I have a Spring based Web App which I would like to implement a Single Sign On solution on.

我有一个基于 Spring 的 Web 应用程序，我想在它上面实现单点登录解决方案。

The basic flow would be:

基本流程是：

1) User logs in into Windows Workstation/Desktop PC (authenticating against organisation's Active Directory)

1) 用户登录到 Windows Workstation/Desktop PC（根据组织的 Active Directory 进行身份验证）

2) User opens browser and navigates to Spring Web App.

2) 用户打开浏览器并导航到 Spring Web App。

3) Spring Web App somehowconfirms that the user is already authenticated against AD and seamlessly lets them in. i.e. no challenge for username and password. Infact, the Spring web app would NEVER show a login form.

3) Spring Web App以某种方式确认用户已经通过 AD 身份验证并无缝地让他们进入。即没有对用户名和密码的挑战。事实上，Spring Web 应用程序永远不会显示登录表单。

Obviously it's step 3 I am having trouble with.

显然，这是我遇到的问题的第 3 步。

I have looked at Spring Security, Kerberos, SPNEGO but I think I've just confused myself.

我看过 Spring Security、Kerberos、SPNEGO，但我想我只是把自己弄糊涂了。

If it makes a difference I am using Java 6, running on Jetty with Spring 3. The Jetty instance will be running on a *Nix machine.

如果它有所不同，我将使用 Java 6，在 Spring 3 的 Jetty 上运行。Jetty 实例将在 *Nix 机器上运行。