tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adam Hardy <>
Subject Re: JAAS and Datasources
Date Mon, 23 Feb 2004 21:46:45 GMT
On 02/23/2004 08:45 PM Dan Thiffault wrote:
> Hello,
>     I am trying to transition my companies internal applications from 
> IIS contained ASP pages to jsp pages using struts on tomcat.  Currently 
> we are using tomcat 4 but we could easily be swayed to switching to 
> version 5 as we are just in the beginning stages of development.  
> Currently our internal web apps are secured using integrated windows 
> authentication.  We have a custom component to check user roles in 
> active directory.  Connections to our sql db are handled using a 
> component which runs under fixed permissions.  With our new setup we 
> would like to continue using windows integrated authentication. We 
> already have a form based login working with active directory.  
> Secondly, but more importantly, after authenticating the user as valid 
> for the particular resource, we would like to use their credentials to 
> log on to our MS SQL server, which we currently have using mixed mode 
> authentication. I've searched through a number of web sites but I feel a 
> little lost as to where to begin.  My best guess is that we want to use 
> JAAS with Kerberos 5 for authenticating but I'm not sure once a user is 
> authenticated within an app how that would be applied to a datasource's 
> credentials.  Is the db connection made using a JAAS run as?

Hi Dan	
I've no experience with the windows security module but I know that a 
tomcat realm can be configured to use it - check the jakarta website 
under 'realms' :)

That's not a JAAS solution though. When writing your own JAAS module, 
you could easily just use the tomcat win realm code.

I have even less idea about the MSSQL login. If you have to do it at the 
same time as the realm login, then you will have to go with JAAS. Doing 
the webserver and db logins seperately will be tricky, since it is not 
easy to access the users session when logging them in, nor later to get 
any more than the username and roles of the user. Yet surely you will be 
using connection pooling? That conflicts with your DB security, methinks.

struts 1.1 + tomcat 5.0.16 + java 1.4.2
Linux 2.4.20 Debian

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message