> > Here is something that might interest you : >> > > https://github.com/dblock/waffle/blob/master/Docs/ServletSingleSignOnSecurityFilter.md > and look for "impersonate". > It is however NOT what you want, because if I understand this correctly, > the "impersonation" of the webapp user only applies to /local/ actions done > by the servlet on the local (server) machine (such as creating a file on > disk for example). > (So I am just providing this, to avoid you looking in the wrong places). > > The crucial element is how your webapp needs to login to the external > webservices server. > Does that webservices server *require* a Windows Domain login ? > Or does it only require a HTTP Basic authentication e.g. ? > And if only a HTTP Basic authentication, is that going to remain so in all > cases where you will deploy your webapp ? > Is that webservices server under your control ? > > If that server requires only HTTP Basic authentication, and this is going > to remain so for any foreseeable future in any place where you would > install your webapp, then it should be possible, when out of your webapp > you issue the HTTP request to this webserver, to specify that it should use > Basic authentication, with a provided user X / password Y. > (Thus your solution #3). And this should not require having to override > the standard java Authenticator class. > > See this for example : > http://hc.apache.org/httpclient-3.x/authentication.html > > If that server may (now or in the future) require Windows Domain > authentication, then your webapp has to be able to do that (and I am sure > that there are standard Java classes for that)(see above, it also provides > NTLM and Kerberos). > But the only valid Windows Domain authentication it could then provide (I > believe)(*), would be for the user-id under which Tomcat itself is running > (which must then be a valid Domain account, including for that webservices > webserver). > > Now this last seems to conflict with Waffle. > But I think that this is then a Waffle issue, not an issue of Tomcat or of > your webapp. > (Or maybe just an issue because you have overridden the java class). > > > > (*) but maybe not : > > http://hc.apache.org/httpcomponents-client-ga/tutorial/html/authentication.html#spnego > > Hi André,
Thanks a lot for your time and all the advices/informations you've given to me. I'll have a closer look at the differents urls and will report my progress here. Thansk a lot, Stéphane
