Windows Authentication How-To

最新推荐文章于 2021-03-16 07:58:07 发布
转载 最新推荐文章于 2021-03-16 07:58:07 发布 · 540 阅读 · 1 ·
CC 4.0 BY-SA版权
原文链接:https://tomcat.apache.org/
文章标签:

#java

本文详细介绍了在Apache Tomcat中实现Windows身份验证的各种方法,包括内置支持、使用第三方库如Waffle和通过反向代理如IIS或Apache httpd进行身份验证。文章深入讲解了Kerberos配置步骤,适用于Windows和Linux服务器。

Tomcat Home
The Apache Software Foundation
Apache Tomcat 10
Version 10.0.0-M4, Apr 3 2020
Links

Docs Home
FAQ
User Comments

User Guide

1) Introduction
2) Setup
3) First webapp
4) Deployer
5) Manager
6) Host Manager
7) Realms and AAA
8) Security Manager
9) JNDI Resources
10) JDBC DataSources
11) Classloading
12) JSPs
13) SSL/TLS
14) SSI
15) CGI
16) Proxy Support
17) MBeans Descriptors
18) Default Servlet
19) Clustering
20) Load Balancer
21) Connectors
22) Monitoring and Management
23) Logging
24) APR/Native
25) Virtual Hosting
26) Advanced IO
27) Mavenized
28) Security Considerations
29) Windows Service
30) Windows Authentication
31) Tomcat's JDBC Pool
32) WebSocket
33) Rewrite
34) CDI 2 and JAX-RS
35) GraalVM Support

Reference

Release Notes
Configuration
Tomcat Javadocs
Servlet 5.0 Javadocs
JSP 3.0 Javadocs
EL 4.0 Javadocs
WebSocket 2.0 Javadocs
JASPIC 2.0 Javadocs
Annotations 2.0 Javadocs
JK 1.2 Documentation

Apache Tomcat Development

Building
Changelog
Status
Developers
Architecture
Functional Specs.
Tribes

Windows Authentication How-To
Table of Contents

Overview
Built-in Tomcat support
    Domain Controller
    Tomcat instance (Windows server)
    Tomcat instance (Linux server)
    Web application
    Client
    References
Third party libraries
    Waffle
    Spring Security - Kerberos Extension
    Jespa
    SPNEGO AD project at SourceForge
Reverse proxies
    Microsoft IIS
    Apache httpd

Overview

Integrated Windows authentication is most frequently used within intranet environments since it requires that the server performing the authentication and the user being authenticated are part of the same domain. For the user to be authenticated automatically, the client machine used by the user must also be part of the domain.

There are several options for implementing integrated Windows authentication with Apache Tomcat. They are:

Built-in Tomcat support.
Use a third party library such as Waffle.
Use a reverse proxy that supports Windows authentication to perform the authentication step such as IIS or httpd.

The configuration of each of these options is discussed in the following sections.
Built-in Tomcat support

Kerberos (the basis for integrated Windows authentication) requires careful configuration. If the steps in this guide are followed exactly, then a working configuration will result. It is important that the steps below are followed exactly. There is very little scope for flexibility in the configuration. From the testing to date it is known that:

The host name used to access the Tomcat server must match the host name in the SPN exactly else authentication will fail. A checksum error may be reported in the debug logs in this case.
The client must be of the view that the server is part of the local trusted intranet.
The SPN must be HTTP/<hostname> and it must be exactly the same in all the places it is used.
The port number must not be included in the SPN.
No more than one SPN may be mapped to a domain user.
Tomcat must run as the domain account with which the SPN has been associated or as domain admin. It is NOT recommended to run Tomcat under a domain admin user.
Convention is that the domain name (dev.local) is always used in lower case. The domain name is typically not case sensitive.
Convention is that the Kerberos realm name (DEV.LOCAL) is always used in upper case. The realm name is case sensitive.
The domain must be specified when using the ktpass command.

