如何配置Tomcat以使用Windows NTLM身份验证?

时间:2022-06-08 13:15:09

I would like to use NTLM authentication with Tomcat so that Iexplorer send automatically both the user id+pwd to webapp. Is this possible?

我想在Tomcat中使用NTLM身份验证,以便Iexplorer自动将用户id + pwd发送到webapp。这可能吗?

With "BASIC" authentication IE pops up the usual pwd dialog but I want to skip this dialog. ( Note, I use JNDIReal/ldap)

使用“BASIC”身份验证IE弹出通常的pwd对话框,但我想跳过此对话框。 (注意,我使用JNDIReal / ldap)

6 个解决方案

#1


Yes it is. The Tomcat Wiki references a documentation about Samba code that enables Tomcat to do NTLM authentication.

是的。 Tomcat Wiki引用了一个关于Samba代码的文档,该代码使Tomcat能够进行NTLM身份验证。

The Samba community implemented a Servlet filter that allows to athenticate users agains a domain controller.

Samba社区实现了一个Servlet过滤器,允许再次对用户进行域控制器的身份验证。

#2


Yes, it's now possible with Waffle Tomcat Authenticator that supports Negotiate (NTLM v1, v2, etc., and Kerberos).

是的,现在可以使用支持Negotiate的Waffle Tomcat Authenticator(NTLM v1,v2等和Kerberos)。

Waffle works on windows server only

华夫饼仅适用于Windows服务器

#3


Alternatively, if you're on a Windows server, you can have IIS do the authentication and redirect requests to Tomcat. Here's the documentation: http://tomcat.apache.org/connectors-doc/webserver_howto/iis.html

或者,如果您使用的是Windows服务器,则可以让IIS执行身份验证并将请求重定向到Tomcat。这是文档:http://tomcat.apache.org/connectors-doc/webserver_howto/iis.html

#4


  • JCIF is now (2011) deprecated (does not support NTLM v2).
  • JCIF现在(2011)已被弃用(不支持NTLM v2)。

  • JESPA is not free but may work out for you
  • JESPA不是免费的,但可能会为您服务

  • Waffle is windows server only
  • 华夫饼干只是Windows服务器

You may want to check out UnboundID's LDAP solution www.unboundid.com/products/ldapsdk/ Haven't tried it yet but seems like a compromise.

您可能想要查看UnboundID的LDAP解决方案www.unboundid.com/products/ldapsdk/尚未尝试过,但似乎是妥协。

Here is a quick comparison between UnboundID SDK, JNDI and Netscape SDK: www.unboundid.com/products/ldap-sdk/docs/advantages/comparison.php . It may be biased since it's on unbound's website but hey, gives you a good idea why you might consider it.

以下是UnboundID SDK,JNDI和Netscape SDK之间的快速比较:www.unboundid.com/products/ldap-sdk/docs/advantages/comparison.php。它可能有偏见,因为它在未绑定的网站上,但是,嘿,让你知道为什么你可以考虑它。

#5


people from the JCIFS project (the one reerenced in mkoller's answer) says that the solution they provide is not compatible with NTLMv2...

来自JCIFS项目的人(mkoller的回答中提到的人)说他们提供的解决方案与NTLMv2不兼容......

http://jcifs.samba.org/src/docs/ntlmhttpauth.html

you should check http://www.ioplex.com/jespa.html, which is not free...

你应该查看http://www.ioplex.com/jespa.html,这不是免费的......

#6


I have used JCIFS, Waffle and IIS side by side.

我并排使用了JCIFS,Waffle和IIS。

  • JCIFS does not support NTLM v2, sometimes prompts users
  • JCIFS不支持NTLM v2,有时会提示用户

  • Waffle support NTLM v2, but sometimes prompts user
  • Waffle支持NTLM v2,但有时会提示用户

  • IIS is the only solutio where promptless NTLM authentication works 100% of the time
  • IIS是唯一可以在100%的时间内进行无提示NTLM身份验证的解决方案

#1


Yes it is. The Tomcat Wiki references a documentation about Samba code that enables Tomcat to do NTLM authentication.

是的。 Tomcat Wiki引用了一个关于Samba代码的文档,该代码使Tomcat能够进行NTLM身份验证。

The Samba community implemented a Servlet filter that allows to athenticate users agains a domain controller.

Samba社区实现了一个Servlet过滤器,允许再次对用户进行域控制器的身份验证。

#2


Yes, it's now possible with Waffle Tomcat Authenticator that supports Negotiate (NTLM v1, v2, etc., and Kerberos).

是的,现在可以使用支持Negotiate的Waffle Tomcat Authenticator(NTLM v1,v2等和Kerberos)。

Waffle works on windows server only

华夫饼仅适用于Windows服务器

#3


Alternatively, if you're on a Windows server, you can have IIS do the authentication and redirect requests to Tomcat. Here's the documentation: http://tomcat.apache.org/connectors-doc/webserver_howto/iis.html

或者,如果您使用的是Windows服务器,则可以让IIS执行身份验证并将请求重定向到Tomcat。这是文档:http://tomcat.apache.org/connectors-doc/webserver_howto/iis.html

#4


  • JCIF is now (2011) deprecated (does not support NTLM v2).
  • JCIF现在(2011)已被弃用(不支持NTLM v2)。

  • JESPA is not free but may work out for you
  • JESPA不是免费的,但可能会为您服务

  • Waffle is windows server only
  • 华夫饼干只是Windows服务器

You may want to check out UnboundID's LDAP solution www.unboundid.com/products/ldapsdk/ Haven't tried it yet but seems like a compromise.

您可能想要查看UnboundID的LDAP解决方案www.unboundid.com/products/ldapsdk/尚未尝试过,但似乎是妥协。

Here is a quick comparison between UnboundID SDK, JNDI and Netscape SDK: www.unboundid.com/products/ldap-sdk/docs/advantages/comparison.php . It may be biased since it's on unbound's website but hey, gives you a good idea why you might consider it.

以下是UnboundID SDK,JNDI和Netscape SDK之间的快速比较:www.unboundid.com/products/ldap-sdk/docs/advantages/comparison.php。它可能有偏见,因为它在未绑定的网站上,但是,嘿,让你知道为什么你可以考虑它。

#5


people from the JCIFS project (the one reerenced in mkoller's answer) says that the solution they provide is not compatible with NTLMv2...

来自JCIFS项目的人(mkoller的回答中提到的人)说他们提供的解决方案与NTLMv2不兼容......

http://jcifs.samba.org/src/docs/ntlmhttpauth.html

you should check http://www.ioplex.com/jespa.html, which is not free...

你应该查看http://www.ioplex.com/jespa.html,这不是免费的......

#6


I have used JCIFS, Waffle and IIS side by side.

我并排使用了JCIFS,Waffle和IIS。

  • JCIFS does not support NTLM v2, sometimes prompts users
  • JCIFS不支持NTLM v2,有时会提示用户

  • Waffle support NTLM v2, but sometimes prompts user
  • Waffle支持NTLM v2,但有时会提示用户

  • IIS is the only solutio where promptless NTLM authentication works 100% of the time
  • IIS是唯一可以在100%的时间内进行无提示NTLM身份验证的解决方案