jsp
http://www.jspinsider.com
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST".
Some relevant FAQs on JSP/Servlets can be found at:
http://archives.java.sun.com/jsp-interest.html
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.jsp
http://www.jguru.com/faq/index.jsp
http://www.jspinsider.com
