I have written a Web Service using JAX-RS in Netbeans. This was deployed to a local Tomcat 7.0 server on my machine which used basic authentication for users to login and retrieve some XML.
I currently have the configuration set to use Windows Authentication using WAFFLE. I am trying to get a better understanding of what is happening.
I have tried following the tutorials on waffle to get this working:
I can consume the web service from:
- Internet Explorer 10 (have intranet zones configured with User Authentication -> Automatic Logon only in intranet zone selected)
- Google Chrome
This does not require me to enter credentials.
My colleague can consume the web service from:
- FireFox (requires username and password entered in dialog)
However he cannot connect using Internet Explorer 9 with the same intranet zone settings and user authentication settings as me). My internet browsers are not prompting for username and password.
I thought everything would be OK so I wrote a .NET Client to consume and test the web service. This worked from my machine but did not work from a colleagues (even when I ran as my user).
Web Service Code and Configuration
Context.xml
<?xml version="1.0" encoding="UTF-8"?>
<Context antiJARLocking="true" path="/MyWebApp">
<Valve className="waffle.apache.NegotiateAuthenticator" />
<Realm className="waffle.apache.WindowsRealm" />
</Context>
Web.xml
<?xml version="1.0" encoding="UTF-8"?>
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd">
<servlet>
<servlet-name>ServletAdaptor</servlet-name>
<servlet-class>com.sun.jersey.spi.container.servlet.ServletContainer</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>ServletAdaptor</servlet-name>
<url-pattern>/My/*</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>
30
</session-timeout>
</session-config>
<security-role>
<role-name>Everyone</role-name>
</security-role>
<security-role>
<role-name>MyDomain\Users</role-name>
</security-role>
<security-constraint>
<web-resource-collection>
<web-resource-name>
Demo Application
</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>GET</http-method>
<http-method>POST</http-method>
</web-resource-collection>
<auth-constraint>
<role-name>Everyone</role-name>
</auth-constraint>
</security-constraint>
<filter>
<filter-name>SecurityFilter</filter-name>
<filter-class>waffle.servlet.NegotiateSecurityFilter</filter-class>
<init-param>
<param-name>principalFormat</param-name>
<param-value>fqn</param-value>
</init-param>
<init-param>
<param-name>roleFormat</param-name>
<param-value>both</param-value>
</init-param>
<init-param>
<param-name>allowGuestLogin</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>impersonate</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>securityFilterProviders</param-name>
<param-value>
waffle.servlet.spi.NegotiateSecurityFilterProvider
waffle.servlet.spi.BasicSecurityFilterProvider
</param-value>
</init-param>
<init-param>
<param-name>waffle.servlet.spi.NegotiateSecurityFilterProvider/protocols</param-name>
<param-value>
NTLM
Negotiate
</param-value>
</init-param>
<init-param>
<param-name>waffle.servlet.spi.BasicSecurityFilterProvider/realm</param-name>
<param-value>WaffleFilterDemo</param-value>
</init-param>
</filter>
</web-app>
I copied all of the waffle files to C:\Program Files (x86)\Apache Software Foundation\Tomcat 7.0\lib (apart from waffle-tomcat5.jar and waffle-tomcat6.jar).
Web Service Client Consumer Code (C#)
HttpWebRequest request = null;
HttpWebResponse response = null;
String Xml;
// Create the web request
request = WebRequest.Create(this.UrlTextBox.Text) as HttpWebRequest;
request.AuthenticationLevel = AuthenticationLevel.MutualAuthRequired;
// the following lines did not make any difference. I've tried impersonation and the other enums
request.Credentials = CredentialCache.DefaultCredentials;
request.ImpersonationLevel = System.Security.Principal.TokenImpersonationLevel.Delegation;
request.Method = "GET";
// Get response
using (response = request.GetResponse() as HttpWebResponse)
{
// Get the response stream
StreamReader reader = new StreamReader(response.GetResponseStream());
Xml = reader.ReadToEnd();
this.webBrowser1.DocumentText = Xml;
}
Tomcat Log from running web service from other machine
This log is when the .net client fails to authenticate.
