Preface
No need to say what SSO is-single-point logon.
There is currently a small web project that uses a domain account to control permissions. The corresponding functions are simple.
Use a browser to access a machine,
If this machine is logged on with a domain account, go to the page;
If you do not use a domain account to log on, use the user name and password to log on.
Solution 1: Compare Account Logon
This solution is not recommended, but it was previously used by the system.
The idea of this solution is:
1. The system has a set of user information tables (user name, domain account name, and password)
2. Obtain the domain username of the Client Login machine.
3. Check whether the domain user name exists in the System user information table. If yes, log on to the system.
For details about how to obtain the domain username of the Client Login machine, refer:
How to obtain client machine information in a java web project
The applet can obtain the login domain users, but it is slightly complicated to use the applet.
The NTLM method can also be used. However, if it is firefox, a dialog box for entering the domain account username and password will pop up. However, if you enter another user's account, there will be serious security problems.
To use the account comparison method, you cannot enter an account as a user, because the password of the domain account is not verified at all.
Solution 2: jcifs Verification
To ensure high security, you must verify that the domain account and password are correct.
Jcifs is an open-source package.
1. Download jcifs
Download the latest jar file to the http://jcifs.samba.org/src/, the latest version is jcifs-1.3.17.jar
2. Export the jar file to the project's web-inf/lib directory.
3. modify web. xml
NtlmHttpFilter
jcifs.http.NtlmHttpFilter
jcifs.http.domainController
ADHost
jcifs.smb.client.username
user
jcifs.smb.client.password
password
jcifs.util.loglevel
2
NtlmHttpFilter
/*
Filter is nothing to say.
Jcifs. http. domainController -- configure the Domain Server
Jcifs. smb. client. username-view the Domain Server user name
Jcifs. smb. client. password-view the password of the Domain Server
Others
If you use a domain account to log on to the client,
When IE is used, Chrome does not pop up a dialog box for entering the domain account and password, because it automatically transmits the information to the server.
However, if you use firefox, the enter domain account and password dialog box is always displayed. You can set it as follows.
1. Enter "about: config" in the Firefox address bar.
2. Enter NTLM in the filter.
3. Double-click network. automatic-ntlm-auth.trusted-uris,
4. Enter localhost in the input value (set according to the actual situation)
5. Close Firefox and open it again.