How to replace jCIFS with WAFFLE

Aug 11, 2010 at 9:29 PM

Hi All!

I am trying out the WAFFLE samples. So far no luck, which means I am missing something.

My questions:

  • How do you configure WAFFLE to perform
    Integrated Windows Authentication for a specific domain,
    similar to what jCIFS does?
  • How do make WAFFLE prompt for Windows Credentials
    when the browser is not yet configured for Integrated Windows Authentication?
  • The CHM is not very detailed yet.
    Is there an article you recommend showing
    how to define Windows Users and Roles in web.xml?
  • Can I use WAFFLE to authenticate a given domain, username, and password
    via Windows Authentication the same way jCIFS does?



Aug 12, 2010 at 8:52 AM
  • Is your server in the authenticating domain?

    Waffle works like IIS Integrated Auth. So as long as your server is in the domain with which you want to authenticate, drop waffle in and that's it. There's no configuration to do except for usual protected pages in Tomcat or whatever other web server you have.
  • The Negotiate Security Filter can do this, it supports Negotiate (NTLM/Kerberos) and BASIC in this order, by default.
  • Defining Windows Users and Roles is straightforward. If you want to allow a group to access some resource, use DOMAIN\Group as the role. If you think the documentation needs more content, please write it and submit a patch.
  • I am not sure I understood the question correctly. If you mean to take a machine A that is NOT on the domain D, and authenticate against domain D by hardcoding a username/password to D in some configuration file, then the answer is no. That's a terrible security practice IMHO.