Hello,
I am trying to transition my companies internal applications from IIS contained ASP pages to jsp pages using struts on tomcat. Currently we are using tomcat 4 but we could easily be swayed to switching to version 5 as we are just in the beginning stages of development. Currently our internal web apps are secured using integrated windows authentication. We have a custom component to check user roles in active directory. Connections to our sql db are handled using a component which runs under fixed permissions. With our new setup we would like to continue using windows integrated authentication. We already have a form based login working with active directory. Secondly, but more importantly, after authenticating the user as valid for the particular resource, we would like to use their credentials to log on to our MS SQL server, which we currently have using mixed mode authentication. I've searched through a number of web sites but I feel a little lost as to where to begin. My best guess is that we want to use JAAS with Kerberos 5 for authenticating but I'm not sure once a user is authenticated within an app how that would be applied to a datasource's credentials. Is the db connection made using a JAAS run as?
Hi Dan
I've no experience with the windows security module but I know that a tomcat realm can be configured to use it - check the jakarta website under 'realms' :)
That's not a JAAS solution though. When writing your own JAAS module, you could easily just use the tomcat win realm code.
I have even less idea about the MSSQL login. If you have to do it at the same time as the realm login, then you will have to go with JAAS. Doing the webserver and db logins seperately will be tricky, since it is not easy to access the users session when logging them in, nor later to get any more than the username and roles of the user. Yet surely you will be using connection pooling? That conflicts with your DB security, methinks.
Adam -- struts 1.1 + tomcat 5.0.16 + java 1.4.2 Linux 2.4.20 Debian
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
