[jcifs] Role Based Authentication
Myron Uecker
muecker at us.ibm.com
Wed Sep 1 14:42:20 GMT 2004
> How do I do role based authentication using JCIFS.
> Configuration - Tomcat 5
Are you talking about authentication (logging on to the system) or
authorization (what the user has access to)? jCIFS handles the
authentication based on a Windows domain login id and password. If you
are wanting to know how to handle authorization, here is how I did it:
I used the NtlmHttpFilter to handle authentication. I then created a
second filter to perform a JAAS login using the DatabaseLoginModule
supplied by JBoss. The userid was supplied by jCIFS
(request.getRemoteUser()), but I hard-coded the password to always return
'X' because jCIFS doesn't provide it. I then created a sub-class of
HttpServletWrapper and wrote my own isUserInRole() method by parsing the
Subject to retrieve the set of roles.
I used JBoss, but the same method should apply to almost any server.
Myron Uecker
muecker at us.ibm.com
More information about the jcifs
mailing list