增加初始版本
diff --git a/webapps/docs/windows-auth-howto.html b/webapps/docs/windows-auth-howto.html
new file mode 100644
index 0000000..e45c5cc
--- /dev/null
+++ b/webapps/docs/windows-auth-howto.html
@@ -0,0 +1,311 @@
+<html><head><META http-equiv="Content-Type" content="text/html; charset=iso-8859-1"><title>Apache Tomcat 7 (7.0.42) - Windows Authentication How-To</title><style type="text/css" media="print">
+ .noPrint {display: none;}
+ td#mainBody {width: 100%;}
+ </style><style type="text/css">
+ code {background-color:rgb(224,255,255);padding:0 0.1em;}
+ code.attributeName, code.propertyName {background-color:transparent;}
+ </style><style type="text/css">
+ .wrapped-source code { display: block; background-color: transparent; }
+ .wrapped-source div { margin: 0 0 0 1.25em; }
+ .wrapped-source p { margin: 0 0 0 1.25em; text-indent: -1.25em; }
+ </style><style type="text/css">
+ p.notice {
+ border: 1px solid rgb(255, 0, 0);
+ background-color: rgb(238, 238, 238);
+ color: rgb(0, 51, 102);
+ padding: 0.5em;
+ margin: 1em 2em 1em 1em;
+ }
+ </style></head><body bgcolor="#ffffff" text="#000000" link="#525D76" alink="#525D76" vlink="#525D76"><table border="0" width="100%" cellspacing="0"><!--PAGE HEADER--><tr><td><!--PROJECT LOGO--><a href="http://tomcat.apache.org/"><img src="./images/tomcat.gif" align="right" alt="
+ The Apache Tomcat Servlet/JSP Container
+ " border="0"></a></td><td><h1><font face="arial,helvetica,sanserif">Apache Tomcat 7</font></h1><font face="arial,helvetica,sanserif">Version 7.0.42, Jul 2 2013</font></td><td><!--APACHE LOGO--><a href="http://www.apache.org/"><img src="./images/asf-logo.gif" align="right" alt="Apache Logo" border="0"></a></td></tr></table><table border="0" width="100%" cellspacing="4"><!--HEADER SEPARATOR--><tr><td colspan="2"><hr noshade size="1"></td></tr><tr><!--LEFT SIDE NAVIGATION--><td width="20%" valign="top" nowrap class="noPrint"><p><strong>Links</strong></p><ul><li><a href="index.html">Docs Home</a></li><li><a href="http://wiki.apache.org/tomcat/FAQ">FAQ</a></li><li><a href="#comments_section">User Comments</a></li></ul><p><strong>User Guide</strong></p><ul><li><a href="introduction.html">1) Introduction</a></li><li><a href="setup.html">2) Setup</a></li><li><a href="appdev/index.html">3) First webapp</a></li><li><a href="deployer-howto.html">4) Deployer</a></li><li><a href="manager-howto.html">5) Manager</a></li><li><a href="realm-howto.html">6) Realms and AAA</a></li><li><a href="security-manager-howto.html">7) Security Manager</a></li><li><a href="jndi-resources-howto.html">8) JNDI Resources</a></li><li><a href="jndi-datasource-examples-howto.html">9) JDBC DataSources</a></li><li><a href="class-loader-howto.html">10) Classloading</a></li><li><a href="jasper-howto.html">11) JSPs</a></li><li><a href="ssl-howto.html">12) SSL</a></li><li><a href="ssi-howto.html">13) SSI</a></li><li><a href="cgi-howto.html">14) CGI</a></li><li><a href="proxy-howto.html">15) Proxy Support</a></li><li><a href="mbeans-descriptor-howto.html">16) MBean Descriptor</a></li><li><a href="default-servlet.html">17) Default Servlet</a></li><li><a href="cluster-howto.html">18) Clustering</a></li><li><a href="balancer-howto.html">19) Load Balancer</a></li><li><a href="connectors.html">20) Connectors</a></li><li><a href="monitoring.html">21) Monitoring and Management</a></li><li><a href="logging.html">22) Logging</a></li><li><a href="apr.html">23) APR/Native</a></li><li><a href="virtual-hosting-howto.html">24) Virtual Hosting</a></li><li><a href="aio.html">25) Advanced IO</a></li><li><a href="extras.html">26) Additional Components</a></li><li><a href="maven-jars.html">27) Mavenized</a></li><li><a href="security-howto.html">28) Security Considerations</a></li><li><a href="windows-service-howto.html">29) Windows Service</a></li><li><a href="windows-auth-howto.html">30) Windows Authentication</a></li><li><a href="jdbc-pool.html">31) Tomcat's JDBC Pool</a></li><li><a href="web-socket-howto.html">32) WebSocket</a></li></ul><p><strong>Reference</strong></p><ul><li><a href="RELEASE-NOTES.txt">Release Notes</a></li><li><a href="config/index.html">Configuration</a></li><li><a href="api/index.html">Tomcat Javadocs</a></li><li><a href="servletapi/index.html">Servlet Javadocs</a></li><li><a href="jspapi/index.html">JSP 2.2 Javadocs</a></li><li><a href="elapi/index.html">EL 2.2 Javadocs</a></li><li><a href="http://tomcat.apache.org/connectors-doc/">JK 1.2 Documentation</a></li></ul><p><strong>Apache Tomcat Development</strong></p><ul><li><a href="building.html">Building</a></li><li><a href="changelog.html">Changelog</a></li><li><a href="http://wiki.apache.org/tomcat/TomcatVersions">Status</a></li><li><a href="developers.html">Developers</a></li><li><a href="architecture/index.html">Architecture</a></li><li><a href="funcspecs/index.html">Functional Specs.