There are four components to the configuration of the built-in Tomcat support for Windows authentication. The domain controller, the server hosting Tomcat, the web application wishing to use Windows authentication and the client machine. The following sections describe the configuration required for each component.

The names of the three machines used in the configuration examples below are win-dc01.dev.local (the domain controller), win-tc01.dev.local (the Tomcat instance) and win-pc01.dev.local (client). All are members of the dev.local domain.

Note: In order to use the passwords in the steps below, the domain password policy had to be relaxed. This is not recommended for production environments.
Domain Controller

These steps assume that the server has already been configured to act as a domain controller. Configuration of a Windows server as a domain controller is outside the scope of this how-to. The steps to configure the domain controller to enable Tomcat to support Windows authentication are as follows:

Create a domain user that will be mapped to the service name used by the Tomcat server. In this how-to, this user is called tc01 and has a password of tc01pass.
Map the service principal name (SPN) to the user account. SPNs take the form <service class>/<host>:<port>/<service name>. The SPN used in this how-to is HTTP/win-tc01.dev.local. To map the user to the SPN, run the following:

setspn -A HTTP/win-tc01.dev.local tc01

Generate the keytab file that the Tomcat server will use to authenticate itself to the domain controller. This file contains the Tomcat private key for the service provider account and should be protected accordingly. To generate the file, run the following command (all on a single line):

ktpass /out c:\tomcat.keytab /mapuser tc01@DEV.LOCAL
          /princ HTTP/win-tc01.dev.local@DEV.LOCAL
          /pass tc01pass /kvno 0

Create a domain user to be used on the client. In this how-to the domain user is test with a password of testpass.

The above steps have been tested on a domain controller running Windows Server 2019 Standard using the Windows Server 2016 functional level for both the forest and the domain.
Tomcat instance (Windows server)

These steps assume that Tomcat and a Java 8 JDK/JRE have already been installed and configured and that Tomcat is running as the tc01@dev.local user. The steps to configure the Tomcat instance for Windows authentication are as follows:

Copy the tomcat.keytab file created on the domain controller to $CATALINA_BASE/conf/tomcat.keytab.
Create the kerberos configuration file $CATALINA_BASE/conf/krb5.ini. The file used in this how-to contained:

[libdefaults]
default_realm = DEV.LOCAL
default_keytab_name = FILE:c:\apache-tomcat-10.0.x\conf\tomcat.keytab
default_tkt_enctypes = rc4-hmac,aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96
default_tgs_enctypes = rc4-hmac,aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96
forwardable=true

[realms]
DEV.LOCAL = {
        kdc = win-dc01.dev.local:88
}

[domain_realm]
dev.local= DEV.LOCAL
.dev.local= DEV.LOCAL

The location of this file can be changed by setting the java.security.krb5.conf system property.
Create the JAAS login configuration file $CATALINA_BASE/conf/jaas.conf. The file used in this how-to contained:

com.sun.security.jgss.krb5.initiate {
    com.sun.security.auth.module.Krb5LoginModule required
    doNotPrompt=true
    principal="HTTP/win-tc01.dev.local@DEV.LOCAL"
    useKeyTab=true
    keyTab="c:/apache-tomcat-10.0.x/conf/tomcat.keytab"
    storeKey=true;
};

com.sun.security.jgss.krb5.accept {
    com.sun.security.auth.module.Krb5LoginModule required
    doNotPrompt=true
    principal="HTTP/win-tc01.dev.local@DEV.LOCAL"
    useKeyTab=true
    keyTab="c:/apache-tomcat-10.0.x/conf/tomcat.keytab"
    storeKey=true;
};

The location of this file can be changed by setting the java.security.auth.login.config system property. The LoginModule used is a JVM specific one so ensure that the LoginModule specified matches the JVM being used. The name of the login configuration must match the value used by the authentication valve.

The SPNEGO authenticator will work with any Realm but if used with the JNDI Realm, by default the JNDI Realm will use the user’s delegated credentials to connect to the Active Directory. If only the authenticated user name is required then the AuthenticatedUserRealm may be used that will simply return a Principal based on the authenticated user name that does not have any roles.

