基于 Java 的 Web 应用程序的 Windows 身份验证，如何? [英] Windows Authentication for Java Based web applications, How to?

问题描述

我开发了几个基于 Java 的 Web 应用程序.这两个应用程序都有基于某些 ActiveX 目录实现的单独身份验证逻辑.

I have a couple of Java-based web applications developed. Both the applications have separate Authentication logic based on some ActiveX directory implementation.

现在，我需要将其更改为 Windows 身份验证，以便每当用户访问我的 Web 应用程序的 URL 时，我需要检查他的 Windows 凭据，而不是将他重定向到登录页面.

Now, I need to change this to Windows authentication so that whenever the user hits the URLs of my web applications, instead of redirecting him to login page I need to check his Windows credentials.

我不想将他的 Windows 凭据存储在 URL 中.

I do not want to store his windows credentials in URL.

有什么好的办法吗?

推荐答案

根据您希望 Web 应用程序具有的集成级别，Spring Security 应该几乎涵盖了您所追求的所有方面.

Depending on the level of integration you want your web application to have, Spring Security should have you covered in just about all aspects of what you are after.

如果重定向到登录页面并通过 LDAP 针对 Active Directory 服务器验证输入的凭据是可以接受的，那么 LDAP 扩展 是要走的路.

If redirecting to a login page and authenticating the entered credentials against an Active Directory server via LDAP is acceptable, then the LDAP extension is the way to go.

如果您想要更多的单点登录 (SSO) 流程并且您的用户已经针对相关的权威 Active Directory 服务器进行了身份验证(例如，他们已登录到域)，则 用于 Spring Security 的 Kerberos 插件 可能更有吸引力，因为您的用户只需转到 Web 应用程序并且不必经过任何其他身份验证步骤.系统会在幕后处理它.

If you want more of a Single Sign On (SSO) flow and your users are already authenticated against the authoritative Active Directory server in question (eg. they are logged in to the domain), then the Kerberos plugin for Spring Security may be more appealing, since your users will simply have to go to the web application and won't have to go through any other authentication steps. The systems will take care of it behind the scenes.

如果您首先尝试基于 Kerberos 的身份验证，您还可以组合/分层这些方法，如果失败，则回退到登录表单和基于 LDAP 的身份验证.

You can also combine / layer these approaches if you which and try Kerberos-based authentication first and if that falls through, fall back to a login form and LDAP-based authentication.

如果您需要更多，Spring Security 足够灵活，允许您在需要时使用 OpenID 或应用内身份验证.

If you need to go beyond that, Spring Security is flexible enough to allow you to use OpenID or in-app authentication as well if needed.

这篇关于基于 Java 的 Web 应用程序的 Windows 身份验证，如何?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！