12:06:59.715 [http-apr-9090-exec-57] DEBUG waffle.apache.NegotiateAuthenticator - GET /MyWebApp/My/xyz/instructions/get, contentlength: -1
12:06:59.715 [http-apr-9090-exec-57] DEBUG waffle.apache.NegotiateAuthenticator - authorization: <none>, ntlm post: false
12:06:59.715 [http-apr-9090-exec-57] DEBUG waffle.apache.NegotiateAuthenticator - authorization required
12:06:59.725 [http-apr-9090-exec-59] DEBUG waffle.apache.NegotiateAuthenticator - GET /MyWebApp/My/xyz/instructions/get, contentlength: -1
12:06:59.775 [http-apr-9090-exec-59] DEBUG waffle.apache.NegotiateAuthenticator - authorization: Negotiate YIIG9QYGKwYBBQUCoIIG6TCCBuWgMDAuBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICHgYKKwYBBAGCNwICCqKCBq8EggarYIIGpwYJKoZIhvcSAQICAQBuggaWMIIGkqADAgEFoQMCAQ6iBwMFACAAAACjggUfYYIFGzCCBRegAwIBBaERGw9RVU9SVU1ERVYuTE9DQUyiLDAqoAMCAQKhIzAhGwRIVFRQGxlwYWRlc2t0b3AuUXVvcnVtRGV2LkxvY2Fso4IEzTCCBMmgAwIBEqEDAgEIooIEuwSCBLeg03e1xLTzVzcpDYLxkFjAISxHDgHmfa6iLsdbukop7BnwF05RF99l7E/A31o/1LL32eMGXAmiWe65KQiI5sBG7NSEepnlAf0NkUC8ztnoILHudfel5L9XSot/yX+M/TJ5Ec3Koq5UQRJjId+EgP2Ieoiw9mw5ezfTvHybuMML8Uh5QKvTyhdRK0q8CDpn4LU6ZrWa/59ZKTRHQcoXX3jKXZnMeVsvcgrH1SLs3vAyMGYgIKTjBWIudMDCccdrscr4RZYxzrRQiwhGBDyStYGXJKCGHt3vbWtX3+ylqlPGzqWDz1dEg5lih8P9WGW4S7bB+5SjRfUO0pIczbFeD/X50bj3DiXYuA/HsSfnIId3J5wxhAQQnesiPg+VLRv9f6pv9Cl48M2zv/fTktxnyRg2KOOkXjqjXGygacArr6/3bA1Ft31nRW9o+pKnVA+JUJzR8+JafwfxI89cZEoDSzibWFSOUSTr50NpmaRij75mrttOQYEue5MPDRE6EsCCKzkwaLzJ2wpu8ImLd/dG5yt2pka3hkUtIL0GGKoBh9gDb4B0DZIXdmNbaBkvfiaKi3nPHeGPYosRMZhJdOBhaibZpsf1qy/9HngHBOV0bMRWejtppT1vh+c9qsyh2NeWwLWHezbgDqMxmmhcAShGzLbQWaQti1lHjiVpAU2yOwlcGSr4151v7mX9h4kRrZNVusxpuYHTULsO0ZgthKP7V7ukPzrmGP+KC/cS/uVUZlxlaIHOFd3Cq1zfTtBGzSOww6TAmJlRGYmAU3VZzf4w1D4B/ECW+NZcyNGeThxWkApXuTLdXQpmvDgPKoQueY6IlTz693hb2bS/CGatEIbCK2HFMWTwE6pvOIj84ptBGdgsQUXccAGvpX77Xf8hl7/iMCnOl8wMkuTXGyoCAE/wxxpiMMTvN6N/C8CVa4CjGnPuNyojBmncdA/Ku2Lc1cbssj0+Fs7A4nYIwYoWFR8XdJRnIW4554F70BQIRXiQUvDiHznZVhpFL5z7XUa2QMjaPAJ55c/oh6glKv3lYpkyWvlX4rCWfIgbSsa8j/yJVMszRCeIMJpk6U0oh5Ql3OnGShmllNgjv1TFt68gfQEn4G/Ru8keGJQ0+6mLaYiwfH8/MKR5CgsTIqBTUM5NDFFpCYaX6IVp/jpnUy4bCtJDtgmHL61E+nxIzX2rk1TSqkN4LDqz2imEFRtq9Ulc2tHbLwoFDWSn4S3IFpeN2tiF1i6GdJjNgvF+eaNPrmvKu9lXh7aHqHjSqztylX3QoDUi8zPBaadh6l8FL3yNyk441p4MQes0xzlNFfFazlAZdlrvMzMxn2BsYKpJrmZJBxUTxn3hWHgeBofDWrmdlXhQviuCYqpfmMcRoNe6XZ/Xd/QjaoLnpvWiINkT513k7Upju5Hg4SSDa/11PXpUu8sxYmTvpzmX9HvIlvsO+YatKe6hAVFof4AjbWkh4Wz2xmboX4g1duKQ1G9lAtxLa2YIh5lprCuQYDHeDys9Et0RgOKumMgM5UJ+StdlgnMdxxPiGZLDhwXm5REfVdg4krsp1BzericRYjt4lcVFMm9d9PSBxh0+qCNMrqRCciwtXSVw6AKUT4BgG+l0pIIBWDCCAVSgAwIBEqKCAUsEggFHdsv0KbVlxS7IPz7Rt7nQJqigd9Nthw9G9ugT+90VrA8Xkiu57BAuw58RWthCh3Rg37kLqTrCc7k9ycM848vn58Ty9+Iy1OVGoi3dgOjvjFpVY4qCKlIFuQGJRrytYQI+ES7aiC21VxKJx0PS90e+Z6Gk0o0BV9zlUvnLXe5QGY5ZJe0X4BRBp0+x4BHWVjrERnHFaBIOJrrgJ80ky/nVlahTMe4G6OngqjqDjpl+YFKpLw1RqgkQ7nsDGYal0UAXfHBqKo8WBO7BBvf7d7TteNeKWJpASaQsrXPDl677e6RGoGo0krpc/iqjZ5mSLqJNFm2jsPKTuouP34PgSE/0g8ES8+s1OTB2oWCpGM53lI8wLBf0O4HabcWTovCepFujLgGLpxCejeO54mmEEp+KdtIihZdIyBC7Afv6v0xTJ0D1KRYyvFLQ, ntlm post: false
12:06:59.825 [http-apr-9090-exec-59] DEBUG waffle.apache.NegotiateAuthenticator - security package: Negotiate, connection id: 192.168.2.126:51836
12:06:59.825 [http-apr-9090-exec-59] DEBUG waffle.apache.NegotiateAuthenticator - token buffer: 1785 byte(s)
12:06:59.825 [http-apr-9090-exec-59] DEBUG waffle.apache.NegotiateAuthenticator - continue required: true
12:06:59.825 [http-apr-9090-exec-59] DEBUG waffle.apache.NegotiateAuthenticator - continue token: oX8wfaADCgEBoQsGCSqGSIL3EgECAqJpBGdgZQYJKoZIhvcSAQICAwB+VjBUoAMCAQWhAwIBHqQRGA8yMDEzMDUzMTExMDY1OVqlBQIDBpwGpgMCASmpERsPUVVPUlVNREVWLkxPQ0FMqhYwFKADAgEBoQ0wCxsJcGFuZGVyc29u
12:06:59.875 [http-apr-9090-exec-60] DEBUG waffle.apache.NegotiateAuthenticator - GET /MyWebApp/My/xyz/instructions/get, contentlength: -1
12:06:59.875 [http-apr-9090-exec-60] DEBUG waffle.apache.NegotiateAuthenticator - authorization: Negotiate oYIGvDCCBrigAwoBAaKCBq8EggarYIIGpwYJKoZIhvcSAQICAQBuggaWMIIGkqADAgEFoQMCAQ6iBwMFACAAAACjggUfYYIFGzCCBRegAwIBBaERGw9RVU9SVU1ERVYuTE9DQUyiLDAqoAMCAQKhIzAhGwRIVFRQGxlwYWRlc2t0b3AuUXVvcnVtRGV2LkxvY2Fso4IEzTCCBMmgAwIBEqEDAgEIooIEuwSCBLfIPa5GUb9/y4yZxT3JCP2nX9CLBgqBp3qaEy47bLIskszRsUiYL9o0CceOIp+8pVIcH5aujqqvggC8sXm2K66BL+UzXp/bHAmnAqJpW5/4X6k8LquxTaYvmc+XqBRb5SNH8sNGhQVJu7Kp5cplrOazGkYROObRHKrcy+HhPMdj54DZw6arExWPo28EnbZa1BNCGda9jF5paMQjBVD/BVOFaROycZeqh3blXV1DceVARA6qdEae1XkJj2QNaNEmfq7oRDzv4SChuI67oc0VCc+h7w8qY0Gmz2rOpgzw1ikM2EtSF0KW3RsBtBnSP9BEYet6BdQNKhnqEEOwOby4VJ8/TPPGxELUP59+5u/RdhEVWAA+ukVloP9bfdEaKX57QzrGjueKaTXG3RE8Oa3IYfJgFm6Ny+vZWikvsSEf2RO3TQ/PXbRI5Q6ulv708Etluw8ZxV6NGgDIweew/gzW5rp8Y5pCaaHrPfIuh1cCFziW+3hqJtlmCDNpYlllm0qL1xlzgbrsdqr41zu+b79eC414614YKVHKtGQbkIzhigZACuNPf6qWdWQEeN59RG/WhPmcafq8gOMUsu3IZD