The above steps have been tested on a Tomcat server running Windows Server 2019 Standard with AdoptOpenJDK 8u232-b09 (64-bit).
Tomcat instance (Linux server)

This was tested with:

Java 1.7.0, update 45, 64-bit
Ubuntu Server 12.04.3 LTS 64-bit
Tomcat 8.0.x (r1546570)

It should work with any Tomcat 8 release although it is recommended that the latest stable release is used.

The configuration is the same as for Windows but with the following changes:

The Linux server does not have to be part of the Windows domain.
The path to the keytab file in krb5.ini and jaas.conf should be updated to reflect the path to the keytab file on the Linux server using Linux style file paths (e.g. /usr/local/tomcat/...).

Web application

The web application needs to be configured to the use Tomcat specific authentication method of SPNEGO (rather than BASIC etc.) in web.xml. As with the other authenticators, behaviour can be customised by explicitly configuring the authentication valve and setting attributes on the Valve.
Client

The client must be configured to use Kerberos authentication. For Internet Explorer this means making sure that the Tomcat instance is in the “Local intranet” security domain and that it is configured (Tools > Internet Options > Advanced) with integrated Windows authentication enabled. Note that this will not work if you use the same machine for the client and the Tomcat instance as Internet Explorer will use the unsupported NTLM protocol.
References

Correctly configuring Kerberos authentication can be tricky. The following references may prove helpful. Advice is also always available from the Tomcat users mailing list.

IIS and Kerberos
SPNEGO project at SourceForge
Oracle Java GSS-API tutorial (Java 7)
Oracle Java GSS-API tutorial - Troubleshooting (Java 7)
Geronimo configuration for Windows authentication
Encryption Selection in Kerberos Exchanges
Supported Kerberos Cipher Suites

Third party libraries
Waffle

Full details of this solution can be found through the Waffle web site. The key features are:

Drop-in solution
Simple configuration (no JAAS or Kerberos keytab configuration required)
Uses a native library

Spring Security - Kerberos Extension

Full details of this solution can be found through the Kerberos extension web site. The key features are:

Extension to Spring Security
Requires a Kerberos keytab file to be generated
Pure Java solution

Jespa

Full details of this solution can be found through the project web site. The key features are:

Pure Java solution
Advanced Active Directory integration

SPNEGO AD project at SourceForge

Full details of this solution can be found through the project site. The key features are:

Pure Java solution
SPNEGO/Kerberos Authenticator
Active Directory Realm

Reverse proxies
Microsoft IIS

There are three steps to configuring IIS to provide Windows authentication. They are:

Configure IIS as a reverse proxy for Tomcat (see the IIS Web Server How-To).
Configure IIS to use Windows authentication
Configure Tomcat to use the authentication user information from IIS by setting the tomcatAuthentication attribute on the AJP connector to false. Alternatively, set the tomcatAuthorization attribute to true to allow IIS to authenticate, while Tomcat performs the authorization.

Apache httpd

Apache httpd does not support Windows authentication out of the box but there are a number of third-party modules that can be used. These include:

mod_auth_sspi for use on Windows platforms.
mod_auth_ntlm_winbind for non-Windows platforms. Known to work with httpd 2.0.x on 32-bit platforms. Some users have reported stability issues with both httpd 2.2.x builds and 64-bit Linux builds.

There are three steps to configuring httpd to provide Windows authentication. They are:

Configure httpd as a reverse proxy for Tomcat (see the Apache httpd Web Server How-To).
Configure httpd to use Windows authentication
Configure Tomcat to use the authentication user information from httpd by setting the tomcatAuthentication attribute on the AJP connector to false.

