[jcifs] NTLM authentication performance
eglass1 at attbi.com
eglass1 at attbi.com
Sat May 17 06:17:31 EST 2003
You can extend jcifs.http.NtlmServlet for this; this is intended to provide
NTLM services to pre-2.3 containers. It looks like you are using JSPs --
attached is an extension to NtlmServlet which can act as a JSP base (this might
be useful to others as well). At the top of your JSP, you would put:
<%@ page extends="jcifs.http.NtlmJspBase" %>
It will do the authentication before dispatching to the page body. In your
web.xml, you would have something like:
<servlet>
<servlet-name>FrontPage</servlet-name>
<jsp-file>/portal/index.jsp</jsp-file>
<init-param>
<param-name>jcifs.http.domainController</param-name>
<param-value>10.10.2.20</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>FrontPage</servlet-name>
<url-pattern>/portal/index.jsp</url-pattern>
</servlet-mapping>
The authenticated username would automatically be available in the session as
the "ntlmuser" attribute (domain is "ntlmdomain", and the
NtlmPasswordAuthentication object is "NtlmHttpAuth").
Also, note that if you need to present Basic (i.e., to authenticate Netscape
and other non-IE clients), the NtlmHttpFilter/NtlmServlet already provide
this; you just have to set the jcifs.http.enableBasic and
jcifs.http.insecureBasic init-params to "true". This will offer both NTLM and
Basic in the WWW-Authenticate headers, which will allow IE to use NTLM and
Netscape to use Basic. Be aware, however, that there are large security issues
surrounding Basic auth.
Eric
> RE: [jcifs] NTLM authentication performanceNathan,
>
> Thanks for your reply. It's an idea worth trying. If I understand this
> correctly, you suggest that I create a servlet mapping:
>
> <servlet>
> <servlet-name>
> ntlmservlet
> </servlet-name>
> <servlet-class>
> org.apache.jetspeed.servlets.NTLMServlet
> </servlet-class>
> </servlet>
>
> <servlet-mapping>
> <servlet-name>
> ntlmservlet
> </servlet-name>
> <url-pattern>
> /portal/index.jsp
> </url-pattern>
> </servlet-mapping>
>
> I guess the NTLMServlet would have to store authenticated username in the
> session so the Turbine servlet could retrieve it and do its own internal
> login. I'm a little concerned about the url-pattern to specify for my
> filter. If I don't want to execute this filter every time, then I would have
> to set it to something like "/portal/index.jsp". But if that is the case,
> bookmarking of other links within the portal may quit working. I guess I'll
> have to try it.
>
> Thanks again for your suggestion.
>
>
> Best regards,
>
> Mark Orciuch - morciuch at apache.org
> Jakarta Jetspeed - Enterprise Portal in Java
> http://jakarta.apache.org/jetspeed/
>
> -----Original Message-----
> From: Nathan Zentner [mailto:Nathan.Zentner at paccoast.com]
> Sent: Friday, May 16, 2003 12:03 PM
> To: 'Mark Orciuch'
> Subject: RE: [jcifs] NTLM authentication performance
>
>
> Mark,
>
> You can copy the code that is in the filter and add it to a
> Servlet of you choice, maybe the landing page. This should keep the
> authitication from happening everytime a browser connects to the server.
> The filter gives a config that you setup so that it only checks on the
> <url-patten>. If this has * in it then it will check for each page. I have
> copied the code to a servlet, because I also support netscape and don't want
> it to throw a 401 error. I then created a login page for those netscape
> users so that they can use the domain username and password to login.
>
> Hope this helps at least a little.
>
> Nathan Zentner.
>
> -----Original Message-----
> From: Mark Orciuch [mailto:mark_orciuch at ngsltd.com]
> Sent: Friday, May 16, 2003 9:48 AM
> To: jcifs at lists.samba.org
> Subject: [jcifs] NTLM authentication performance
>
>
>
> I am trying to use the NTLM authentication using jcifs in Jetspeed portal.
> The portal performs well when domain controller is set to a local machine
> (same one running the portal). Local machine runs Tomcat 3.3.1a (servlet
> API
> 2.2). However, when deployed in the production-like environment, there's
> substantial performance degradation.
>
> Production environment uses IBM WebSphere 3.5.6 (servlet API 2.2) and
> therefore I cannot use the NtlmHttpFilter. One thing that I noticed is
> that
> the authentication takes place more than once per session. I'm not sure if
> it's the Turbine architecture (Jetspeed is built on top of Turbine) that's
> causing this. I think that this happens when I do a POST and Turbine does
> some redirection. At that point, I have to logon again. I hope this makes
> sense.
>
> Are there any tips to speed things up? Perhaps some properties to set.
> Thank
> you in advance for any help.
>
> Best regards,
>
> Mark Orciuch - morciuch at apache.org
> Jakarta Jetspeed - Enterprise Portal in Java
> http://jakarta.apache.org/jetspeed/
>
>
>
>
>
> DISCLAIMER: This communication and any files or attachments transmitted
> with it may contain information that is copyrighted or confidential and
> exempt from disclosure under applicable law. It is intended solely for the
> use of the individual or the entity to which it is addressed. If you are
> not the intended recipient, you are herby notified that any use,
> dissemination, or copying of this communication is strictly prohibited. If
> you have received this communication in error, please notify us at once so
> that we may take the appropriate action and avoid troubling you further.
> Thank you for your cooperation. Contact information: Pacific Coast Company
> Inc. 1-916-971-2330 and ask for the e-mail administrator.
>
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/octet-stream
Size: 2780 bytes
Desc: not available
Url : http://lists.samba.org/archive/jcifs/attachments/20030516/e7e51117/attachment.obj
More information about the jcifs
mailing list