Start a Java process as a different user from tomcat
Question
I need to start a process with the ProcessBuilder as a different user.
The user logs in with the SPNEGO protocol under Tomcat 7. The Tomcat process runs under a server account on a Windows 7 machine. The user is a valid user from Active Directory.
I need to spawn a process and execute some actions as the loggedin user, not as the Tomcat user.
I can obtain the Principal from the request. I would like to use the Subject's doAsPrivileged method but I don't have a reference to the Subject.
Can I just create one? Is there a way to get to the Subject without modifying the Authenticator? Is there any other way to do this?
2 answers
solution1
0 2014-01-28 09:55:03
You need the GSSCredential from the user to enable delegation. What kind of process to do intend to spawn?
solution2
0
The BitVise SSH Server supports SSH with Kerberos, and offers the bvRun.exe utility to start detached processes on windows machines. With that I was able to get the Kerberos ticket, pass it on over SSH to the windows server, log on and start a process on the remote machine that kept running after the connection was closed. The Tomcat process must run under a user account that is registered as an SPN for ticket delgation to work. SSH is used as authentication protocol in this case. Th encryption is used to establish the identity between two parties.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.