Forum Stats

  • 3,814,405 Users
  • 2,258,870 Discussions


Tomcat/NT Authentication (if needed, with JAAS)

843811 Member Posts: 49,851
I'm running my Servlet/JSP application in Tomcat 3.2.3 on NT. Thinking about moving to Tomcat 4.0.

I searched for information regarding setting up Tomcat with NT authentication and am really confused. There's no decent documentation.

Can somebody please provide clear information?

I want to know how Tomcat's authentication methods (the J2EE web application authentication methods - BASIC, Form based etc) can be mapped to NT authentication. Basically I want the users to login to the web application using their NT domain accounts and passwords.

Tomcat 4.0 talks about Realms, is it something to do with this?

Where does JAAS come into this picture? I read about JAAS but couldn't really find decent information on integrating it with Tomcat.

I downloaded the sample application provided at, but couldn't get to work. It always fail to login.

Also I got the sample NT login modules from, I don't know how to integrate them with Tomcat.

I'd appreciate your help.
Thank you very much.


  • 843811
    843811 Member Posts: 49,851
    I'm having more or less the same kind of problems.
    I've just set up Tomcat 4.0, and according to the doc, it supports both, basic and form-based authentication.

    About the realms, that's a different story.. the realms are collections of users, passwords and roles.
    Tomcat 4.0 can use three different kinds:
    Memory realm: text file with <user> <password> <roles>
    JDBC realm: users, passwords and roles are stored in a database acceeded via JDBC
    JNDI realm: users, passwords and roles are stored in a LDAP server aceeded via JNDI.

    In tomcat 4 there's an application called "manager" made for administrating the server, which needs an administrator role. Since there's nobody with this role by default, it's a good way to begin to play with the different realms...

    hope this will help..

    best regards
  • 843811
    843811 Member Posts: 49,851
    Yes, but what about NT/Auth integration?

    I'm not sure that kind of integration with the Java platform even exists. I know it is a much desired feature in most enterprises and is where Microsoft has the upper hand, since Microsoft's IIS supports NT authorization.

    I know IE sends the NT SID (which identifies a user on NT) to web servers that request it so all we need is a realm which can accept that and verify it against an NT domain controller.

    Is this possible, and does Sun have any plans to support such capability? I know that in my company, we develop both Windows DNA web apps and Java web apps, and this issue keeps coming up on our side.

    Arik Kfir.
This discussion has been closed.