Java JEE5 App. Client with windows authentication and without prompting for user name and password

We have JAVA JEE5 enterprise application consisting of a web module and an app client running on glassfish.

We need to set authentication against active directory. I am aware that it is easy to 开发者_如何学Cset up LDAP based authentication for a web module or application client module but they are asking us to pick up the credentials from the windows logon when launching the application client and that somehow the credentials get propagated to the ejb tier as usual. This including not only the user principal but also the roles.

In brief, my question is: Can JAAS plug in to the windows authentication mechanism for desktop clients without prompting the user for user name and password?

Thanks, Pablo.

---

I don't know about the details or JAAS compability but I believe that SPNEGO and/or Integrated Windows Authentication are the things you are looking for.

---

I haven't tried this, but here is a code example of pulling the NTLM username from the browser:

http://www.rgagnon.com/javadetails/java-0441.html

But, since you are talking about a desktop application your question may be how to get the username from within your java application, since NTLM really isn't involved.

http://www.roseindia.net/java/java-get-example/java-get-windows-username.shtml

Basically you would just use: System.getProperty("user.name").

UPDATE:

Since roles and all are needed, you may find that using JNI (http://download.oracle.com/javase/6/docs/technotes/guides/jni/) may be your best bet, but then you are tying this app to Windows, but it sounds like it will be anyway, as you can then call Windows API functions from Java.