The following allows you to use JNDIRealm 's LDAP authentication to authenticate users of OpenXava application with Active Directory. The users will be prompt to enter their windows credentials, when entering the usernames they need to avoid entering the domain name; they just need to enter the username. If you have multiple Active Directory domains to authenticate against, you can use org.apache.catalina.realm.CombinedRealm to allow Tomcat to search on both. In the web.xml you will need to specify the security-constraint setting. This will force the user to authenticate when they reach any OpenXava module. in role-name, you have to enter the Windows Group name of that is allow to access the application. If you need finer restrictions, you can use OpenXava's Users.getCurrent() to get the username of the current user in your Java code. For example, you could have a validation logic to prevent a certain user from creating a new record. Please note that you must use a
A blog about real-world software engineering and development problems and solutions.