Copyright © 1999-2020, The Apache Software Foundation

SSL/TLS Configuration How-To 是一组指南,它详细说明了如何配置服务器以支持安全套接层(SSL)/传输层安全性(TLS)协议
BLOG域名:programb.blog.csdn.net
04-24 1771
SSL/TLS Configuration How-To 是一组指南,它详细说明了如何配置服务器以支持安全套接层(SSL)/传输层安全性(TLS)协议。如果你正在使用APR(Apache Portable Runtime)或JSSE(Java Secure Socket Extension)的OpenSSL实现,你可以配置替代引擎来增强或替换默认的SSL功能。其中一个关键点在于访问SSL会话ID,这有助于跟踪客户端与服务器之间的连接状态。
翻译《The Old New Thing》- How can I get the Windows Runtime HttpClient to display a ...
0x0007 的博客
06-22 966
在传统 Win32 应用中,如何通过 `IInitializeWithWindow` 接口确保 `HttpBaseProtocolFilter` 显示基本认证对话框,解决了因线程 UI 上下文不明确导致的问题。
Windows AuthenticationWindows 身份验证)通常指基于 Microsoft Windows 域的身份验证机制
BLOG域名:programb.blog.csdn.net
04-24 330
Windows AuthenticationWindows 身份验证)通常指基于 Microsoft Windows 域的身份验证机制,而 Linux 作为开源系统,需要通过特定工具和协议来实现与 Windows 域的集成。以下是在 Linux 系统中解析和实现 Windows Authentication 的详细指南:
asp.net Windows Authentication
qq_37112587的博客
02-10 841
一、Windows Authentication 1.1 概述 authentication——认证 作用是识别用户身份 Windows Authentication 用户提供windows账户信息进行身份验证 包括basic、digest以及集成windows认证 主要用于局域网内部 1.2 basic 采用“质询-应答”的方式 认证过程 客户端向服务器请求资源 服务端向客户端索要身份凭证,并在响应报头的WWW-Authenticate中标识认证方式为basic 浏览器识别到该报头,自
《Pro ASP.NET MVC 3 Framework》学习笔记之三十四 【验证与授权】
weixin_33739541的博客
06-15 308
使用windows验证(Using Windows Authentication) 在软件术语里面,验证的意思是测定身份。这个跟授权是完全分开的,授权是让合适的人做合适的事情,授权通常在验证之后发生。ASP.NET的验证功能也紧紧围绕识别访问者的身份并且设置决定实际的访问者能够做什么的安全上下文(security context)。最简单的验证方式就是把这个任务委托给IIS(这通常适合内部系统)...
Use windows authentication in our Java project to connect to SQL server
wy818的专栏
01-12 805
If we want to use windows authentication in our Java project, we need to modify the following content. Modify the SQL connection string. spring.datasource.url=jdbc:sqlserver://localhost:1433;databaseName=dbname;integratedSecurity=true; Modify the local
802.1X Port-Based Authentication HOWTO
03-19
值得注意的是,PEAP/MS-CHAPv2也被Windows XP SP1/Windows 2000 SP3支持。 #### 二、什么是802.1X? 802.1X-2001标准定义了端口基础网络访问控制的概念,即利用IEEE 802局域网基础设施的物理接入特性来提供一种...
Options: --networkMessageCompressors arg (=snappy,zstd,zlib) Comma-separated list of compressors to use for network messages General options: -h [ --help ] Show this usage information --version Show version information -f [ --config ] arg Configuration file specifying additional options --configExpand arg Process expansion directives in config file (none, exec, rest) --port arg Specify port number - 27017 by default --ipv6 Enable IPv6 support (disabled by default) --listenBacklog arg Set socket listen backlog size --maxConns arg (=1000000) Max number of simultaneous connections --pidfilepath arg Full path to pidfile (if not set, no pidfile is created) --timeZoneInfo arg Full path to time zone info directory, e.g. /usr/share/zoneinfo -v [ --verbose ] [=arg(=v)] Be more verbose (include multiple times for more verbosity e.g. -vvvvv) --quiet Quieter output --logpath arg Log file to send write to instead of stdout - has to be a file, not directory --logappend Append to logpath instead of over-writing --logRotate arg Set the log rotation behavior (rename|reopen) --timeStampFormat arg Desired format for timestamps in log messages. One of iso8601-utc or iso8601-local --setParameter arg Set a configurable parameter --extensions arg Specify paths to extensions to load --bind_ip arg Comma separated list of ip addresses to listen on - localhost by default --bind_ip_all Bind to all ip addresses --noauth Run without security --transitionToAuth For rolling access control upgrade. Attempt to authenticate over outgoing connections and proceed regardless of success. Accept incoming connections with or without authentication. --slowms