Use 'Integrated Windows Authentication' in web client

Classic Servoy
1

Hi,

In corporate intranets based on Windows desktops and IIS users expect to be seamlessly logged on to web applications by the Integrated Windows Authentication feature of IE and IIS.

Before using Servoy to develop our web application we used the open source Java library WAFFLE (waffle-parent – About) to support this on Tomcat. Is something similar possible with the Servoy web client?

2

We have used UrlRewriteFilter to tidy up the long Servoy URL of Servoy when deploying web applications.

We use UrlRewriteFilter because it is a Java Web Filter for the Tomcat application server. Servoy uses Tomcat.

I suppose that if you used the Java library WAFFLE to support Windows Authentication feature of IE and IIS on Tomcat, WAFFLE should also work on Servoy/Tomcat.

Hope this helps, but honestly I am not an expert on these matters.

Good luck, JC

3

Yes this is possible. As jcarlos mentioned Servoy embeds Tomcat (%SERVOY_HOME%\application_server\server) so you can configure the embedded Tomcat instance as you normally would for Waffle, ensuring that the Servoy servlets require authentication (by adjusting %SERVOY_HOME%\application_server\server\webapps\ROOT\WEB-INF\web.xml appropriately).

Once Tomcat is configured you can change the login form in your Login solution to a simple splash screen and in onShow() do something like:

  var username = null;
  if (application.getApplicationType() == APPLICATION_TYPES.WEB_CLIENT)
  {
    /** @type {Packages.org.apache.wicket.protocol.http.WebRequestCycle} */
    var reqcycle = Packages.org.apache.wicket.RequestCycle.get();
    var request = reqcycle.getWebRequest().getHttpServletRequest();

    var principal = request.getUserPrincipal();
    if (!principal)
    {
      // This should never happen if Tomcat is properly configured...
      error = "Missing authentication information!";
    }
    else
    {
      username = principal.getName();
      // now call your authenticator with the pre-authenticated username...
      security.authenticate('my_authenticator', 'myAuthenticateMethod', [username]);
    }
  }

The Servoy authenticator won’t validate the credentials since they’ve been pre-authenticated and can simply call security.login().

If you need to map roles then things are a bit more complicated because JEE APIs don’t provide an method to get a list of the roles but you can hack around that by casting the Principal returned above to Tomcat’s proprietary GenericPrincipal and call getRoles() on that…