On 02/23/2004 08:45 PM Dan Thiffault wrote:
Hello,
I am trying to transition my companies internal applications from
IIS contained ASP pages to jsp pages using struts on tomcat. Currently
we are using tomcat 4 but we could easily be swayed to switching to
version 5 as we are just in the beginning stages of development.
Currently our internal web apps are secured using integrated windows
authentication. We have a custom component to check user roles in
active directory. Connections to our sql db are handled using a
component which runs under fixed permissions. With our new setup we
would like to continue using windows integrated authentication. We
already have a form based login working with active directory.
Secondly, but more importantly, after authenticating the user as valid
for the particular resource, we would like to use their credentials to
log on to our MS SQL server, which we currently have using mixed mode
authentication. I've searched through a number of web sites but I feel a
little lost as to where to begin. My best guess is that we want to use
JAAS with Kerberos 5 for authenticating but I'm not sure once a user is
authenticated within an app how that would be applied to a datasource's
credentials. Is the db connection made using a JAAS run as?
Hi Dan
I've no experience with the windows security module but I know that a
tomcat realm can be configured to use it - check the jakarta website
under 'realms' :)
That's not a JAAS solution though. When writing your own JAAS module,
you could easily just use the tomcat win realm code.
I have even less idea about the MSSQL login. If you have to do it at the
same time as the realm login, then you will have to go with JAAS. Doing
the webserver and db logins seperately will be tricky, since it is not
easy to access the users session when logging them in, nor later to get
any more than the username and roles of the user. Yet surely you will be
using connection pooling? That conflicts with your DB security, methinks.
Adam
--
struts 1.1 + tomcat 5.0.16 + java 1.4.2
Linux 2.4.20 Debian
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]