[jcifs] NTLM authentication performance
Jason Bainbridge
jason.bainbridge at bmssolutions.com
Sat May 17 07:28:35 EST 2003
I'm guessing I am doing some dumbass thing as I am only realtively new to Java
still but I can't for the life of me get the below to work:
OS: Windows 2000 Pro,
JDK: Sun 1.4.0
Tomcat 4.1.24 with modjk2 running inprocess with Apache
I compiled the attached servlet in the jcifs.http package as it was setup,
deployed it to my webapp, removed the filter from web.xml and added the
following instead:
<servlet>
<servlet-name>FrontPage</servlet-name>
<jsp-file>/intranet/index.jsp</jsp-file>
<init-param>
<param-name>jcifs.http.domainController</param-name>
<param-value>192.168.0.1</param-value>
</init-param>
</servlet>
<servlet-mapping>
<servlet-name>FrontPage</servlet-name>
<url-pattern>/intranet/index.jsp</url-pattern>
</servlet-mapping>
and then I added <%@ page extends="jcifs.http.NtlmJspBase" %> to the top of
index.jsp
Am I missing a step here does FrontPAge actually have to physically exist? If
so what does it need to do?
With my current config the page loads first timeall the way up to my
getremoteuser call (that was working fine before with the filter) but
subsequent requests result in HTTP Status 503 - No domain controller
specified. errors in Tomcat. Any ideas? I'm sure I'm missing something
obvious...
The reason I don't want to use the filter is that I only need to retrieve the
logged in user details to use within the web application's own security and if
I use the filter than it has to be on all pages otherwise POST won't work.
Regards,
------------------------------------------
Jason Bainbridge
Technical Support Consultant
BMS Solutions Pty Ltd
------------------------------------------
Tel: +61 8 9444 2777
Fax: +61 8 9444 2477
Mobile: +61 402 786 508
------------------------------------------
> -----Original Message-----
> From: jcifs-bounces+jason.bainbridge=bmssolutions.com at lists.samba.org
> [mailto:jcifs-bounces+jason.bainbridge=bmssolutions.com at lists.samba.org]
> On Behalf Of eglass1 at attbi.com
> Sent: Saturday, 17 May 2003 4:18 AM
> To: Mark Orciuch
> Cc: Nathan Zentner; jcifs at lists.samba.org
> Subject: RE: [jcifs] NTLM authentication performance
>
>
> You can extend jcifs.http.NtlmServlet for this; this is intended to provide
> NTLM services to pre-2.3 containers. It looks like you are using JSPs --
> attached is an extension to NtlmServlet which can act as a JSP base
> (this might
> be useful to others as well). At the top of your JSP, you would put:
>
> <%@ page extends="jcifs.http.NtlmJspBase" %>
>
> It will do the authentication before dispatching to the page body. In your
> web.xml, you would have something like:
>
> <servlet>
> <servlet-name>FrontPage</servlet-name>
> <jsp-file>/portal/index.jsp</jsp-file>
> <init-param>
> <param-name>jcifs.http.domainController</param-name>
> <param-value>10.10.2.20</param-value>
> </init-param>
> </servlet>
> <servlet-mapping>
> <servlet-name>FrontPage</servlet-name>
> <url-pattern>/portal/index.jsp</url-pattern>
> </servlet-mapping>
>
>
> The authenticated username would automatically be available in the
> session as
> the "ntlmuser" attribute (domain is "ntlmdomain", and the
> NtlmPasswordAuthentication object is "NtlmHttpAuth").
>
> Also, note that if you need to present Basic (i.e., to authenticate
> Netscape
> and other non-IE clients), the NtlmHttpFilter/NtlmServlet already provide
> this; you just have to set the jcifs.http.enableBasic and
> jcifs.http.insecureBasic init-params to "true". This will offer
> both NTLM and
> Basic in the WWW-Authenticate headers, which will allow IE to use NTLM and
> Netscape to use Basic. Be aware, however, that there are large
> security issues
> surrounding Basic auth.
