I had to build a custom security class for authenticating against an NT (Win2K Active Directory) domain. Although this does require entry of credentials it is better than a properties file. This class uses AD for authentication and SQLServer for group information (we wanted a single place to store group/role information).
The connection attributes are passed in from orion-application.xml as per this article: http://kb.atlassian.com/content/orionsupport/articles/usermanager.html I have attached the Java source. KJ Original Message: ----------------- From: Brian Smith [EMAIL PROTECTED] Date: Fri, 15 Mar 2002 20:03:58 -0600 To: [EMAIL PROTECTED] Subject: Re: Using NT security If you use the JAAS module, or if you use the Windows SSPI to authenticate, you will never need to user's password. The SSPI API provides a "LogonUser" function that can be used to say "is 'password' the correct password domain\user". If you search for "LogonUser and JNI" on the internet there is a short article explaining how to do this very simply. I assume the JAAS has a similar feature. What is not easy with the Windows API is asking "is domain\user in group 'group-name'?". It would be cool if somebody could share a UserManager implementation that used the above technique and/or the JAAS equivalent. - Brian Justin Crosbie wrote: > Yuk, that is messy. Accessing the NT API? Using the JNI, I presume? > Thanks though, I'll give those a try, much appreciated :) > > > > So what does everyone else do, put the passwords into principals.xml and > set the file to not readable? > > > > Thanks, > > Justin > > > -----Original Message----- > *From:* Andre Vanha [mailto:[EMAIL PROTECTED]] > *Sent:* 13 March 2002 19:19 > *To:* Orion-Interest > *Subject:* RE: Using NT security > > Take a look at the sample JAAS modules that you can download from > Sun in conjunction with JAAS. Specifically, they include an NT > module which can be used to retrieve username and group information > for a running process. > > > > Note however, there is no way to retrieve a password for a logged on > user, at least not included with the JAAS module. The NT API does > provide functions for retrieving a user's password, but in that case > the domain/NTServer must be configured to store plain-text > passwords, which is something most people don't do anyway. > > > > Exchange definitely offers an alternative authentication mechanism, > but that falls outside of the standard javamail SMTP interface. > > > > Andre > > > > > > > -----Original Message----- > *From:* Justin Crosbie [mailto:[EMAIL PROTECTED]] > *Sent:* Wednesday, March 13, 2002 10:16 AM > *To:* Orion-Interest > *Subject:* Using NT security > > Hi all, > > > > I checked the archives and support pages for this, didn't seem > to find it. > > > > Is there any way to get Orion to use the NT username+password of > whoever is logged in, for running client apps? Currently I'm > reading them from a config file, which obviously is not ideal. > > > > Also, I am using the <mail-session> properties to configure a JavaMail >session. Thus I have the > userame+password of this hardcoded into application.xml. Anyone > know of a way I could use the NT logged on credentials to > specify the mail.smtp.user and mail.smtp.password properties of > the session? It is an Exchange server. (Probably OT, apologies > if it is). > > > > Thanks, > > Justin > > > -------------------------------------------------------------------- mail2web - Check your email from the web at http://mail2web.com/ .
3D"AD_SQLSecurityManager.java"
Description: AD_SQLSecurityManager.java