arg (=100) Value of slow for profile and console log --slowTaskWaitTimeProfilingMs arg (=50) Value of slow wait time for tasks --slowOpSampleRate arg (=1) Fraction of slow ops to include in the profile and console log --profileFilter arg Query predicate to control which operations are logged and profiled --auth Run with security --clusterIpSourceAllowlist arg Network CIDR specification of permitted origin for `__system` access --profile arg 0=off 1=slow, 2=all --cpu Periodically show cpu and iowait utilization --sysinfo Print some diagnostic system information --noscripting Disable scripting engine --notablescan Do not allow table scans --proxyPort arg The port that accepts connections with a proxy protocol header. --keyFile arg Private key for cluster authentication --clusterAuthMode arg Authentication mode used for cluster authentication. Alternatives are (keyFile|sendKeyFile|sendX509|x509) Replication options: --oplogSize arg Size to use (in MB) for replication op log. default is 5% of disk space (i.e. large is good) Replica set options: --replSet arg arg is <setname>[/<optionalseedhostlist >] --replSetName arg arg is <setname> Serverless mode: --serverless arg Serverless mode implies replication is enabled, cannot be used with replSet or replSetName. Sharding options: --configsvr Assigns the config-server role to this node in a sharded cluster. The default listening port is 27019 and the default database directory is /data/configdb. --shardsvr Assigns the shard-server role to this node in a sharded cluster. The default listening port is 27018. --routerPort [=arg(=27016)] Assigns the router role to this node in a sharded cluster, and results in listening to a dedicated port (27016 by default) to serve routing requests. --maintenanceMode arg Allows this node to skip starting up sharding components or both replication and sharding components. This allows for performing maintenance on this node. To skip setting up just sharding components use --maintenanceMode=replic aSet. To skip setting up both sharding and replication components use --maintenanceMode=standalone. --replicaSetConfigShardMaintenanceMode Bypasses validation of configuration mismatches between startup parameters and the stored replSetConfig. Enables restarting the node as a configsvr even if the stored configuration is for a replica set, and vice versa. Storage options: --storageEngine arg What storage engine to use - defaults to wiredTiger if no data files present --dbpath arg Directory for datafiles - defaults to \data\db\ which is C:\data\db\ based on the current working drive --directoryperdb Each database will be stored in a separate directory --syncdelay arg Seconds between disk syncs --journalCommitInterval arg how often to group/batch commit (ms) --upgrade Upgrade db if needed --repair Run repair on all dbs --validate Run validation on all collections --restore This should only be used when restoring from a backup. Mongod will behave differently by handling collections with missing data files, allowing database renames, skipping oplog entries for collections not restored and more. --oplogMinRetentionHours arg (=0) Minimum number of hours to preserve in the oplog. Default is 0 (turned off). Fractions are allowed (e.g. 1.5 hours) TLS Options: --tlsOnNormalPorts Use TLS on configured ports --tlsMode arg Set the TLS operation mode (disabled|allowTLS|preferTLS|requireTLS ) --tlsCertificateKeyFile arg Certificate and key file for TLS. Certificate is presented in response to inbound connections always. Certificate is also presented for outbound connections if tlsClusterFile is not