</a></li><li><a href="tribes/introduction.html">Tribes</a></li></ul></td><!--RIGHT SIDE MAIN BODY--><td width="80%" valign="top" align="left" id="mainBody"><h1>Windows Authentication How-To</h1><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Table of Contents"><!--()--></a><a name="Table_of_Contents"><strong>Table of Contents</strong></a></font></td></tr><tr><td><blockquote>
+<ul><li><a href="#Overview">Overview</a></li><li><a href="#Built-in_Tomcat_support">Built-in Tomcat support</a><ol><li><a href="#Domain_Controller">Domain Controller</a></li><li><a href="#Tomcat_instance">Tomcat instance</a></li><li><a href="#Web_application">Web application</a></li><li><a href="#Client">Client</a></li><li><a href="#References">References</a></li></ol></li><li><a href="#Third_party_libraries">Third party libraries</a><ol><li><a href="#Waffle">Waffle</a></li><li><a href="#Spring_Security_-_Kerberos_Extension">Spring Security - Kerberos Extension</a></li><li><a href="#SPNEGO_project_at_SourceForge">SPNEGO project at SourceForge</a></li><li><a href="#Jespa">Jespa</a></li></ol></li><li><a href="#Reverse_proxies">Reverse proxies</a><ol><li><a href="#Microsoft_IIS">Microsoft IIS</a></li><li><a href="#Apache_httpd">Apache httpd</a></li></ol></li></ul>
+</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Overview"><strong>Overview</strong></a></font></td></tr><tr><td><blockquote>
+<p>Integrated Windows authentication is most frequently used within intranet
+environments since it requires that the server performing the authentication and
+the user being authenticated are part of the same domain. For the user to be
+authenticated automatically, the client machine used by the user must also be
+part of the domain.</p>
+<p>There are several options for implementing integrated Windows authentication
+with Apache Tomcat. They are:
+<ul>
+<li>Built-in Tomcat support.</li>
+<li>Use a third party library such as Waffle.</li>
+<li>Use a reverse proxy that supports Windows authentication to perform the
+authentication step such as IIS or httpd.</li>
+</ul>
+The configuration of each of these options is discussed in the following
+sections.</p>
+</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Built-in Tomcat support"><!--()--></a><a name="Built-in_Tomcat_support"><strong>Built-in Tomcat support</strong></a></font></td></tr><tr><td><blockquote>
+<p><strong>This documentation is a work in progress. There are a number of
+outstanding questions around the edge cases that require further
+testing.</strong> These include:
+</p>
+<ul>
+<li>Does the domain name have to be in upper case?</li>
+<li>Does the SPN have to start with HTTP/...?</li>
+<li>Can a port number be appended to the end of the host in the SPN?</li>
+<li>Can the domain be left off the user in the ktpass command?</li>
+<li>What are the limitations on the account that Tomcat can run as? SPN
+ associated account works, domain admin works, local admin doesn't
+ work</li>
+</ul>
+<p>There are four components to the configuration of the built-in Tomcat
+support for Windows authentication. The domain controller, the server hosting
+Tomcat, the web application wishing to use Windows authentication and the client
+machine. The following sections describe the configuration required for each
+component.</p>
+<p>The names of the three machines used in the configuration examples below are
+win-dc01.dev.local (the domain controller), win-tc01.dev.local (the Tomcat
+instance) and win-pc01.dev.local (client). All are members of the DEV.LOCAL
+domain.</p>
+<p>Note: In order to use the passwords in the steps below, the domain password
+policy had to be relaxed. This is not recommended for production environments.
