我可以从 Java EE webapp 使用 Windows 身份验证连接到 SQL Server 吗?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/167464/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Can I connect to SQL Server using Windows Authentication from Java EE webapp?
提问by karlgrz
I am currently investigating how to make a connection to a SQL Server database from my Java EE web application using Windows Authentication instead of SQL Server authentication. I am running this app off of Tomcat 6.0, and am utilizing the Microsoft JDBC driver. My connection properties file looks as follows:
我目前正在研究如何使用 Windows 身份验证而不是 SQL Server 身份验证从我的 Java EE Web 应用程序连接到 SQL Server 数据库。我在 Tomcat 6.0 上运行此应用程序,并使用 Microsoft JDBC 驱动程序。我的连接属性文件如下所示:
dbDriver = com.microsoft.sqlserver.jdbc.SQLServerDriver
dbUser = user
dbPass = password
dbServer = localhost:1433;databaseName=testDb
dbUrl = jdbc:sqlserver://localhost:1433
I have zero problems with connecting to a SQL Server database in this fashion when using SQL Server authentication.
在使用 SQL Server 身份验证时,以这种方式连接到 SQL Server 数据库时我遇到了零问题。
Is there any way I can retrieve the credentials of the user's Windows Authentication and use thatauthentication for SQL Server?
有什么方法可以检索用户的 Windows 身份验证的凭据并将该身份验证用于 SQL Server?
UPDATE: I know in ASP.net there is a way to set up Windows Authentication for access to the webapp, which is exactly what I am looking for, except I want to pass that token off to SQL Server for access to the database.
更新:我知道在 ASP.net 中有一种方法可以设置 Windows 身份验证以访问 webapp,这正是我正在寻找的,除了我想将该令牌传递给 SQL Server 以访问数据库。
采纳答案by Jerome Delattre
I do not think one can push the user credentials from the browser to the database (and does it makes sense ? I think not)
我不认为可以将用户凭据从浏览器推送到数据库(这是否有意义?我认为不是)
But if you want to use the credentials of the user running Tomcat to connect to SQL Server then you can use Microsoft's JDBC Driver. Just build your JDBC URL like this:
但是,如果您想使用运行 Tomcat 的用户的凭据连接到 SQL Server,那么您可以使用 Microsoft 的 JDBC 驱动程序。只需像这样构建您的 JDBC URL:
jdbc:sqlserver://localhost;integratedSecurity=true;
And copy the appropriate DLL to Tomcat's bin directory (sqljdbc_auth.dll provided with the driver)
并将相应的DLL复制到Tomcat的bin目录下(驱动自带的sqljdbc_auth.dll)
MSDN > Connecting to SQL Server with the JDBC Driver > Building the Connection URL
回答by Kevin Day
Unless you have some really compelling reason not to, I suggest ditching the MS JDBC driver.
除非您有真正令人信服的理由不这样做,否则我建议放弃 MS JDBC 驱动程序。
Instead, use the jtds jdbc driver. Read the README.SSO file in the jtds distribution on how to configure for single-sign-on (native authentication) and where to put the native DLL to ensure it can be loaded by the JVM.
而是使用jtds jdbc 驱动程序。阅读 jtds 发行版中的 README.SSO 文件,了解如何配置单点登录(本机身份验证)以及将本机 DLL 放在哪里以确保它可以被 JVM 加载。
回答by opensas
look at
看着
http://jtds.sourceforge.net/faq.html#driverImplementation
http://jtds.sourceforge.net/faq.html#driverImplementation
What is the URL format used by jTDS?
jTDS 使用的 URL 格式是什么?
The URL format for jTDS is:
jTDS 的 URL 格式为:
jdbc:jtds:<server_type>://<server>[:<port>][/<database>][;<property>=<value>[;...]]
... domain Specifies the Windows domain to authenticate in. If present and the user name and password are provided, jTDS uses Windows (NTLM) authentication instead of the usual SQL Server authentication (i.e. the user and password provided are the domain user and password). This allows non-Windows clients to log in to servers which are only configured to accept Windows authentication.
... domain 指定要在其中进行身份验证的 Windows 域。如果存在并提供用户名和密码,jTDS 将使用 Windows (NTLM) 身份验证而不是通常的 SQL Server 身份验证(即提供的用户和密码是域用户和密码) )。这允许非 Windows 客户端登录到仅配置为接受 Windows 身份验证的服务器。
If the domain parameter is present but no user name and password are provided, jTDS uses its native Single-Sign-On library and logs in with the logged Windows user's credentials (for this to work one would obviously need to be on Windows, logged into a domain, and also have the SSO library installed -- consult README.SSO in the distribution on how to do this).
如果存在域参数但未提供用户名和密码,jTDS 将使用其本机单点登录库并使用登录的 Windows 用户凭据登录(为此,显然需要在 Windows 上登录域,并且还安装了 SSO 库——有关如何执行此操作的信息,请参阅发行版中的 README.SSO)。
回答by nathan
I was having issue with connecting to MS SQL 2005 using Windows Authentication. I was able to solve the issue with help from this and other forums. Here is what I did:
我在使用 Windows 身份验证连接到 MS SQL 2005 时遇到问题。我能够在这个论坛和其他论坛的帮助下解决这个问题。这是我所做的:
- Install the JTDS driver
- Do not use the "domain= " property in the jdbc:jtds:://[:][/][;=[;...]] string
- Install the ntlmauth.dll in c:\windows\system32 directory (registration of the dll was not required) on the web server machine.
- Change the logon identity for the Apache Tomcat service to a domain User with access to the SQL database server (it was not necessary for the user to have access to the dbo.master).
- 安装 JTDS 驱动程序
- 不要在 jdbc:jtds:://[:][/][;=[;...]] 字符串中使用“domain=”属性
- 将 ntlmauth.dll 安装在 Web 服务器计算机上的 c:\windows\system32 目录中(不需要注册 dll)。
- 将 Apache Tomcat 服务的登录标识更改为有权访问 SQL 数据库服务器的域用户(用户不必访问 dbo.master)。
My environment: Windows XP clinet hosting Apache Tomcat 6 with MS SQL 2005 backend on Windows 2003
我的环境:Windows XP clinet 在 Windows 2003 上托管 Apache Tomcat 6 和 MS SQL 2005 后端
回答by Andy
This actually works for me:
这实际上对我有用:
Per the README.SSO that comes with the jtdsd distribution:
根据 jtdsd 发行版附带的 README.SSO:
In order for Single Sign On to work, jTDS must be able to load the native SPPI library ntlmauth.dll. Place this DLL anywhere in the system path (defined by the PATHsystem variable) and you're all set.
为了使单点登录工作,jTDS 必须能够加载本机 SPPI 库ntlmauth.dll。将此 DLL 放在系统路径(由PATH系统变量定义)中的任何位置,您就完成了。
I placed it in my jre/bin folder
我把它放在我的 jre/bin 文件夹中
I configured a port dedicated the sql server instance (2302) to alleviate the need for an instance name - just something I do. lportal is my database name.
我配置了一个专用于 sql server 实例 (2302) 的端口来减少对实例名称的需求——这就是我所做的。lportal 是我的数据库名称。
jdbc.default.url=jdbc:jtds:sqlserver://192.168.0.147:2302/lportal;useNTLMv2=true;domain=mydomain.local
