This posting is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified at http://www.microsoft.com/info/cpyright.htm

I quite often see application developers building their own authentication and authorization mechanisms into their applications. Of course, in some situations this approach may be required if the platform provided mechanisms are not meeting the requirements, but for the most part the built-in approach should be considered first for the following reasons:

1.       Better security since access control is handled by the platform

2.       Less code to write (let the platform do the work)

3.       Ease of migration from one authentication source to another (no code changes required, only configuration file modifications)

4.       Adherence to standards, which leads to possible SSO scenarios by utilizing Kerberos or Federation technologies

In this walkthrough I will demonstrate how to configure Apache Tomcat to utilize Active Directory for user authentication, and also how to leverage Active Directory groups for controlling access within Java applications.

Please, follow this link to see the walkthrough.

Resources:

Apache Tomcat Realm How-to