Versions Compared

Old Version 2

changes.mady.by.user Shaun Forbes

Saved on

compared with

New Version 3

changes.mady.by.user Graeme Taylor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Windows

Description

Windows security involves two processes, authenticating the user with Weave using their Windows username and using information contained in an Active Directory server to determine what a user has access to.

The first process can be implemented independently of the second, and while the second could be implemented independently of the first it doesn't really make sense.

Integrated Authentication

To implement Windows integrated authentication and allow internal users to login to Weave automatically using their Windows username involves editing the security.xml file to replace the login form with handling with the NTLM processor.

...

Code Block
xml
xml
linenumberstrue
	<bean id="ntlmProcessingFilter" class="org.acegisecurity.ui.ntlm.NtlmProcessingFilter">
		<property name="defaultDomain"><value>DOMAINNAME</value></property>
		<property name="domainController"><value>172.16.0.30</value></property>
		<property name="authenticationEntryPoint" ref="ntlmEntryPoint"/>
		<property name="authenticationManager" ref="ntlmAuthenticationManager"/>
		<property name = "JCifsProperties">
			<map>
				<entry key="jcifs.smb.client.username">
					<value>username</value>
				</entry>
				<entry key="jcifs.smb.client.password">
					<value>password</value>
				</entry>
			</map>
		</property>
	</bean>

Active Directory

Information about what active directory groups a user belongs to can be used to provide role information to Weave for the users that are authenticated using Windows integrated authentication, removing the need to utilize the users.properties file.

...