I've been trying (really really) hard figuring out on how to integrate Windows Authentication with the OpenEJB exposed web services we have. This is my setup:
- Client is a .net web service client, it interacts with the server with typical SOAP messages. The username and password is not typed in, it's managed automatically by .NET. - Server has exposed web services (through OpenEJB and CXF). - On one web service method, it requires to get the user credentials to check on the active directory the user and get certain details about the current user. - We've currently added SPNEGO http servlet filter to manage the single sign on (we're also working with WAFFLE, we still haven't decided on which one to really use). - When you open a jsp page on the server it correctly sees the current logged-in user and displays the current username properly. What I'm having problems with is if I get the HTTPRequest object on any of the web service methods, it always displays "guest" as the user principal. This seems to bypass the whole SSO filter set-up (SPNEGO or Waffle), and logs in as guest. I've seen the examples for adding security to OpenEJB and it involves adding a JAAS setup wherein it requires a username and password. Since SPNEGO/Waffle is already managing the authentication and it's impossible to get the password from the kerberos ticket, this really wouldn't work for my setup. (Just to be clear, the password of the user would never-ever be provided, Kerberos is doing all the work) I need somehow for OpenEJB to use the servlet filter provided by Waffle/SPNEGO instead of it doing a "guest" login. --------- I've tried dummying the Web Service with Axis, the SPNEGO filter setup is the same, tomcat server is the same, the client exe application is the same. For that case it works, it gets the username of the current logged-in user automatically. When I switch over the web service to the OpenEJB implementation, it always just returns "guest". -- View this message in context: http://openejb.979440.n4.nabble.com/Integrated-Windows-Authentication-and-OpenEJB-tp3677881p3677881.html Sent from the OpenEJB User mailing list archive at Nabble.com.
