stackoom
  简体   繁体   中英

Java servlet - Windows Authentication Token / IIS Server

 原文  2013-10-10 13:09:39       java/ authentication/ iis/ servlets

Question

Currently I have got a specific problem finding a solution and I am hoping you are able to provide some light on the matter.

The Structure of the problem:

The task at hand is to gather a client's login credentials (token) and pass this to the servlet. However I cannot seem to find a good resource to do this. I have researched a wide variety of ways. Ie SPNEGO, WAFFLE etc..., However, these seem to require some sort of active directory by my understanding, I am trying to gather the credentials from the users local machine. A clear explanation or guidance to how I can gather the windows credentials to the servlet for my specific request would be appreciated.

Diagrams are always a better way of explaining so I will provide one if you are still confused:

Windows PC (Client) ------------------------> Java Servlet -------------------------------------> IIS Server

(windows authentication) --------------> (Get Credentials) -------------------- (Check Credentials & Authenticate) 

                   (token)               (pass credentials)

Thank you in advanced to anyone who replies, I really appreciate it!.

1 answers

solution1
 0 ACCPTED  2013-10-10 13:47:14

You are wasting your time. If you only take the credentials from the users local machine then you have no way of knowing if those credentials can be trusted. You might as well just give every user administrative access to your web application.

The reason active directory (or something like it) is required is that it is not under the control of the client and is trusted by the server. For example, when using SPNEGO, the client authenticates itself to the windows domain, the client gets a token from the windows domain that it can only get if it is authenticated, the client passes the token to the server, the server can then validate that token with the Windows domain to confirm that the client is indeed who they claim to be. (Not quite that simple but you get the idea.)

There are other ways to do this - eg with PKI - but they all have in common a central, trusted authentication system that the server can use to validate credentials provided by the client.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Java servlet and authentication Java - Mutual Authentication to IIS 7.5 Server - Connection reset - peer not authenticated Windows authentication in a Java/Tomcat server with an Android app insert a domain name into servlet authentication token Multiple java servlet authentication methods Java client authentication without a servlet IIS windows authentication error (401.1) Register with facebook - Java server side authentication - Getting access token Server to run java servlet Deploying Java / JSP / Struts 2 web app on IIS on Windows server
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM