Latest News from Zhiyong Li http://zhiyongli.sys-con.com/ Latest News from Zhiyong Li en Copyright 2012 Ulitzer.com Ulitzer.com Wed, 16 May 2012 19:12:10 EDT http://backend.userland.com/rss 360 Valve, JAAS and Filter in Tomcat http://zhiyongli.sys-con.com/node/1876662 Tomcat is a widely popular lightweight application server. When securing Tomcat web applications, Valve, JAAS and Filter are used in various scenarios. The challenges for developers are when to use each of these methods and how to integrate them together if more than one method is chosen. For example, the WebSeal agent discussed in the article [1] uses Valve. If a customer needs to integrate WebSeal and its own JAAS-based authentication module, they will need to know how to configure Tomcat to use both the WebSeal Agent Valve and the JAAS module and how to pass information between them. In this article, we will explain the concepts of Valve, JAAS and Filter, and their relationships such as the order that they get called. Through an example application, we will explain how you can use them together and pass information among them for an authentication process. How to configure and run the example application using Tomcat 7 will also be discussed. <p><a href="http://zhiyongli.sys-con.com/node/1876662" target="_blank">read more</a></p> Sun, 14 Aug 2011 06:15:00 EDT http://zhiyongli.sys-con.com/node/1876662 http://zhiyongli.sys-con.com/node/1876662#feedback IWA for a Spring Desktop and Web Application http://zhiyongli.sys-con.com/node/1326751 Integrated Windows Authentication (IWA) provides a user-friendly interface for single sign-on. IWA uses ‘Simple and Protected GSSAPI Negotiation Mechanism’ (SPNEGO) to allow the initiators and acceptors to negotiate the underlying protocol to be used for authentication. In this article, we will discuss how to enable SPENGO to support single sign-on for a two-tier web based application using the popular Spring framework. Even though we only focus on a two-tier application, there are multiple places in these two tiers that SPNEGO needs to be enabled. At the client side, we need the client code to require the use of the SPNEGO protocol; we need to enable the Spring HTTP Invoker to use the HTTP 4.0.1 client, which needs to be SPNEGO enabled. At the server side, we need to configure the application server to support SPNEGO and we need to secure the Spring web application using SPNEGO protocol. <p><a href="http://zhiyongli.sys-con.com/node/1326751" target="_blank">read more</a></p> Sat, 20 Mar 2010 09:15:00 EDT http://zhiyongli.sys-con.com/node/1326751 http://zhiyongli.sys-con.com/node/1326751#feedback