Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The disadvantage is that since the authentication is done using the Windows Active Directory it needs both the clients client and the server to use Microsoft Windows NT based operating systems. Also the clients need to be connected to the domain hosted by the server. This can be used only within an intranet. Also IWA may need some configuration on certain browsers like Mozilla Firefox.

Implementing IWA for a Java Web Application

IWA was initially developed by Microsoft as an authentication mechanism for their .NET based IIS servers. However, neither Java nor the server applications that host Java web applications (like Tomcat) have native support for IWA. There are several third party libraries which provide the ability of enabling the IWA for the Java web applications. Here are some of those libraries

  • JCIFS – JCIFS is an open source library that had been commonly used few years ago for IWA authentication of Java web applications. However this library is no longer maintained and it is not recommended to use because of security flaws.
  • JESPA – JESPA is a commercial library that can be used to enable IWA in Java web applications
  • Tomcat IWA – This is tomcat's implementation of IWA. However this is not fully completed yet.
  • SPENGO – SPENGO is an open source library. It uses Java Authentication and Authorization Service (JAAS) for the authentication
  • WAFFLE – WAFFLE is also an open source library. It can be configured easily to use with the Java web applications.