Windows将凭据传播到Java桌面应用程序 [英] Windows propagation of credentials to Java desktop application

问题描述

是否可以使用凭证（甚至是用户在登录Windows时输入的令牌，比如XP）。我在这里搜索的是没有应用单点登录（需要再次登录），但单点登录将是MS Windows登录窗口。

Is it possible to use the credentials (or even a token, that a user entered when he logged in windows, lets say XP). what I am in search here is not applying a single sign on (which requires signing in again), but the single sign on would be that of the MS windows log-in window.

这可能吗？我理解Windows中的安全性也很重要，但是没有办法获得令牌并在其他认证机制中使用它吗？

Is this possible? I understand security in windows is of high importance as well, but isn't there a way to get a token and use it in some other authentication mechanism?

注意：首先并且只有登录才能登录Microsoft Windows登录窗口，然后用户就可以使用缓存的凭据访问我的应用程序（但没有重新登录）。

Note: first and only sign in would be that of the Microsoft Windows Log in window and then the user would be able to access my application using the cached credentials (but without re loggin in).

推荐答案

如果您的计算机是域成员，则可以执行此操作。 Google for GSSAPI。并使用此字符串进行登录模块配置：

You can do it if your machine is a member of domain. Google for GSSAPI. And use this string for your login module configuration:

com.sun.security.auth.module.Krb5LoginModule required debug=true  useTicketCache=true doNotPrompt=true;

注意，这只适用于Sun的JVM，据我所知IBM JVM不支持获取来自OS的票证。

Note, this works only for Sun's JVM, as far as I know IBM JVMs do not support getting the ticket from OS.

此外，这里有更多信息供您参考： http://msmvps.com/blogs/sp/archive/2007/06/05/integrating-java-jdbc-and- kerberos.aspx

Also, here is more information for you: http://msmvps.com/blogs/sp/archive/2007/06/05/integrating-java-jdbc-and-kerberos.aspx

此外，为了在现代版本的Windows上运行，您必须调整注册表设置：

Also, for this to work on modern version of Windows you have to tweak your registry settings:

• 在Windows Server 2003和Windows 2000 SP4上，这是必需的注册表设置：

• On the Windows Server 2003 and Windows 2000 SP4, here is the required registry setting:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\Parameters

• 值名称： allowtgtsessionkey


• 值类型： REG_DWORD


• 价值： 0x01


• Value Name: allowtgtsessionkey
• Value Type: REG_DWORD
• Value: 0x01

这是Windows XP SP2上的注册表设置的位置：

Here is the location of the registry setting on Windows XP SP2:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa\Kerberos\







• 价值名称： allowtgtsessionkey


• 价值类型： REG_DWORD


• 价值： 0x01


• Value Name: allowtgtsessionkey
• Value Type: REG_DWORD
• Value: 0x01

这篇关于Windows将凭据传播到Java桌面应用程序的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！