Apply ADF Security with WWW-Authenticate NTLM

Question

I am developing an application in Oracle ADF that needs to apply a user login authentication.

The security protocol followed by the company is to read the username from the Windows Credentials and checking if that username exists in a certain database table. The applications that use this policy are usually JSP or .NET applications and do this by setting response.setHeader("WWW-Authenticate", "NTLM") which pops the authentication dialog then reads the username entered and calls an SQL query to check if that username exists in the database and checks the role.

I need to implement that in ADF and I cannot find a way to do so. All the information that I've found is regarding configuring realms in the WebLogic and using an SQLAuthenticate on the Weblogic server.

I tried putting the code in a managed bean using beforePhase on the view and it didn't work.

What can I do?

Answer 1

You have three ways in order to accomplish this (one of them will cost you money!)

1. Check this Question and this java library and create a Servlet for Authentication behavior, but this way you won't be able to make ADF Security works, and you have to implement Security yourself
2. Check this article and that article to enable Kerberos with Weblogic, and in your ADF application in web.xml make the security as CLIENT-CERT, if you managed to use that ADF Security should work fine
3. Consider using Oracle Single Sign On solution which will require you paying for license

PS: All this solution will only work on IE & Chrome out of the box, you will have to make some configurations to make it work with firefox,