specified. --tlsCertificateKeyFilePassword arg Password to unlock key in the TLS certificate key file --tlsClusterFile arg Certificate and key file for internal TLS authentication. Certificate is presented on outbound connections if specified. --tlsClusterPassword arg Internal authentication key file password --tlsCAFile arg Certificate Authority file for TLS. Used to verify remote certificates presented in response to outbound connections. Also used to verify remote certificates from inbound connections if tlsClusterCAFile is not specified. --tlsClusterCAFile arg CA used for verifying remotes during inbound connections --tlsCRLFile arg Certificate Revocation List file for TLS --tlsDisabledProtocols arg Comma separated list of TLS protocols to disable [TLS1_0,TLS1_1,TLS1_2,TLS1_3 ] --tlsAllowConnectionsWithoutCertificates Allow client to connect without presenting a certificate --tlsAllowInvalidHostnames Allow server certificates to provide non-matching hostnames --tlsAllowInvalidCertificates Allow connections to servers with invalid certificates --tlsCertificateSelector arg TLS Certificate in system store --tlsClusterCertificateSelector arg SSL/TLS Certificate in system store for internal TLS authentication --tlsLogVersions arg Comma separated list of TLS protocols to log on connect [TLS1_0,TLS1_1,TLS1_2 ,TLS1_3] --tlsClusterAuthX509ExtensionValue arg If specified, clients who expect to be regarded as cluster members must present a valid X.509 certificate containing an X.509 extension for OID 1.3.6.1.4.1.34601.2.1.2 which contains the specified value. --tlsClusterAuthX509Attributes arg If specified, clients performing X.509 authentication must present a certificate with a subject name with the exact attributes and values provided in this config option to be treated as peer cluster nodes. AWS IAM Options: --awsIamSessionToken arg AWS Session Token for temporary credentials WiredTiger options: --wiredTigerCacheSizeGB arg Maximum amount of memory to allocate for cache in GB; Defaults to 1/2 of physical RAM. Only one of either wiredTigerCacheSizePct or wiredTigerCacheSizeGB can be provided --wiredTigerCacheSizePct arg Maximum amount of memory to allocate for cache as a percentage of physical RAM; Defaults to 1/2 of physical RAM and a minimum of 256MB. Only one of either wiredTigerCacheSizePct or wiredTigerCacheSizeGB can be provided --zstdDefaultCompressionLevel arg (=6) Default compression level for zstd compressor --wiredTigerJournalCompressor arg (=snappy) Use a compressor for log records [none|snappy|zlib|zstd] --wiredTigerDirectoryForIndexes Put indexes and data in different directories --wiredTigerLiveRestoreSource arg Path to the source for live restore. --wiredTigerLiveRestoreThreads arg (=8) Number of live restore background threads. --wiredTigerLiveRestoreReadSizeMB arg (=1) 'The read size for data migration, in MB, must be a power of two. This setting is a best effort. It does not force every read to be this size.' --wiredTigerCollectionBlockCompressor arg (=snappy) Block compression algorithm for collection data [none|snappy|zlib|zstd] --wiredTigerIndexPrefixCompression arg (=1) Use prefix compression on row-store leaf pages Windows Service Control Manager options: --install Install Windows service --remove Remove Windows service --reinstall Reinstall Windows service (equivalent to --remove followed by --install) --serviceName arg Windows service name --serviceDisplayName arg Windows service display name --serviceDescription arg Windows service description --serviceUser arg Account for service execution --servicePassword arg Password used to authenticate serviceUser
