How does the SQL Server JDBC Trusted Connection Authentication work? (ie how does the trusted connection authenticate the logged in AD user in such a transparent and elegant fashion and how can I implement a similar authentication solution for my client-server applications in Java without a database connection or any use of the existing SQL Server solution.)
SQL Server JDBC可信连接身份验证如何工作? (即,可信连接如何以透明和优雅的方式对登录的AD用户进行身份验证,如何在没有数据库连接或使用现有SQL Server解决方案的情况下为Java中的客户端 - 服务器应用程序实现类似的身份验证解决方案。)
Assumptions * Working within a Windows 2003 domain * You have access to the Windows API via JNI/JNA
假设*在Windows 2003域中工作*您可以通过JNI / JNA访问Windows API
3 个解决方案
#1
1
It depends on the client. For example if you have a Web Browser, it can use the NTLM Authentication to pass the domain authentication of your current client to the server. In this case the browser like IE or FF supports this, and you web server needs the support for NTLM. For example here for Tomcat: http://jcifs.samba.org/src/docs/ntlmhttpauth.html
这取决于客户。例如,如果您有Web浏览器,则可以使用NTLM身份验证将当前客户端的域身份验证传递给服务器。在这种情况下,像IE或FF这样的浏览器支持这一点,而您的Web服务器需要对NTLM的支持。例如Tomcat的示例:http://jcifs.samba.org/src/docs/ntlmhttpauth.html
There is also the SPNEGO protcol in combination with Kerberos, as explained here: http://java.sun.com/javase/6/docs/technotes/guides/security/jgss/lab/index.html
还有SPNEGO protcol与Kerberos结合使用,如下所述:http://java.sun.com/javase/6/docs/technotes/guides/security/jgss/lab/index.html
If you have your own client, it depends on the client's framework if it is able to use the local user's security context and is able to pass it on. The page above describes this at least for a kerberos scenario.
如果您有自己的客户端,则它取决于客户端的框架,如果它能够使用本地用户的安全上下文并且能够传递它。上面的页面至少针对kerberos场景描述了这一点。
Greetings Bernd
PS: I am not sure if you can pass the authentication context established with the jcifs/ntmlm solution to a backend component like SQL Server. It should work with Kerberos tickets (if configured).
PS:我不确定您是否可以将使用jcifs / ntmlm解决方案建立的身份验证上下文传递给SQL Server等后端组件。它应该与Kerberos票证一起使用(如果已配置)。
#2
1
jTDS and Microsoft JDBC Driver both offer native Windows Authentication.
jTDS和Microsoft JDBC Driver都提供本机Windows身份验证。
#3
0
Have you looked at this question? The situation seems to be similar to yours (connecting to a SQL Server database using Windows authentication).
你看过这个问题吗?这种情况似乎与您的情况类似(使用Windows身份验证连接到SQL Server数据库)。
#1
1
It depends on the client. For example if you have a Web Browser, it can use the NTLM Authentication to pass the domain authentication of your current client to the server. In this case the browser like IE or FF supports this, and you web server needs the support for NTLM. For example here for Tomcat: http://jcifs.samba.org/src/docs/ntlmhttpauth.html
这取决于客户。例如,如果您有Web浏览器,则可以使用NTLM身份验证将当前客户端的域身份验证传递给服务器。在这种情况下,像IE或FF这样的浏览器支持这一点,而您的Web服务器需要对NTLM的支持。例如Tomcat的示例:http://jcifs.samba.org/src/docs/ntlmhttpauth.html
There is also the SPNEGO protcol in combination with Kerberos, as explained here: http://java.sun.com/javase/6/docs/technotes/guides/security/jgss/lab/index.html
还有SPNEGO protcol与Kerberos结合使用,如下所述:http://java.sun.com/javase/6/docs/technotes/guides/security/jgss/lab/index.html
If you have your own client, it depends on the client's framework if it is able to use the local user's security context and is able to pass it on. The page above describes this at least for a kerberos scenario.
如果您有自己的客户端,则它取决于客户端的框架,如果它能够使用本地用户的安全上下文并且能够传递它。上面的页面至少针对kerberos场景描述了这一点。
Greetings Bernd
PS: I am not sure if you can pass the authentication context established with the jcifs/ntmlm solution to a backend component like SQL Server. It should work with Kerberos tickets (if configured).
PS:我不确定您是否可以将使用jcifs / ntmlm解决方案建立的身份验证上下文传递给SQL Server等后端组件。它应该与Kerberos票证一起使用(如果已配置)。
#2
1
jTDS and Microsoft JDBC Driver both offer native Windows Authentication.
jTDS和Microsoft JDBC Driver都提供本机Windows身份验证。
#3
0
Have you looked at this question? The situation seems to be similar to yours (connecting to a SQL Server database using Windows authentication).
你看过这个问题吗?这种情况似乎与您的情况类似(使用Windows身份验证连接到SQL Server数据库)。