6
我试图在Windows上实现SSO(Java)。最近,我发现this example究竟做什么,我想与Waffle做:这是什么华夫饼SSO示例
// client credentials handle
IWindowsCredentialsHandle credentials= WindowsCredentialsHandleImpl.getCurrent("Negotiate");
credentials.initialize();
// initial client security context
WindowsSecurityContextImpl clientContext = new WindowsSecurityContextImpl();
clientContext.setPrincipalName(Advapi32Util.getUserName());
clientContext.setCredentialsHandle(credentials.getHandle());
clientContext.setSecurityPackage(securityPackage);
clientContext.initialize();
// accept on the server
WindowsAuthProviderImpl provider = new WindowsAuthProviderImpl();
IWindowsSecurityContext serverContext = null;
do {
if (serverContext != null) {
// initialize on the client
SecBufferDesc continueToken = new SecBufferDesc(Sspi.SECBUFFER_TOKEN, serverContext.getToken());
clientContext.initialize(clientContext.getHandle(), continueToken);
}
// accept the token on the server
serverContext = provider.acceptSecurityToken(clientContext.getToken(), "Negotiate");
} while (clientContext.getContinue() || serverContext.getContinue());
System.out.println(serverContext.getIdentity().getFqn());
for (IWindowsAccount group : serverContext.getIdentity().getGroups()) {
System.out.println(" " + group.getFqn());
}
...
的例子很简单,它的工作原理和它的接缝做的正是我想要的。但我不明白它是如何工作的。
- 在后台发生了什么?
- Waffle是否从Windows获取Kerberos票证?
- 服务器如何验证客户机票?
- 我可以绝对信任我从服务器上下文中获得的do-loop 后得到的用户组吗?
谢谢。托马斯。
如果我设置了这段代码,我添加了对jar的引用,我可以编译我的jar,但是在运行时,tomcat抛出Advautil32无法解析,我需要把华夫饼罐放在哪里?谢谢 – ilansch