SQL Server JDBC可信连接身份验证如何工作? [英] How does the SQL Server JDBC Trusted Connection Authentication work?

问题描述

SQL Server JDBC可信连接身份验证如何工作? (即，受信任的连接如何以透明，优雅的方式对登录的AD用户进行身份验证，以及如何在没有数据库连接或不使用现有SQL Server解决方案的情况下，以Java方式为我的客户端-服务器应用程序实现类似的身份验证解决方案)

How does the SQL Server JDBC Trusted Connection Authentication work? (ie how does the trusted connection authenticate the logged in AD user in such a transparent and elegant fashion and how can I implement a similar authentication solution for my client-server applications in Java without a database connection or any use of the existing SQL Server solution.)

假设 *在Windows 2003域中工作 *您可以通过JNI/JNA访问Windows API

Assumptions * Working within a Windows 2003 domain * You have access to the Windows API via JNI/JNA

推荐答案

这取决于客户端.例如，如果您有一个Web浏览器，则它可以使用NTLM身份验证将当前客户端的域身份验证传递给服务器.在这种情况下，像IE或FF这样的浏览器都支持此功能，而您的Web服务器需要对NTLM的支持.例如，此处为Tomcat: http://jcifs.samba.org/src/docs/ntlmhttpauth.html

It depends on the client. For example if you have a Web Browser, it can use the NTLM Authentication to pass the domain authentication of your current client to the server. In this case the browser like IE or FF supports this, and you web server needs the support for NTLM. For example here for Tomcat: http://jcifs.samba.org/src/docs/ntlmhttpauth.html

还有SPNEGO协议与Kerberos结合使用，如下所述: http://java.sun.com/javase/6/docs/technotes/guides/security/jgss/lab/index.html

There is also the SPNEGO protcol in combination with Kerberos, as explained here: http://java.sun.com/javase/6/docs/technotes/guides/security/jgss/lab/index.html

如果您有自己的客户端，则取决于客户端的框架是否能够使用本地用户的安全上下文并能够将其传递.上面的页面至少在kerberos场景中对此进行了描述.

If you have your own client, it depends on the client's framework if it is able to use the local user's security context and is able to pass it on. The page above describes this at least for a kerberos scenario.

问候 伯恩德

PS:我不确定您是否可以将通过jcifs/ntmlm解决方案建立的身份验证上下文传递给SQL Server等后端组件.它应该与Kerberos票证一起使用(如果已配置).

PS: I am not sure if you can pass the authentication context established with the jcifs/ntmlm solution to a backend component like SQL Server. It should work with Kerberos tickets (if configured).

这篇关于SQL Server JDBC可信连接身份验证如何工作?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！