[jcifs] restrict acces to serveral user

Eric eglass1 at comcast.net
Thu Mar 11 00:47:22 GMT 2004

>>i use ntlm http filter for authentication in jspwiki.
>>now i want to restrict access with jcifs to serveral people, who could
>>HOw can i configure the filter in tomcat for restricting access?

The rap branch overrides HttpServletRequest's isUserInRole() to check 
against the domain groups; so at the top of the jsp you could do:

     if (!request.isUserInRole("approle")) {

You can't do it declaratively, however (i.e. through role mappings in 
web.xml).  This is a servlet spec limitation -- using container-managed 
authorization requires container-managed authentication.

> There's another relatively easy trick that you can do though. In
> SmbSession.logon() change IPC$ to something like AUTHCTRL (I should really
> make this a property). Then create a share on your "domainController" with
> this name and tweek it's access control list. Instant group based access
> control!

That is fairly clever.  Would changing that adversely affect anything else?


More information about the jcifs mailing list