Daniel Doubrovkine bio photo

Daniel Doubrovkine

aka dB., CTO at artsy.net, fun at playplay.io, NYC

Email Twitter LinkedIn Github

Jamais deux sans trois.

waffle

Download

Download Waffle 1.3.

Configure Tomcat

Copy Files

Copy waffle-jna.jar, jna.jar and platform.jar to Tomcat’s lib directory. You can package these files with your application, but this is easier for the demonstration.

Security Filter

Add the security filter to WEB-INF\web.xml.

<filter>
  <filter-name>SecurityFilter</filter-name>
  <filter-class>waffle.servlet.NegotiateSecurityFilter</filter-class>
</filter>
<filter-mapping>
  <filter-name>SecurityFilter</filter-name>
  <url-pattern>/*</url-pattern>
</filter-mapping>

That’s it.

Demo Application

A demo application can be found in the Waffle distribution in the Samples\Tomcat\waffle-filter directory. Copy the entire directory into Tomcat’s webapps directory and navigate to http://localhost:8080/waffle-filter.

Retrieving User Principal

If you’re familiar with Tomcat you’ll be surprised that <%= request.getUserPrincipal().getName() %> works in a JSP page with this filter in place and no realm configuration. Theoretically Tomcat says you cannot assign a Principal to the request in a filter. The guys at the Tomcat Security Filter Project found a very simple solution – wrap the request up and pass the wrapper into the next filter in the chain.

WindowsPrincipal windowsPrincipal = new WindowsPrincipal(windowsIdentity, null, _principalFormat, _roleFormat);
subject.getPrincipals().add(windowsPrincipal);
session.setAttribute("javax.security.auth.subject", subject);
NegotiateRequestWrapper requestWrapper = new NegotiateRequestWrapper(request, windowsPrincipal);
chain.doFilter(requestWrapper, response);