[jcifs] NTLM HTTP Authentication in combination with
Tomcat user-roles...
Eric
eglass1 at comcast.net
Thu Aug 14 09:50:42 EST 2003
> I wanted to investigate the possibility of using NTLM HTTP
> authentication as a convenience since the app is currently being
> accessed exclusively by IE clients. I started googling and came up with
> two answers, "j2se1.4.2 has NTLM built in" and "use jcifs".
> I was completely unable to find any relevant information about the new
> NTLM features in 1.4.2. The only concrete information I could find is
> that the java plugin now supports it in some manner.
1.4.2 supports NTLM HTTP authentication from the *client* side (i.e.,
via HttpURLConnection) on Windows.
> I downloaded the jcifs package and followed the example on the website,
> and I was able to replace my current security model with NTLM, but this
> isn't exactly what I'm looking for.
>
> My question is this:
> Is it possible to use jcifs's NTLM HTTP Auth filter in combination
> with Tomcat user roles? Such that I can still have my multiple levels
> of security based on the roles the user is set up on and restrict access
> to those directories that they do not have?
Not without doing some Tomcat (or other container) specific development.
The authentication filter operates independent of the security
configuration in web.xml (you might actually get weird behavior if you
attempt to use both).
It shouldn't be too terribly difficult to write a Tomcat extension to do
this; most of the NTLM-specific code could probably be copied and
pasted directly from the filter.
Eric
More information about the jcifs
mailing list