Waffle is open source API which helps in windows based authentication. If project requirements is to auto login a user with Windows login credentials then Waffle provides one option to achieve the same.
Waffle supports Negotiate, NTLM and Kerberos. In this blog I will create a Java Web Project to demonstrate how to get the windows logged in credentials using Waffle.
Prerequisites:
- Tomcat
- Eclipse
- Create a new Dynamic Web Project in eclipse.
 |
| Create Dynamic Web Project |
- Add following jar files related to Waffle setup.
- commons-logging-1.1.1.jar
- guava-r07.jar
- jna.jar
- platform.jar
- waffle-jna.jar
- Next step will be to add the filter classes to handle SSO with windows.
Add filter class "waffle.servlet.NegotiateSecurityFilter", this class takes care of doing negotiation with windows system by invoking necessary classes with in the waffle jars.
- Sample code for the same is given below for web,xml file.
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://java.sun.com/xml/ns/javaee" xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd" id="WebApp_ID" version="3.0"> <display-name>WaffleDemo</display-name> <filter> <filter-name>SecurityFilter</filter-name> <filter-class>waffle.servlet.NegotiateSecurityFilter</filter-class> </filter> <filter-mapping> <filter-name>SecurityFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping> </web-app>
- This filter class takes several init-params, which can be added to customize the default behavior of the filter class. I will explain few of them below.
- allowGuestLogin - if this flag is set to true, Waffle will allow any guest user will also be authenticated and waffle will return true. This will allow all the user to access the application. This flag will be useful if you have requirement to allow guest user as well to login to app with some minimal access.
- waffle.servlet.spi.NegotiateSecurityFilterProvider/protocols - Here list of supported security protocol can be passed. like Negotiate, NTLM.
- principalFormat: Specifies the name format for the principal.
- roleFormat: Specifies the name format for the role.
- Next step will to add code in servlet to retrieve the user details.
request.getRemoteUser() // for getting the user name. session.getId();// will print the user session id. request.getUserPrincipal().getName() // this to get user name.
- now deploy the application on server and access the url, you should be able to see the user details.
- Now next step will be based on project need, if any local authorization needs to be implemented then you need custom implementation. Otherwise you are good to go.
No comments:
Post a Comment