+</p>
+
+ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Domain Controller"><!--()--></a><a name="Domain_Controller"><strong>Domain Controller</strong></a></font></td></tr><tr><td><blockquote>
+ <p>These steps assume that the server has already been configured to act as a
+ domain controller. Configuration of a Windows server as a domain controller is
+ outside the scope of this how-to. The steps to configure the domain controller
+ to enable Tomcat to support Windows authentication are as follows:
+ </p>
+ <ul>
+ <li>Create a domain user that will be mapped to the service name used by the
+ Tomcat server. In this how-to, this user is called <code>tc01</code> and has a
+ password of <code>tc01pass</code>.</li>
+ <li>Map the service principal name (SPN) to the user account. SPNs take the
+ form <code>
+ <service class>/<host>:<port>/<service name></code>.
+ The SPN used in this how-to is <code>HTTP/win-tc01.dev.local</code>. To
+ map the user to the SPN, run the following:
+ <div align="left"><table cellspacing="4" cellpadding="0" border="0"><tr><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#ffffff" height="1"><pre>setspn -A HTTP/win-tc01.dev.local tc01</pre></td><td bgcolor="#023264" width="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr></table></div>
+ </li>
+ <li>Generate the keytab file that the Tomcat server will use to authenticate
+ itself to the domain controller. This file contains the Tomcat private key for
+ the service provider account and should be protected accordingly. To generate
+ the file, run the following command (all on a single line):
+ <div align="left"><table cellspacing="4" cellpadding="0" border="0"><tr><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#ffffff" height="1"><pre>ktpass /out c:\tomcat.keytab /mapuser tc01@DEV.LOCAL
+ /princ HTTP/win-tc01.dev.local@DEV.LOCAL
+ /pass tc01pass /kvno 0</pre></td><td bgcolor="#023264" width="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr></table></div></li>
+ <li>Create a domain user to be used on the client. In this how-to the domain
+ user is <code>test</code> with a password of <code>testpass</code>.</li>
+ </ul>
+ <p>The above steps have been tested on a domain controller running Windows
+ Server 2008 R2 64-bit Standard using the Windows Server 2003 functional level
+ for both the forest and the domain.