>
> Eric
>
> > RE: [jcifs] NTLM authentication performanceNathan,
> >
> > Thanks for your reply. It's an idea worth trying. If I understand this
> > correctly, you suggest that I create a servlet mapping:
> >
> > <servlet>
> > <servlet-name>
> > ntlmservlet
> > </servlet-name>
> > <servlet-class>
> > org.apache.jetspeed.servlets.NTLMServlet
> > </servlet-class>
> > </servlet>
> >
> > <servlet-mapping>
> > <servlet-name>
> > ntlmservlet
> > </servlet-name>
> > <url-pattern>
> > /portal/index.jsp
> > </url-pattern>
> > </servlet-mapping>
> >
> > I guess the NTLMServlet would have to store authenticated username in the
> > session so the Turbine servlet could retrieve it and do its own internal
> > login. I'm a little concerned about the url-pattern to specify for my
> > filter. If I don't want to execute this filter every time, then I
> would have
> > to set it to something like "/portal/index.jsp". But if that is the case,
>
> > bookmarking of other links within the portal may quit working. I
> guess I'll
> > have to try it.
> >
> > Thanks again for your suggestion.
> >
> >
> > Best regards,
> >
> > Mark Orciuch - morciuch at apache.org
> > Jakarta Jetspeed - Enterprise Portal in Java
> > http://jakarta.apache.org/jetspeed/
> >
> > -----Original Message-----
> > From: Nathan Zentner [mailto:Nathan.Zentner at paccoast.com]
> > Sent: Friday, May 16, 2003 12:03 PM
> > To: 'Mark Orciuch'
> > Subject: RE: [jcifs] NTLM authentication performance
> >
> >
> > Mark,
> >
> > You can copy the code that is in the filter and add it to a
> > Servlet of you choice, maybe the landing page. This should keep the
> > authitication from happening everytime a browser connects to the server.
> > The filter gives a config that you setup so that it only checks on the
> > <url-patten>. If this has * in it then it will check for each
> page. I have
> > copied the code to a servlet, because I also support netscape and
> don't want
> > it to throw a 401 error. I then created a login page for those netscape
>
> > users so that they can use the domain username and password to login.
> >
> > Hope this helps at least a little.
> >
> > Nathan Zentner.
> >
> > -----Original Message-----
> > From: Mark Orciuch [mailto:mark_orciuch at ngsltd.com]
> > Sent: Friday, May 16, 2003 9:48 AM
> > To: jcifs at lists.samba.org
> > Subject: [jcifs] NTLM authentication performance
> >
> >
> >
> > I am trying to use the NTLM authentication using jcifs in
> Jetspeed portal.
> > The portal performs well when domain controller is set to a
> local machine
> > (same one running the portal). Local machine runs Tomcat 3.3.1a (servlet
> > API
> > 2.2). However, when deployed in the production-like environment, there's
> > substantial performance degradation.
> >
> > Production environment uses IBM WebSphere 3.5.6 (servlet API 2.2) and
> > therefore I cannot use the NtlmHttpFilter. One thing that I noticed is
> > that
> > the authentication takes place more than once per session. I'm
> not sure if
> > it's the Turbine architecture (Jetspeed is built on top of
> Turbine) that's
>
> > causing this. I think that this happens when I do a POST and
> Turbine does
> > some redirection. At that point, I have to logon again. I hope
> this makes
> > sense.
> >
> > Are there any tips to speed things up? Perhaps some properties to set.
> > Thank
> > you in advance for any help.
> >
> > Best regards,
> >
> > Mark Orciuch - morciuch at apache.org
> > Jakarta Jetspeed - Enterprise Portal in Java
> > http://jakarta.apache.org/jetspeed/
> >
> >
> >
> >
> >
> > DISCLAIMER: This communication and any files or attachments transmitted
> > with it may contain information that is copyrighted or confidential and
> > exempt from disclosure under applicable law. It is intended
> solely for the
> > use of the individual or the entity to which it is addressed. If you are
> > not the intended recipient, you are herby notified that any use,
> > dissemination, or copying of this communication is strictly
> prohibited. If
> > you have received this communication in error, please notify us at once so
>
> > that we may take the appropriate action and avoid troubling you further.
> > Thank you for your cooperation. Contact information: Pacific Coast Company
> > Inc. 1-916-971-2330 and ask for the e-mail administrator.
> >
> >
> >
>
>
More information about the jcifs
mailing list