5I0drdP9SVqpI6DEjNjbpgva6ttZJdUVvVW+wfm+Su63XvCWV82RLccB0sPjWuMCzfRGGE19z6+3nR3zyrF5fp3xWIae2R7GFMpvkMzfGzXGk0gdkSoWeKu1N2LFzYQgO4fXgNVRsoU5ScnXGrd8TTlvNRITx13zqiB4+3+N4yRb7sN4WhlODu6tb/1NTpwZjd9w9kOeoh8cO7oLdJSff3pOmuNiDm+uhhLP9E8hCykp4ZkjVXhbuGLfb4SdDqIyRzw65BFRy06iIdmPwhvtR1ZIM5c1JXcm8oAyeNv8FhlqB5UYFlNwa8r2fLlujAe/Ih1/QUmDJeISKJvKeVeDz3U37qPhG5Fn8WQAnCh+hnWb7P00r3elBJmEbRe4UeNatokZ1/809yc4dj1rm/HHiA2mVJkkAbK50BTx24v77qpNzLpmcwHtK2+fSeAMqoBcc13yT8K5+gBzyCE/TL9sssegEr1WLGwDWQsAqK+WtAUhsYhQDsfb7qJ3W08i7HGwiLxE814yBf1eGAaAcryX83xaEi68apH6Gkn16L3/pm69V9C6YkOUO59kOPNZOG3JB2q+wXgtJWKjAmBWb07uIJE8P9msNUYIPccaW4gQV6agxoESEBngpKdDEwwJVuMg5FF/a2M5PGbjBtCXsNulcGRK18jDlL8Bh9cxjxX5X17E0ygHW4lFvuq/Q1UOu64//SO12aE/cEb5hGTQIrzMQLdlNjzJHCe3zDni4rsLBcW1yn91G0/GrVTeFFAnDM1qj5OQPweQ5E2cY/DqrhWQBfSdh7cTPh5hnRjK3dz//Ra6gXZs4Bko1z99gg5ATlD6LQcFfT3C6jYp5kTP+eWj8CTvYAhWSSW92yrwdMDlKj7UBxi/mox37KrhmiACfGpRO4Qsvgtlxr3WH7OV/7Jdfytt3geIx8auYK9loW7nNJvqJ1sRiSbs/Q0fgHhPEI4vvv9c8Vitqih5iLSbB5xEwAvXpzW8K8dBiSFGXYYr45Muaw8KyMI1iwBqGcpIIBWDCCAVSgAwIBEqKCAUsEggFHr81BGh215LqImPsYHEO0z3XfZtCRsalqWTcrGbL+1NqI4brR24ATUw04CFrG9XGU8bB+JKoMwwCbGztL8Gzccmye8384XNpt7rsUgutzRCk27exRzPR+ojHKdBpbEe0ja/gvhUJ27iaYQbiwbRtOsoMwve8TML76MMkdFoMWHv3a4BSJKjlOqbQ1nQxMt1yzwhY2iQh+XN1GVwV96g0VChAJBmqlesPZKSAgOunJhI74UpqbA5jvb0+7x9+8+9xTxG98mYq0EHe5ngSonzLNC0j1Morb7QyyCvxsTnrlMsN39+X2IXnXeLcm+dYfz0oL7hhW4uGGjun2dm0a/B3K7WDT93Uly+6A5r+cE6bQcucqott5F0sej0fXbpiRdGwD0hLXQTSzs8hICnR9MI/R+05xb777EKJDDSZ055EseZynmUT6d2hH, ntlm post: false
12:06:59.925 [http-apr-9090-exec-60] DEBUG waffle.apache.NegotiateAuthenticator - security package: Negotiate, connection id: 192.168.2.126:51836
12:06:59.925 [http-apr-9090-exec-60] DEBUG waffle.apache.NegotiateAuthenticator - token buffer: 1728 byte(s)
12:06:59.925 [http-apr-9090-exec-60] DEBUG waffle.apache.NegotiateAuthenticator - continue required: true
12:06:59.925 [http-apr-9090-exec-60] DEBUG waffle.apache.NegotiateAuthenticator - continue token: oXIwcKADCgEBomkEZ2BlBgkqhkiG9xIBAgIDAH5WMFSgAwIBBaEDAgEepBEYDzIwMTMwNTMxMTEwNjU5WqUFAgMIIqimAwIBKakRGw9RVU9SVU1ERVYuTE9DQUyqFjAUoAMCAQGhDTALGwlwYW5kZXJzb24=
When I run on my machine I get the following logging (including Request Headers from Fiddler):
GET http://padesktop:9090/MyWebApp/My/xyz/instructions/get?unit=XXX11&data-type=BOAI&datefrom=2012-01-10&dateto=2012-02-01 HTTP/1.1
Host: padesktop:9090
