[jcifs] jCIFS NTLM HTTP Authentication / grant access to roles

eglass1 at attbi.com eglass1 at attbi.com
Wed Jun 18 02:28:29 EST 2003

> Hi Eric,
> thank´s very much for your promptly answer.
> You say, its not the best Idea to change the Class, but in
> the moment i have no other idea.
> So nevertheless i decided to override the function 
> NtlmHttpServletRequest.isUserInRole.

Sorry, I wasn't very clear in my response -- this is the approach I was
advocating (doing your own modification of the NtlmHttpServletRequest class).

> After i installing the new class, it can be seen, that the Constructor
> is called, but the function isUserInRole is not visited.
> The client gets promptly redirected to the login-Screen defined in 
> <login-config>.
> One interesting fact is, that the login-Config works only correct,
> when the NTLM-Filter is deactivated.

You would call isUserInRole from within your application; i.e.:

if (isUserInRole("admin")) {
    out.println("you are an admin.");

You won't be able to use container-managed security (defining role mappings
within web.xml); the reason is that these rules are applied prior to the
request being dispatched to the web application.  Effectively, the rules
defined in web.xml will prevent the filter from ever seeing the request.

If you need to use container-managed security, you would have to implement
a container-specific extension to do NTLM; most servlet containers provide
an API for developing such extensions.  Unfortunately, they aren't portable
between containers (which is why we have the filter).


More information about the jcifs mailing list