+ </p>
+ </blockquote></td></tr></table>
+
+ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Tomcat instance"><!--()--></a><a name="Tomcat_instance"><strong>Tomcat instance</strong></a></font></td></tr><tr><td><blockquote>
+ <p>These steps assume that Tomcat and a Java 6 JDK/JRE have already been
+ installed and configured and that Tomcat is running as the tc01@DEV.LOCAL
+ user. The steps to configure the Tomcat instance for Windows authentication
+ are as follows:
+ </p>
+ <ul>
+ <li>Copy the <code>tomcat.keytab</code> file created on the domain controller
+ to <code>$CATALINA_BASE/conf/tomcat.keytab</code>.</li>
+ <li>Create the kerberos configuration file
+ <code>$CATALINA_BASE/conf/krb5.ini</code>. The file used in this how-to
+ contained:<div align="left"><table cellspacing="4" cellpadding="0" border="0"><tr><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#ffffff" height="1"><pre>[libdefaults]
+default_realm = DEV.LOCAL
+default_keytab_name = FILE:c:\apache-tomcat-7.0.x\conf\tomcat.keytab
+default_tkt_enctypes = rc4-hmac,aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96
+default_tgs_enctypes = rc4-hmac,aes256-cts-hmac-sha1-96,aes128-cts-hmac-sha1-96
+forwardable=true
+
+[realms]
+DEV.LOCAL = {
+ kdc = win-dc01.dev.local:88
+}
+
+[domain_realm]
+dev.local= DEV.LOCAL
+.dev.local= DEV.LOCAL</pre></td><td bgcolor="#023264" width="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr></table></div>
+ The location of this file can be changed by setting the
+ <code>java.security.krb5.conf</code> systm property.</li>
+ <li>Create the JAAS login configuration file
+ <code>$CATALINA_BASE/conf/jaas.conf</code>. The file used in this how-to
+ contained:<div align="left"><table cellspacing="4" cellpadding="0" border="0"><tr><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#ffffff" height="1"><pre>com.sun.security.jgss.krb5.initiate {
+ com.sun.security.auth.module.Krb5LoginModule required
+ doNotPrompt=true
+ principal="HTTP/win-tc01.dev.local@DEV.LOCAL"
+ useKeyTab=true
+ keyTab="c:/apache-tomcat-7.0.x/conf/tomcat.keytab"
+ storeKey=true;
+};
+
+com.sun.security.jgss.krb5.accept {
+ com.sun.security.auth.module.Krb5LoginModule required
+ doNotPrompt=true
+ principal="HTTP/win-tc01.dev.local@DEV.LOCAL"
+ useKeyTab=true
+ keyTab="c:/apache-tomcat-7.0.x/conf/tomcat.keytab"
+ storeKey=true;
+};</pre></td><td bgcolor="#023264" width="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr><tr><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td><td bgcolor="#023264" width="1" height="1"><img src="./images/void.gif" alt="" width="1" height="1" vspace="0" hspace="0" border="0"></td></tr></table></div>
+ The location of this file can be changed by setting the
+ <code>java.security.auth.login.config</code> system property. The LoginModule
+ used is a JVM specific one so ensure that the LoginModule specified matches
+ the JVM being used. The name of the login configuration must match the
+ value used by the <a href="config/valve.html#SPNEGO_Valve">authentication
+ valve</a>.</li>
+ <li>The system property <code>javax.security.auth.useSubjectCredsOnly</code>
+ is automatically set to the required value of false if a web application is
+ configured to use the SPNEGO authentication method.</li>
+ </ul>
+ <p>The SPNEGO authenticator will work with any <a href="config/realm.html">
+ Realm</a> but if used with the JNDI Realm, by default the JNDI Realm will use
+ the user's delegated credentials to connect to the Active Directory.
+ </p>
+ <p>The above steps have been tested on a Tomcat server running Windows Server
+ 2008 R2 64-bit Standard with an Oracle 1.6.0_24 64-bit JDK.</p>
+ </blockquote></td></tr></table>
+
+ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Web application"><!--()--></a><a name="Web_application"><strong>Web application</strong></a></font></td></tr><tr><td><blockquote>
+ <p>The web application needs to be configured to the use Tomcat specific
+ authentication method of <code>SPNEGO</code> (rather than BASIC etc.) in
+ web.xml. As with the other authenticators, behaviour can be customised by
+ explicitly configuring the <a href="config/valve.html#SPNEGO_Valve">
+ authentication valve</a> and setting attributes on the Valve.</p>
+ </blockquote></td></tr></table>
+
+ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Client"><strong>Client</strong></a></font></td></tr><tr><td><blockquote>
+ <p>The client must be configured to use Kerberos authentication. For Internet