Connection: Keep-Alive
17:56:09.478 [http-apr-9090-exec-26] DEBUG waffle.apache.NegotiateAuthenticator - GET /MyWebApp/My/xyz/instructions/get, contentlength: -1
17:56:09.478 [http-apr-9090-exec-26] DEBUG waffle.apache.NegotiateAuthenticator - authorization: <none>, ntlm post: false
17:56:09.478 [http-apr-9090-exec-26] DEBUG waffle.apache.NegotiateAuthenticator - authorization required
GET http://padesktop:9090/MyWebApp/My/xyz/instructions/get?unit=XXX11&data-type=BOAI&datefrom=2012-01-10&dateto=2012-02-01 HTTP/1.1
Authorization: Negotiate YHwGBisGAQUFAqByMHCgMDAuBgorBgEEAYI3AgIKBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICHqI8BDpOVExNU1NQAAEAAACXsgjiCQAJADEAAAAJAAkAKAAAAAYBsR0AAAAPUEFERVNLVE9QUVVPUlVNREVW
Host: padesktop:9090
17:56:11.489 [http-apr-9090-exec-28] DEBUG waffle.apache.NegotiateAuthenticator - GET /MyWebApp/My/xyz/instructions/get, contentlength: -1
17:56:11.489 [http-apr-9090-exec-28] DEBUG waffle.apache.NegotiateAuthenticator - authorization: Negotiate YHwGBisGAQUFAqByMHCgMDAuBgorBgEEAYI3AgIKBgkqhkiC9xIBAgIGCSqGSIb3EgECAgYKKwYBBAGCNwICHqI8BDpOVExNU1NQAAEAAACXsgjiCQAJADEAAAAJAAkAKAAAAAYBsR0AAAAPUEFERVNLVE9QUVVPUlVNREVW, ntlm post: false
17:56:11.489 [http-apr-9090-exec-28] DEBUG waffle.apache.NegotiateAuthenticator - security package: Negotiate, connection id: 192.168.2.120:49692
17:56:11.528 [http-apr-9090-exec-28] DEBUG waffle.apache.NegotiateAuthenticator - token buffer: 126 byte(s)
17:56:11.530 [http-apr-9090-exec-28] DEBUG waffle.apache.NegotiateAuthenticator - continue required: true
17:56:11.530 [http-apr-9090-exec-28] DEBUG waffle.apache.NegotiateAuthenticator - continue token: oYIBHzCCARugAwoBAaEMBgorBgEEAYI3AgIKooIBBASCAQBOVExNU1NQAAIAAAASABIAOAAAABXCieIRmTQvO1r0QLAjCAIAAAAAtgC2AEoAAAAGAbEdAAAAD1EAVQBPAFIAVQBNAEQARQBWAAIAEgBRAFUATwBSAFUATQBEAEUAVgABABIAUABBAEQARQBTAEsAVABPAFAABAAeAFEAdQBvAHIAdQBtAEQAZQB2AC4ATABvAGMAYQBsAAMAMgBQAEEARABlAHMAawB0AG8AcAAuAFEAdQBvAHIAdQBtAEQAZQB2AC4ATABvAGMAYQBsAAUAHgBRAHUAbwByAHUAbQBEAGUAdgAuAEwAbwBjAGEAbAAHAAgAr+mVllZdzgEAAAAA
GET http://padesktop:9090/MyWebApp/My/xyz/instructions/get?unit=XXX11&data-type=BOAI&datefrom=2012-01-10&dateto=2012-02-01 HTTP/1.1
Authorization: Negotiate oXcwdaADCgEBoloEWE5UTE1TU1AAAwAAAAAAAABYAAAAAAAAAFgAAAAAAAAAWAAAAAAAAABYAAAAAAAAAFgAAAAAAAAAWAAAABXCiOIGAbEdAAAADxD/qWi8cdQZHqoFVPcBDdGjEgQQAQAAAPUXp1AtIpqEAAAAAA==
