[jcifs] Alternative to jcifs.http.NtlmHttpFilter
Allen, Michael B (RSCH)
Michael_B_Allen at ml.com
Wed Oct 23 09:17:21 EST 2002
> -----Original Message-----
> From: eglass1 at attbi.com [SMTP:eglass1 at attbi.com]
> Sent: Tuesday, October 22, 2002 3:30 AM
> To: Allen, Michael B (RSCH)
> Cc: 'Michael Piscatello'; jcifs at lists.samba.org
> Subject: RE: [jcifs] Alternative to jcifs.http.NtlmHttpFilter
>
> I thought about this as well -- one thing that might be
> useful would be to include the HttpServletRequestWrapper
> in the filter (to provide getPrincipal(), getRemoteUser
> (), etc.),
>
Not sure what you mean by this. Do you mean include the
HttpServletRequestWrapper class with the jCIFS package?
> but then set the "NtlmHttpFilter" session
> flag to the principal name (i.e., 'DOMAIN\user') instead
> of just the string "1". That way, it provides a quick
> and dirty means of obtaining that information under 2.2-.
>
Actually I did change the attribute name to NtlmHttpAuth
and I put the NtlmPasswordAuthentication object in the
session instead of "1". I realize this was the sort of thing
that got me in trouble the last time but take a look. I think
you'll agree it should work just fine. Pre-2.3 users can
retrive that. It now implements java.security.Principal so I
need to put that in the session so I can pass it to the
NtlmHttpServletRequest (a.k.a your NtlmRequest). Doing
this avoids performing NTLM SSP with each and every
request which is noticably slower and provides the
getRemoteUser functionality at the same time.
> Also, it might be clearer to use a more "generic"
> attribute name ("NtlmUser" or something) since I used
> the same attribute for the servlet; that way, if you use
> both the servlet and the filter in a post-2.3
> environment, the authentication can interoperate. On a
> more pedantic note, the servlet spec recommends that
> attribute names use the "jcifs.http..." convention for
> naming (to avoid collisions).
>
Then we should change it to jcifs.http.ntlmdomain and
jcifs.http.ntlmuser. It would also be nice to extract the
workgroup and netbios hostname like I was doing
previously.
More information about the jcifs
mailing list