最新发布
11-22
### 解决 MongoDB 启动时 `Data directory \data\db not found` 错误 该错误表明 MongoDB 默认的数据存储目录 `\data\...- **`--serviceName`**:与 `--install` 配合使用,用于指定 MongoDB 作为 Windows 服务的名称。
Windows6.1-KB2732595-v2-x86.msu
07-10
RDP port can be changed for the container, follow this MS article: How to change the listening port for Remote Desktop. "Network Level Authentication" can be enabled for such node/containers. If ...
Windows Authentication(for archive only)
xhinker's blog
01-16 683
Question: Hi Friends,I need to use login name,password by using the system login name,password..please help me to do this.. i heard that it can be done by using IIS server..please me to do.. t
IntegratedWindowsAuthentication, Anonymous
RollingFeel的专栏
03-27 1269
公司运维 近日遇到一例IIS报错 自己百度了一下发现网上有相应的解决办法  原文为如下 分享一个关于WCF的小技巧,由于项目中 很多地方用了Jquery+WCF来实现Ajax异步获取数据,在开发环境下: 直接在vs.net里,右击svc文件在浏览器里浏览时(没有采用vs.net自带的aspx服务器,而是在项目属性里设置为直接使用IIS),提示以下错误: IIS 指定了
谈谈基于Kerberos的Windows Network Authentication
挖矿的小强的博客
12-05 613
前几天在给人解释Windows是如何通过Kerberos进行Authentication的时候,讲了半天也别把那位老兄讲明白,还差点把自己给绕进去。后来想想原因有以下两点:对于一个没有完全不了解Kerberos的人来说,Kerberos的整个Authentication过程确实不好理解——一会儿以这个Key进行加密、一会儿又要以另一个Key进行加密,确实很容易把人给弄晕;另一方面是我讲解方式有问题...
Windows 10 Home: Windows authentication安装
u011788214的专栏
11-16 1446
每个人电脑的文件名称可能不一样,需要在此文件夹下C:\Windows\servicing\Packages,找到IIS相关文件。然后运行如下代码,就可以在Win10家庭版安装IIS没有的Windows authentication组件。 Control Panel-> Turn Windows features on or off-> Internet Information Services -> World Wide Web Services -> Security
ansible authentication-options for windows
weixin_34347651的博客
09-11 104
2019独角兽企业重金招聘Python工程师标准>>> ...
用Window Authentication的方式去连接SQLServer
weixin_33850890的博客
09-27 431
用Window Authentication的方式去连接SQLServer Connection String: jdbc:sqlserver://${serverName};databaseName=${tableName};IntegratedSecurity=true 还需要把sqljdbc_auth.dll这个文件放到SoapUI bin目录。 转载于:https://www.cnbl...
java获取匿windows身份认证,Java:SpringBoot+Jwt+Shiro 身份权限认证
weixin_30375113的博客
03-16 374
在上文中描述了项目中MybatisPlus的代码生成功能。这里讲述Jwt+Shiro做身份和权限认证。笔者用自然语言描述一个工作流程:用户访问项目资源时,默认是不允许游客访问的,需要用户身份才可以访问,所以需要用户登录,放回一个token给用户,当用户需要访问资源时在request中携带token。后端会对token进行身份认证,通过后才允许访问,否则返回错误。而且对特殊的资源还添加了权限,并不是...
java windows 身份验证,身份验证的Windows用户在Java服务器
weixin_36260304的博客
02-16 248
I'm working on a server written in Java, and a client (a desktop application written in .Net) that runs on Windows machines on the same network. I would like to have some basic authentication so that...
how to use openssh-server
05-20
To use OpenSSH server on a Linux system, you need to follow these steps: 1. Install OpenSSH server: Run the following command in the terminal to install the OpenSSH server: ``` sudo apt-get install openssh-server ``` 2. Configure OpenSSH server: Open the configuration file `/etc/ssh/sshd_config` in a text editor and make necessary changes. For example, you can change the default port number, disable password authentication, and enable public key authentication. 3. Start OpenSSH server: Run the following command to start the OpenSSH server: ``` sudo systemctl start ssh ``` 4. Enable OpenSSH server: Run the following command to enable OpenSSH server to start automatically on system boot: ``` sudo systemctl enable ssh ``` 5. Connect to OpenSSH server: Use an SSH client, such as PuTTY on Windows or Terminal on Linux/Unix, to connect to the OpenSSH server. Specify the IP address or hostname of the server and the port number (if changed from the default). ``` ssh username@server_ip_address -p port_number ``` That's it! You can now securely access your Linux system remotely using OpenSSH server.
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值