Knowledge Base > Article [0059]

JDBC Windows Authentication

You probably know our DualShield server uses JDBC to connect to database. Some people asked if they could use Windows Authentication to Microsoft SQL server.

The answer is YES. Now let us see how we can achieve it.

First of all, let us see the original connection string in server.xml file.

<Resource driverClassName="" maxActive="1000" maxIdle="2" maxWait="5000" name="jdbc/DasDS" password="changeit" type="javax.sql.DataSource" url="jdbc:sqlserver://;DatabaseName=dualshield2;SelectMethod=cursor;" username="sa" validationQuery="Select 1" />

change it to

<Resource driverClassName="" maxActive="1000" maxIdle="2" maxWait="5000" name="jdbc/DasDS" type="javax.sql.DataSource" url="jdbc:sqlserver://;DatabaseName=dualshield2;SelectMethod=cursor;integratedSecurity=true;" validationQuery="Select 1"/>

In the new string, there is no username/password, instead it has integratedSecurity=true

Is that all? No, I am afraid. You need to do the followings

Download Microsoft JDBC Driver 4.0 for SQL Server, unzip it to somewhere, find the file sqljdbc4.jar, replace the one under C:\Program Files\Deepnet DualShield\tomcat\lib. find the file sqljdbc_auth.dll (make sure use the right version x64/x86, it depends on DualShield/OS version)

copy it to the folder C:\Program Files\Deepnet DualShield\tomcat\lib

Add a Java option

-Djava.library.path=C:\Program Files\Deepnet DualShield\tomcat\lib

It is close to finish. At this time, you may still wonder why there is no username /password in the new connection string? which particular user will be used to connect SQL server? Here is the answer.

Check the property of DaulShield service

By default, it logs on as "Local System account", you need to change to a windows account which is assigned some SQL permissions


Note: if DualShiled is installed on the same machine where SQL server is installed, you may still be able to use "Local System account".

Consequently, you may need to add that windows account (in the example, spadmin@ds08.local) onto the folder "Deepnet DualShield", allow it to have write privilege on this folder, otherwise it may cause problem.

Unfortunately, our installer doesn't natively support Windows Authentication, you have to get a provisional SQL account during installtion. After installation, you can switch to Windows Authentication.