User authentication using Waffle

Hello Everybody,

i’m currently developing an in-house App with vaadin. One of the requirements is to authenticate user via NTLM (Single-Sign-On with windows credentials).
Therefore i’m trying to use

The authentication itself had worked flawlessly; User are recognized and its also possible to restrict access to the Application for specific Active Directory groups.
The Problem that i have now is, that as soon as the user is authenticated & authorized the application loads and i get an instant “Session Expired Error” .

I already tried the suggestions on
page (although i am using HTTPServletRequestListener as suggested), but unfortunately without success.

While debugging the application i saw that the init method in my application class is called twice and i’m not sure why this happens. Could that be the problem?

So here is my question: Does anybody have tried to use WAFFLE with Vaadin and could give me a hint where i should look at?

Thanks in advance

I’m into doing the same thing, getting single-sign-in to work with an in-house Vaadin application.
After some research I found Waffle and then your post.
Did you get it to work correctly?
How did you do? Any hints and/or sources are appreciated.
All examples on waffle I’ve found are with Tomcat and modifying the web.xml…

When running Jetty and Vaadin.
First add the needed libs to your project (In eclipse that is right click on you project->properties->java build path->libraries->add external jars ) as stated in the “Getting started” section of the Waffle docs.
“Add waffle-jna.jar, commons-logging-1.1.1.jar, guava-r07.jar, jna.jar and platform.jar to your CLASSPATH”

in your webserver-class (where you start your webserver) I did these small modifications.

import waffle.servlet.NegotiateSecurityFilter;

in my start()-method i added:
NegotiateSecurityFilter _filter = null;

	_filter = new NegotiateSecurityFilter();
	_filter.setAuth(new WindowsAuthProviderImpl());

                        context.addFilter(new FilterHolder(_filter),"/*",FilterMapping.REQUEST);  //ServletContextHandler

Then my application-class implements the HTTPRequestListener like this
public class myApplication extends Application implements HttpServletRequestListener

I modified one of the two overridden methods like this
public void onRequestStart(HttpServletRequest request,
HttpServletResponse response)
WindowsPrincipal p = (WindowsPrincipal) request.getUserPrincipal();
System.out.print("User who logged in is: "+myUser);


I do not understand when you write :
“in your webserver-class (where you start your webserver)”

because, the Jetty web server is started by using this command :
java -jar start.jar

Where is located this webserver-class ?