jCIFS? -- Aldrin Leal
-----Original Message----- From: Jonathan Gallimore <[email protected]> To: [email protected] Sent: Tue, 19 Jul 2011 17:03 Subject: Re: Integrated Windows Authentication and OpenEJB I wonder if this can be handled by implementing a Login Module for Tomcat. I've not come across SPNEGO or Waffle - I'll have a search for them and see if I can help you get something going. If you have any links for SPNEGO or Waffle that might be useful. Jon On Tue, Jul 19, 2011 at 12:14 PM, rnieto <[email protected]> wrote: > I've been trying (really really) hard figuring out on how to integrate > Windows Authentication with the OpenEJB exposed web services we have. This > is my setup: > > - Client is a .net web service client, it interacts with the server with > typical SOAP messages. The username and password is not typed in, it's > managed automatically by .NET. > - Server has exposed web services (through OpenEJB and CXF). > - On one web service method, it requires to get the user credentials to > check on the active directory the user and get certain details about the > current user. > - We've currently added SPNEGO http servlet filter to manage the single > sign > on (we're also working with WAFFLE, we still haven't decided on which one > to > really use). > - When you open a jsp page on the server it correctly sees the current > logged-in user and displays the current username properly. > > What I'm having problems with is if I get the HTTPRequest object on any of > the web service methods, it always displays "guest" as the user principal. > This seems to bypass the whole SSO filter set-up (SPNEGO or Waffle), and > logs in as guest. > > I've seen the examples for adding security to OpenEJB and it involves > adding > a JAAS setup wherein it requires a username and password. Since > SPNEGO/Waffle is already managing the authentication and it's impossible to > get the password from the kerberos ticket, this really wouldn't work for my > setup. (Just to be clear, the password of the user would never-ever be > provided, Kerberos is doing all the work) > > I need somehow for OpenEJB to use the servlet filter provided by > Waffle/SPNEGO instead of it doing a "guest" login. > > > > --------- > I've tried dummying the Web Service with Axis, the SPNEGO filter setup is > the same, tomcat server is the same, the client exe application is the > same. > For that case it works, it gets the username of the current logged-in user > automatically. When I switch over the web service to the OpenEJB > implementation, it always just returns "guest". > > -- > View this message in context: > http://openejb.979440.n4.nabble.com/Integrated-Windows-Authentication-and-OpenEJB-tp3677881p3677881.html > Sent from the OpenEJB User mailing list archive at Nabble.com. >
