Daniel Doubrovkine bio photo

Daniel Doubrovkine

aka dB., @awscloud, former CTO @artsy, +@vestris, NYC

Email Twitter LinkedIn Github Strava
Creative Commons License

Jamais deux sans trois.



Download Waffle 1.3.

Configure Tomcat

Copy Files

Copy waffle-jna.jar, jna.jar and platform.jar to Tomcat’s lib directory. You can package these files with your application, but this is easier for the demonstration.

Security Filter

Add the security filter to WEB-INF\web.xml.


That’s it.

Demo Application

A demo application can be found in the Waffle distribution in the Samples\Tomcat\waffle-filter directory. Copy the entire directory into Tomcat’s webapps directory and navigate to https://localhost:8080/waffle-filter.

Retrieving User Principal

If you’re familiar with Tomcat you’ll be surprised that <%= request.getUserPrincipal().getName() %> works in a JSP page with this filter in place and no realm configuration. Theoretically Tomcat says you cannot assign a Principal to the request in a filter. The guys at the Tomcat Security Filter Project found a very simple solution – wrap the request up and pass the wrapper into the next filter in the chain.

WindowsPrincipal windowsPrincipal = new WindowsPrincipal(windowsIdentity, null, _principalFormat, _roleFormat);
session.setAttribute("javax.security.auth.subject", subject);
NegotiateRequestWrapper requestWrapper = new NegotiateRequestWrapper(request, windowsPrincipal);
chain.doFilter(requestWrapper, response);