Jamais deux sans trois.
Download
Download Waffle 1.3.
Configure Tomcat
Copy Files
Copy waffle-jna.jar, jna.jar and platform.jar to Tomcat’s lib directory. You can package these files with your application, but this is easier for the demonstration.
Security Filter
Add the security filter to WEB-INF\web.xml.
<filter>
<filter-name>SecurityFilter</filter-name>
<filter-class>waffle.servlet.NegotiateSecurityFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>SecurityFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
That’s it.
Demo Application
A demo application can be found in the Waffle distribution in the Samples\Tomcat\waffle-filter directory. Copy the entire directory into Tomcat’s webapps directory and navigate to https://localhost:8080/waffle-filter.
Retrieving User Principal
If you’re familiar with Tomcat you’ll be surprised that <%= request.getUserPrincipal().getName() %> works in a JSP page with this filter in place and no realm configuration. Theoretically Tomcat says you cannot assign a Principal to the request in a filter. The guys at the Tomcat Security Filter Project found a very simple solution – wrap the request up and pass the wrapper into the next filter in the chain.
WindowsPrincipal windowsPrincipal = new WindowsPrincipal(windowsIdentity, null, _principalFormat, _roleFormat);
subject.getPrincipals().add(windowsPrincipal);
session.setAttribute("javax.security.auth.subject", subject);
NegotiateRequestWrapper requestWrapper = new NegotiateRequestWrapper(request, windowsPrincipal);
chain.doFilter(requestWrapper, response);