Host: padesktop:9090
17:56:11.580 [http-apr-9090-exec-29] DEBUG waffle.apache.NegotiateAuthenticator - GET /MyWebApp/My/xyz/instructions/get, contentlength: -1
17:56:11.580 [http-apr-9090-exec-29] DEBUG waffle.apache.NegotiateAuthenticator - authorization: Negotiate oXcwdaADCgEBoloEWE5UTE1TU1AAAwAAAAAAAABYAAAAAAAAAFgAAAAAAAAAWAAAAAAAAABYAAAAAAAAAFgAAAAAAAAAWAAAABXCiOIGAbEdAAAADxD/qWi8cdQZHqoFVPcBDdGjEgQQAQAAAPUXp1AtIpqEAAAAAA==, ntlm post: false
17:56:11.580 [http-apr-9090-exec-29] DEBUG waffle.apache.NegotiateAuthenticator - security package: Negotiate, connection id: 192.168.2.120:49692
17:56:11.629 [http-apr-9090-exec-29] DEBUG waffle.apache.NegotiateAuthenticator - token buffer: 121 byte(s)
17:56:11.631 [http-apr-9090-exec-29] DEBUG waffle.apache.NegotiateAuthenticator - continue required: false
17:56:11.631 [http-apr-9090-exec-29] DEBUG waffle.apache.NegotiateAuthenticator - continue token: oRswGaADCgEAoxIEEAEAAABDh+CIwTbjqQAAAAA=
17:56:11.638 [http-apr-9090-exec-29] DEBUG waffle.apache.NegotiateAuthenticator - logged in user: MyDomain\andez (S-1-5-21-3085694351-1625474162-905705579-1161)
17:56:11.791 [http-apr-9090-exec-29] DEBUG waffle.apache.NegotiateAuthenticator - roles: BUILTIN\Administrators, BUILTIN\Users, CONSOLE LOGON, Everyone, LOCAL, Mandatory Label\High Mandatory Level, NT AUTHORITY\Authenticated Users, NT AUTHORITY\INTERACTIVE, NT AUTHORITY\This Organization, PADesktop\WSS_ADMIN_WPG, MyDomain\ADL Viewers, MyDomain\Denied RODC Password Replication Group, MyDomain\Domain Admins, MyDomain\Domain Users, MyDomain\Public Folder Management, MyDomain\RemoteApp, MyDomain\Staff, MyDomain\andez, S-1-5-5-0-161840
17:56:11.829 [http-apr-9090-exec-29] DEBUG waffle.apache.NegotiateAuthenticator - session id:EDB24F55619BE3E42D81AF11EED78EE6
17:56:11.829 [http-apr-9090-exec-29] INFO waffle.apache.NegotiateAuthenticator - successfully logged in user: MyDomain\andez
My questions are:
- How do I pass windows credentials from my client to the web server correctly?
- Is this the way to implement Windows Authentication in JAX-RS in Tomcat?
- Are there any other alternatives to using Windows Authentication with JAX-RS in Tomcat?
- Am I expecting too much from RESTful web services and Windows Authentication just to automatically send the user credentials from a browser without a prompt and authenticating with Waffle/Active Directory?