tomcat authentication on windows via spnego (ntlm or kerberos)

	tomcat authentication on windows via spnego (ntlm or kerberos)

CodePlex
Open Source Community

Home

RSS

All Project Updates

Discussions

Issue Tracker

Releases

Reviews

Source Code

Wiki & Documentation

RSS

View All Comments | Print View | Page Info | Change History (all pages)

Home

Project Description
Tomcat is an servlets container. With tomcatspnego, users working on a Windows client OS and IE or Firefox, can be silently authenticated ( SSO ) to a Tomcat running on a Windows or Unix server, via Spnego, and so via NTLM or Kerberos.
You can define autorizations to tomcat's applications with domain's groups.

There are now three versions, one with JNI and a DLL, another with JNA (it is more easier to read the code), and another with a Windows service and TCP. So Tomcat can be on a Windows server, but also on an Unix server. (Linux is an Unix)
The versions with JNI and JNA works only on Windows.
The three versions run on x86 and x64.

The version with JNI fixes a bug. Now, it works well on x64.

With the versions 15062010 tcp and jna, it is possible to find the groups of the users via a Realm : JDBCRealm , JNDIRealm or UserDatabaseRealm(tomcat-users.xml)
The versions jna and tcp 14062010 have a bug but only when we use the parameter nogroupsinad.

The configuration of IE is in the documentation. You have remarks on this configuration on the discussion.

Version 21112010
a)The version (21112010) add the possibility to use tomcat 7. Some methods of the classes GenericPrinipal and AuthenticatorBase of tomcat have been modified. So the java code of the valve SSPAutenticator has also been modified.
b)The jna version use now the version 2.3.7of the project Java Native Access. This project has been refactored. So the code of the jna version has been modified.
c)There is a new parameter with the tcp and jna versions: usernamewithoutdomainasprefix.

With the version 21112010:
-If the user is not authenticated, tomcatspnego send 403 and not 401 with the version 7 of tomcat.
-You cannot use the methods login, logout and authenticate of thge HttpServletRequest defined in the 3.0 Java Servlet Specification and so in tomcat 7.
-The guest user can be authenticated. This user is member of the group EveryOne but not of the "Authenticated Users". So, if you do not want to authenticate a guest , do not use the group Everyone in web.xml.

With the version 15032011
these problems are resolved with the version of tomcatspnego.

The last version is 0212012 (January, 2 2012)
Download the trunk-0212012

Maciej Matecki (mmatecki) sent the file Tomcat TomcatSpnegoSpringSecuritySample. With Spring Security 3.0 see Alberto Aceveido (albertoaceiveido) in http://tomcatspnego.codeplex.com/workitem/5025

Before to write these three versions with sspi, I wrote a first version with gssapi and only java code. You can find it (trunk-gssapi)

Dominique Guerin

Last edited Jan 9 at 7:24 PM by doumeguerin, version 33

9 people are following this project (follow)

Download

Microsoft Public License (Ms-PL)

This license governs use of the accompanying software. If you use the software, you accept this license. If you do not accept the license, do not use the software.

1. Definitions

The terms "reproduce," "reproduction," "derivative works," and "distribution" have the same meaning here as under U.S. copyright law.

A "contribution" is the original software, or any additions or changes to the software.

A "contributor" is any person that distributes its contribution under this license.

"Licensed patents" are a contributor's patent claims that read directly on its contribution.

2. Grant of Rights

(A) Copyright Grant- Subject to the terms of this license, including the license conditions and limitations in section 3, each contributor grants you a non-exclusive, worldwide, royalty-free copyright license to reproduce its contribution, prepare derivative works of its contribution, and distribute its contribution or any derivative works that you create.

(B) Patent Grant- Subject to the terms of this license, including the license conditions and limitations in section 3, each contributor grants you a non-exclusive, worldwide, royalty-free license under its licensed patents to make, have made, use, sell, offer for sale, import, and/or otherwise dispose of its contribution in the software or derivative works of the contribution in the software.

3. Conditions and Limitations

(A) No Trademark License- This license does not grant you rights to use any contributors' name, logo, or trademarks.

(B) If you bring a patent claim against any contributor over patents that you claim are infringed by the software, your patent license from such contributor to the software ends automatically.

(C) If you distribute any portion of the software, you must retain all copyright, patent, trademark, and attribution notices that are present in the software.

(D) If you distribute any portion of the software in source code form, you may do so only under this license by including a complete copy of this license with your distribution. If you distribute any portion of the software in compiled or object code form, you may only do so under a license that complies with this license.

(E) The software is licensed "as-is." You bear the risk of using it. The contributors give no express warranties, guarantees or conditions. You may have additional consumer rights under your local laws which this license cannot change. To the extent permitted under your local laws, the contributors exclude the implied warranties of merchantability, fitness for a particular purpose and non-infringement.

Current	tomcatspnego version 1
Date	Sat Jul 4 2009 at 8:00 AM
Status	Stable
Rating	3 ratings 3887 downloads
More	View all downloads

Recent reviews (more)

Works very well, easier to setup than some commercial alternatives.

I've used this with Tomcat to enable SSO integration with Sun Identity Manager. Great job!

Activity

7 30 All days

Page Views	322
Visits	145
Downloads	27
Application Runs	N/A

View Detailed Stats