+ Explorer this means making sure that the Tomcat instance is in the "Local
+ intranet" security domain and that it is configured (Tools > Internet
+ Options > Advanced) with integrated Windows authentication enabled. Note that
+ this <strong>will not</strong> work if you use the same machine for the client
+ and the Tomcat instance as Internet Explorer will use the unsupported NTLM
+ protocol.</p>
+ </blockquote></td></tr></table>
+
+ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="References"><strong>References</strong></a></font></td></tr><tr><td><blockquote>
+ <p>Correctly configuring Kerberos authentication can be tricky. The following
+ references may prove helpful. Advice is also always available from the
+ <a href="http://tomcat.apache.org/lists.html#tomcat-users">Tomcat users
+ mailing list</a>.</p>
+ <ol>
+ <li><a href="http://www.adopenstatic.com/cs/blogs/ken/archive/2006/10/19/512.aspx">
+ IIS and Kerberos</a></li>
+ <li><a href="http://spnego.sourceforge.net/index.html">
+ SPNEGO project at SourceForge</a></li>
+ <li><a href="http://docs.oracle.com/javase/1.5.0/docs/guide/security/jgss/tutorials/index.html">
+ Oracle JGSS tutorial</a></li>
+ <li><a href="https://cwiki.apache.org/GMOxDOC21/using-spengo-in-geronimo.html#UsingSpengoingeronimo-SettinguptheActiveDirectoryDomainController">
+ Geronimo configuration for Windows authentication</a></li>
+ <li><a href="http://blogs.msdn.com/b/openspecification/archive/2010/11/17/encryption-type-selection-in-kerberos-exchanges.aspx">
+ Encryption Selection in Kerberos Exchanges</a></li>
+ <li><a href="http://support.microsoft.com/kb/977321">Supported Kerberos Cipher
+ Suites</a></li>
+ </ol>
+ </blockquote></td></tr></table>
+
+</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Third party libraries"><!--()--></a><a name="Third_party_libraries"><strong>Third party libraries</strong></a></font></td></tr><tr><td><blockquote>
+
+ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Waffle"><strong>Waffle</strong></a></font></td></tr><tr><td><blockquote>
+ <p>Full details of this solution can be found through the
+ <a href="http://waffle.codeplex.com/">Waffle web site</a>. The
+ key features are:</p>
+ <ul>
+ <li>Drop-in solution</li>
+ <li>Simple configuration (no JAAS or Kerberos keytab configuration required)
+ </li>
+ <li>Uses a native library</li>
+ </ul>
+ </blockquote></td></tr></table>
+
+ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Spring Security - Kerberos Extension"><!--()--></a><a name="Spring_Security_-_Kerberos_Extension"><strong>Spring Security - Kerberos Extension</strong></a></font></td></tr><tr><td><blockquote>
+ <p>Full details of this solution can be found through the
+ <a href="http://static.springsource.org/spring-security/site/extensions/krb/index.html"> Kerberos extension web site</a>. The key features are:</p>
+ <ul>
+ <li>Extension to Spring Security</li>
+ <li>Requires a Kerberos keytab file to be generated</li>
+ <li>Pure Java solution</li>
+ </ul>
+ </blockquote></td></tr></table>
+
+ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="SPNEGO project at SourceForge"><!--()--></a><a name="SPNEGO_project_at_SourceForge"><strong>SPNEGO project at SourceForge</strong></a></font></td></tr><tr><td><blockquote>
+ <p>Full details of this solution can be found through the
+ <a href="http://spnego.sourceforge.net/index.html/">project
+ site</a>. The key features are:</p>
+ <ul>
+ <li>Uses Kerberos</li>
+ <li>Pure Java solution</li>
+ </ul>
+ </blockquote></td></tr></table>
+
+ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Jespa"><strong>Jespa</strong></a></font></td></tr><tr><td><blockquote>
+ <p>Full details of this solution can be found through the
+ <a href="http://www.ioplex.com/">project web site</a>The key
+ features are:</p>
+ <ul>
+ <li>Pure Java solution</li>
+ <li>Advanced Active Directory integration</li>
+ </ul>
+ </blockquote></td></tr></table>
+</blockquote></td></tr></table><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Reverse proxies"><!--()--></a><a name="Reverse_proxies"><strong>Reverse proxies</strong></a></font></td></tr><tr><td><blockquote>
+
+ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Microsoft IIS"><!--()--></a><a name="Microsoft_IIS"><strong>Microsoft IIS</strong></a></font></td></tr><tr><td><blockquote>
+ <p>There are three steps to configuring IIS to provide Windows authentication.
