users@glassfish.java.net

Re: Glassfish and NT login Name

From: <glassfish_at_javadesktop.org>
Date: Sun, 16 Mar 2008 01:02:56 PST

Errr, it's not that simple..

Is this for an intranet? Is your PC a part of an Active Directory domain?

If so, you can most likely use SPNEGO negotiation (Glassfish has a SPNEGO authentication plugin available). This also means that you need a keytab file generated for you by your AD admins via the ktpass tool, moreover - you need to add the site's address to IE's local "Intranet Zone", or if you are using Firefox, the "network.negotiate-auth.trusted-uris" needs to be set.

Or you can use something like JCIFS (which has a servlet filter that performs NTLM negotiation) if your Windows Domain ain't AD enabled.

It basically works something like this

1) Request to Web Site
2) Website returns a Challenge (usually via a WWW-Authenticate header along with a 401 HTTP Error Code)
3) If trusted site, IE, Firefox will send a Negotiate Header via one of the following mechanisms (SPNEGO, or NTLM v.x).
4) At that point, you should be able to get the user principal (user name) from your web-app either through GSS API, or the JCIFS..
[Message sent by forum member 'gdaswani' (gdaswani)]

http://forums.java.net/jive/thread.jspa?messageID=264254