如何使用Windows登录单点登录和桌面Java应用程序Active Directory条目? [英] How to use Windows login for single-sign-on and for Active Directory entries for Desktop Java application?
问题描述
我想有我的桌面Java应用程序,对相关的单点登录到 Active Directory用户。在两个步骤,我想:
I'd like to have my desktop Java application to have single sign on related to Active Directory users. In two steps, I'd like to :
- 在确保特定的用户登录到Windows的一些用户输入。
- 检查出一些设置信息从Active Directory 用户
通过<一个href="http://stackoverflow.com/questions/31394/java-programatic-way-to-determine-current-windows-user">http://stackoverflow.com/questions/31394/java-programatic-way-to-determine-current-windows-user我可以得到当前Windows用户的名字,但我可以依靠这个问题?我觉得
With http://stackoverflow.com/questions/31394/java-programatic-way-to-determine-current-windows-user I can get the name of the current Windows user but can I rely to that? I think the
System.getProperty("user.name")
将不够安全? (user.name似乎是从环境变量得到的,所以我不能靠,我认为?)
won't be secure enough? ("user.name" seems to be got from environment variables, so I can't rely on that, I think?)
问题<一href="http://stackoverflow.com/questions/390150/authenticating-against-active-directory-with-java-on-linux">http://stackoverflow.com/questions/390150/authenticating-against-active-directory-with-java-on-linux 提供我要定名称的认证+通过,但我想基于Windows的登录验证?
Question http://stackoverflow.com/questions/390150/authenticating-against-active-directory-with-java-on-linux provides me the authentication for given name+pass but I'd like to authenticate based on the Windows logon?
有关的Active Directory访问时,LDAP很可能是的choise?
For the Active Directory access, the LDAP would probably be the choise?
我不完全确信,如果我提出正确的问题,但希望有人有一些想法转发我。
I'm not totally sure if I'm asking the right questions but hopefully somebody has some ideas to forward me on.
推荐答案
它不支持。 Java 6中有改进,但还不够。
It is not supported. Java 6 has improvements, but not enough yet.
Java有它自己的安全总局堆栈。问题是单点登录,您需要从操作系统(不是Java栈)获得Kerberos票据。否则,用户必须进行身份验证,第二次(击败单点登录的目的)。
Java has its own GSS stack. The problem is for single sign-on, you need to get the Kerberos ticket from the OS (not the Java stack). Otherwise the user has to authenticate a second time (defeating the purpose of single sign-on).
看<一href="http://java.sun.com/developer/technicalArticles/J2SE/security/">http://java.sun.com/developer/technicalArticles/J2SE/security/.往下看的访问本地GSS-API,它讲述一个新的系统属性sun.security.jgss.native,当设置为true会导致Java来使用底层操作系统安全总局的实施,使访问操作系统级别的认证。完美!....但它仅支持Solaris和Linux,而不是微软的Windows。
Look at http://java.sun.com/developer/technicalArticles/J2SE/security/. Look down for "Access Native GSS-API" and it talks about a new system property sun.security.jgss.native which when set to true causes Java to use the underlying OS GSS implementation, giving access to the OS level authentication. Perfect!.... except its only supported for Solaris and Linux, not Microsoft Windows.
Java 6中不过确实出现了有作为足够的支持的服务器的接收IE SPNEGO认证请求,然后验证对Active Directory用户。它只是桌面客户端支持,这仍然是不完整的。
Java 6 however does appear to have enough support for acting as a server receiving SPNEGO authentication requests from IE and then authenticating that user against Active Directory. Its just the desktop client support that is still incomplete.
这篇关于如何使用Windows登录单点登录和桌面Java应用程序Active Directory条目?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