+ They are:</p>
+ <ol>
+ <li>Configure IIS as a reverse proxy for Tomcat (see the
+ <a href="http://tomcat.apache.org/connectors-doc/webserver_howto/iis.html">
+ IIS Web Server How-To)</a>.</li>
+ <li>Configure IIS to use Windows authentication</li>
+ <li>Configure Tomcat to use the authentication user information from IIS by
+ setting the tomcatAuthentication attribute on the <a href="config/ajp.html">
+ AJP connector</a> to <code>false</code>.</li>
+ </ol>
+ </blockquote></td></tr></table>
+
+ <table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#828DA6"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="Apache httpd"><!--()--></a><a name="Apache_httpd"><strong>Apache httpd</strong></a></font></td></tr><tr><td><blockquote>
+ <p>Apache httpd does not support Windows authentication out of the box but
+ there are a number of third-party modules that can be used. These include:</p>
+ <ol>
+ <li><a href="http://sourceforge.net/projects/mod-auth-sspi/">mod_auth_sspi</a> for use on Windows platforms.</li>
+ <li><a href="http://adldap.sourceforge.net/wiki/doku.php?id=mod_auth_ntlm_winbind">mod_auth_ntlm_winbind</a> for non-Windows platforms. Known to
+ work with httpd 2.0.x on 32-bit platforms. Some users have reported stability
+ issues with both httpd 2.2.x builds and 64-bit Linux builds.</li>
+ </ol>
+ <p>There are three steps to configuring httpd to provide Windows
+ authentication. They are:</p>
+ <ol>
+ <li>Configure httpd as a reverse proxy for Tomcat (see the
+ <a href="http://tomcat.apache.org/connectors-doc/webserver_howto/apache.html">
+ Apache httpd Web Server How-To)</a>.</li>
+ <li>Configure httpd to use Windows authentication</li>
+ <li>Configure Tomcat to use the authentication user information from httpd by
+ setting the tomcatAuthentication attribute on the <a href="config/ajp.html">
+ AJP connector</a> to <code>false</code>.</li>
+ </ol>
+ </blockquote></td></tr></table>
+
+</blockquote></td></tr></table></td></tr><tr class="noPrint"><td width="20%" valign="top" nowrap class="noPrint"></td><td width="80%" valign="top" align="left"><table border="0" cellspacing="0" cellpadding="2"><tr><td bgcolor="#525D76"><font color="#ffffff" face="arial,helvetica.sanserif"><a name="comments_section" id="comments_section"><strong>Comments</strong></a></font></td></tr><tr><td><blockquote><p class="notice"><strong>Notice: </strong>This comments section collects your suggestions
+ on improving documentation for Apache Tomcat.<br><br>
+ If you have trouble and need help, read
+ <a href="http://tomcat.apache.org/findhelp.html">Find Help</a> page
+ and ask your question on the tomcat-users
+ <a href="http://tomcat.apache.org/lists.html">mailing list</a>.
+ Do not ask such questions here. This is not a Q&A section.<br><br>
+ The Apache Comments System is explained <a href="/tomcat-7.0-doc/comments.html">here</a>.
+ Comments may be removed by our moderators if they are either
+ implemented or considered invalid/off-topic.</p><script type="text/javascript"><!--//--><![CDATA[//><!--
+ var comments_shortname = 'tomcat';
+ var comments_identifier = 'http://tomcat.apache.org/tomcat-7.0-doc/windows-auth-howto.html';
+ (function(w, d) {
+ if (w.location.hostname.toLowerCase() == "tomcat.apache.org") {
+ d.write('<div id="comments_thread"><\/div>');
+ var s = d.createElement('script');
+ s.type = 'text/javascript';
+ s.async = true;
+ s.src = 'https://comments.apache.org/show_comments.lua?site=' + comments_shortname + '&page=' + comments_identifier;
+ (d.getElementsByTagName('head')[0] || d.getElementsByTagName('body')[0]).appendChild(s);
+ }
+ else {
+ d.write('<div id="comments_thread"><strong>Comments are disabled for this page at the moment.<\/strong><\/div>');
+ }
+ })(window, document);
+ //--><!]]></script></blockquote></td></tr></table></td></tr><!--FOOTER SEPARATOR--><tr><td colspan="2"><hr noshade size="1"></td></tr><!--PAGE FOOTER--><tr><td colspan="2"><div align="center"><font color="#525D76" size="-1"><em>
+ Copyright © 1999-2013, Apache Software Foundation
+ </em></font></div></td></tr></table></body></html>
\ No newline at end of file