Does there exist a mechanism by which Tomcat can be made to use NTLM authentication?
* * * * * *
An existing web application that is written in Perl (with Apache as the webserver) is
to be enhanced and re-written in JSP (with Tomcat as the JSP/servlet engine).
The existing "Perl and Apache" website is configured to use mod_ntlm, in order to
establish the identity of the Windows desktop user running IE5.01 that is accessing
the Perl page; in order to determine whether the user is authorized for that
particular page, the Perl script looks up the username in a website-specific database.
That is, the authentication process is handled via the normal login to NT (later, the
Web browser supplies the NT username information to the web server when the Web
browser resubmits its request as an authenticated request); the per-page
authorization process is internal to the web application.
The problem for the re-write in JSP is that while Tomcat does support Basic
authentication, Digest authentication, and Forms authentication, I have not been able
to find a mechanism by which Tomcat can made to use NTLM authentication.
I do not wish to start a discussion on the wisdom of using NTLM in the manner
described; this is the existing behavior that the re-write in JSP is to mimic.
I would be grateful for any hints towards the answer of the question: can Tomcat be
configured (or extended) to use NTLM authentication?
Thanks!
Bill Storey
UNICOM
==========================================================================To
unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
For digest: mailto [EMAIL PROTECTED] with body: "set JSP-INTEREST DIGEST".
Some relevant FAQs on JSP/Servlets can be found at:
http://archives.java.sun.com/jsp-interest.html
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.jsp
http://www.jguru.com/faq/index.jsp
http://www.jspinsider.com
