I would like to use NTLM authentication with Tomcat so that Iexplorer send automatically both the user id+pwd to webapp. Is this possible?
我想在Tomcat中使用NTLM身份验证,以便Iexplorer自动将用户id + pwd发送到webapp。这可能吗?
With "BASIC" authentication IE pops up the usual pwd dialog but I want to skip this dialog. ( Note, I use JNDIReal/ldap)
使用“BASIC”身份验证IE弹出通常的pwd对话框,但我想跳过此对话框。 (注意,我使用JNDIReal / ldap)
6 个解决方案
#1
Yes it is. The Tomcat Wiki references a documentation about Samba code that enables Tomcat to do NTLM authentication.
是的。 Tomcat Wiki引用了一个关于Samba代码的文档,该代码使Tomcat能够进行NTLM身份验证。
The Samba community implemented a Servlet filter that allows to athenticate users agains a domain controller.
Samba社区实现了一个Servlet过滤器,允许再次对用户进行域控制器的身份验证。
#2
Yes, it's now possible with Waffle Tomcat Authenticator that supports Negotiate (NTLM v1, v2, etc., and Kerberos).
是的,现在可以使用支持Negotiate的Waffle Tomcat Authenticator(NTLM v1,v2等和Kerberos)。
- Tutorial: http://code.dblock.org/ShowPost.aspx?id=103
- Waffle: http://dblock.github.io/waffle/
Waffle works on windows server only
华夫饼仅适用于Windows服务器
#3
Alternatively, if you're on a Windows server, you can have IIS do the authentication and redirect requests to Tomcat. Here's the documentation: http://tomcat.apache.org/connectors-doc/webserver_howto/iis.html
或者,如果您使用的是Windows服务器,则可以让IIS执行身份验证并将请求重定向到Tomcat。这是文档:http://tomcat.apache.org/connectors-doc/webserver_howto/iis.html
#4
- JCIF is now (2011) deprecated (does not support NTLM v2).
- JESPA is not free but may work out for you
- Waffle is windows server only
JCIF现在(2011)已被弃用(不支持NTLM v2)。
JESPA不是免费的,但可能会为您服务
华夫饼干只是Windows服务器
You may want to check out UnboundID's LDAP solution www.unboundid.com/products/ldapsdk/ Haven't tried it yet but seems like a compromise.
您可能想要查看UnboundID的LDAP解决方案www.unboundid.com/products/ldapsdk/尚未尝试过,但似乎是妥协。
Here is a quick comparison between UnboundID SDK, JNDI and Netscape SDK: www.unboundid.com/products/ldap-sdk/docs/advantages/comparison.php . It may be biased since it's on unbound's website but hey, gives you a good idea why you might consider it.
以下是UnboundID SDK,JNDI和Netscape SDK之间的快速比较:www.unboundid.com/products/ldap-sdk/docs/advantages/comparison.php。它可能有偏见,因为它在未绑定的网站上,但是,嘿,让你知道为什么你可以考虑它。
#5
people from the JCIFS project (the one reerenced in mkoller's answer) says that the solution they provide is not compatible with NTLMv2...
来自JCIFS项目的人(mkoller的回答中提到的人)说他们提供的解决方案与NTLMv2不兼容......
http://jcifs.samba.org/src/docs/ntlmhttpauth.html
you should check http://www.ioplex.com/jespa.html, which is not free...
你应该查看http://www.ioplex.com/jespa.html,这不是免费的......
#6
I have used JCIFS, Waffle and IIS side by side.
我并排使用了JCIFS,Waffle和IIS。
- JCIFS does not support NTLM v2, sometimes prompts users
- Waffle support NTLM v2, but sometimes prompts user
- IIS is the only solutio where promptless NTLM authentication works 100% of the time
JCIFS不支持NTLM v2,有时会提示用户
Waffle支持NTLM v2,但有时会提示用户
IIS是唯一可以在100%的时间内进行无提示NTLM身份验证的解决方案
#1
Yes it is. The Tomcat Wiki references a documentation about Samba code that enables Tomcat to do NTLM authentication.
是的。 Tomcat Wiki引用了一个关于Samba代码的文档,该代码使Tomcat能够进行NTLM身份验证。
The Samba community implemented a Servlet filter that allows to athenticate users agains a domain controller.
Samba社区实现了一个Servlet过滤器,允许再次对用户进行域控制器的身份验证。
#2
Yes, it's now possible with Waffle Tomcat Authenticator that supports Negotiate (NTLM v1, v2, etc., and Kerberos).
是的,现在可以使用支持Negotiate的Waffle Tomcat Authenticator(NTLM v1,v2等和Kerberos)。
- Tutorial: http://code.dblock.org/ShowPost.aspx?id=103
- Waffle: http://dblock.github.io/waffle/
Waffle works on windows server only
华夫饼仅适用于Windows服务器
#3
Alternatively, if you're on a Windows server, you can have IIS do the authentication and redirect requests to Tomcat. Here's the documentation: http://tomcat.apache.org/connectors-doc/webserver_howto/iis.html
或者,如果您使用的是Windows服务器,则可以让IIS执行身份验证并将请求重定向到Tomcat。这是文档:http://tomcat.apache.org/connectors-doc/webserver_howto/iis.html
#4
- JCIF is now (2011) deprecated (does not support NTLM v2).
- JESPA is not free but may work out for you
- Waffle is windows server only
JCIF现在(2011)已被弃用(不支持NTLM v2)。
JESPA不是免费的,但可能会为您服务
华夫饼干只是Windows服务器
You may want to check out UnboundID's LDAP solution www.unboundid.com/products/ldapsdk/ Haven't tried it yet but seems like a compromise.
您可能想要查看UnboundID的LDAP解决方案www.unboundid.com/products/ldapsdk/尚未尝试过,但似乎是妥协。
Here is a quick comparison between UnboundID SDK, JNDI and Netscape SDK: www.unboundid.com/products/ldap-sdk/docs/advantages/comparison.php . It may be biased since it's on unbound's website but hey, gives you a good idea why you might consider it.
以下是UnboundID SDK,JNDI和Netscape SDK之间的快速比较:www.unboundid.com/products/ldap-sdk/docs/advantages/comparison.php。它可能有偏见,因为它在未绑定的网站上,但是,嘿,让你知道为什么你可以考虑它。
#5
people from the JCIFS project (the one reerenced in mkoller's answer) says that the solution they provide is not compatible with NTLMv2...
来自JCIFS项目的人(mkoller的回答中提到的人)说他们提供的解决方案与NTLMv2不兼容......
http://jcifs.samba.org/src/docs/ntlmhttpauth.html
you should check http://www.ioplex.com/jespa.html, which is not free...
你应该查看http://www.ioplex.com/jespa.html,这不是免费的......
#6
I have used JCIFS, Waffle and IIS side by side.
我并排使用了JCIFS,Waffle和IIS。
- JCIFS does not support NTLM v2, sometimes prompts users
- Waffle support NTLM v2, but sometimes prompts user
- IIS is the only solutio where promptless NTLM authentication works 100% of the time
JCIFS不支持NTLM v2,有时会提示用户
Waffle支持NTLM v2,但有时会提示用户
IIS是唯一可以在100%的时间内进行无提示NTLM身份验证的解决方案