Return-Path: Delivered-To: apmail-tomcat-users-archive@www.apache.org Received: (qmail 80335 invoked from network); 14 Jul 2008 16:48:59 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 14 Jul 2008 16:48:59 -0000 Received: (qmail 8629 invoked by uid 500); 14 Jul 2008 16:48:49 -0000 Delivered-To: apmail-tomcat-users-archive@tomcat.apache.org Received: (qmail 8009 invoked by uid 500); 14 Jul 2008 16:48:47 -0000 Mailing-List: contact users-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Users List" Delivered-To: mailing list users@tomcat.apache.org Received: (qmail 7998 invoked by uid 99); 14 Jul 2008 16:48:47 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 14 Jul 2008 09:48:47 -0700 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received-SPF: unknown (athena.apache.org: error in processing during lookup of ochanis@ncc.edu) Received: from [198.38.12.11] (HELO newton.matcmp.ncc.edu) (198.38.12.11) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 14 Jul 2008 16:47:52 +0000 Received: from [10.11.3.48] ([10.11.3.48]) by newton.matcmp.ncc.edu (8.11.7p3+Sun/8.11.7) with ESMTP id m6EGjn022014 for ; Mon, 14 Jul 2008 12:45:49 -0400 (EDT) From: "Steve Ochani" To: Tomcat Users List Date: Mon, 14 Jul 2008 12:47:58 -0400 MIME-Version: 1.0 Subject: Re: Reuse Windows Logon credentials Message-ID: <487B4AFE.6446.2089D5@ochanis.ncc.edu> Priority: normal In-reply-to: <9341DA22DD1A89439AB3129F710FCF82A318C2@dedawexmb1.infor.com> References: <9341DA22DD1A89439AB3129F710FCF82A318C2@dedawexmb1.infor.com> X-mailer: Pegasus Mail for Windows (4.41) Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body X-newton-MailScanner-Information: Please contact the ISP for more information X-newton-MailScanner: Found to be clean X-MailScanner-From: ochanis@ncc.edu X-Virus-Checked: Checked by ClamAV on apache.org Date sent: Mon, 14 Jul 2008 17:54:02 +0200 From: Faris Ahmed Subject: Reuse Windows Logon credentials To: users@tomcat.apache.org Send reply to: Tomcat Users List > Dear list, > > I would like use Tomcat instead of IIS in this environment: > > > > 1) Client computer running Windows Internet Explorer. > > 2) Web server computer running a web application in Microsoft IIS > 6.0. > > 3) Database server computer running Microsoft SQL server with > Windows Authentication. > > 4) All three computers are members in one Windows 2003 domain. > > > > User interaction: > > 1) User logs on to the client computer with a Microsoft domain > user account and starts IE. > > 2) User browses to the webapp and is immediately logged in as the > domain user in step 1 (no extra login takes place on the server). > > 3) The webapp access Microsoft SQL server on a third computer and > reuses the Windows credentials to login to SQL server. > > > > In a pure Windows environment only one logon is necessary on the > client computer. The user security credentials are reused on the web > server and the database server without extra login. > > > > Question: Can I do the same with Tomcat replacing IIS? This means: > > > > 1) Can Tomcat accept\understand the Windows credentials from the > client computer? > > 2) Can the web app inside Tomcat reuse the credentials and access > SQL server using JDBC and Windows authentication. > > > > Note: > > The JCIFS (http://jcifs.samba.org/src/docs/ntlmhttpauth.html) is not > enough for my environment because I only get the user name in Tomcat. > Not sure about issue #2 but JCIFS is exactly for issue #1. You will never get access to someones un-hashed password. -Steve O. --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org For additional commands, e-mail: users-help@tomcat.apache.org