[jcifs] restrict acces to serveral user
Eric
eglass1 at comcast.net
Thu Mar 11 00:47:22 GMT 2004
>>
>>i use ntlm http filter for authentication in jspwiki.
>>now i want to restrict access with jcifs to serveral people, who could
>>login.
>>
>>HOw can i configure the filter in tomcat for restricting access?
>
>
The rap branch overrides HttpServletRequest's isUserInRole() to check
against the domain groups; so at the top of the jsp you could do:
<%
if (!request.isUserInRole("approle")) {
response.sendError(HttpServletResponse.SC_FORBIDDEN);
return;
}
%>
You can't do it declaratively, however (i.e. through role mappings in
web.xml). This is a servlet spec limitation -- using container-managed
authorization requires container-managed authentication.
>
> There's another relatively easy trick that you can do though. In
> SmbSession.logon() change IPC$ to something like AUTHCTRL (I should really
> make this a property). Then create a share on your "domainController" with
> this name and tweek it's access control list. Instant group based access
> control!
>
That is fairly clever. Would changing that adversely affect anything else?
Eric
More information about the jcifs
mailing list