[jcifs] Alternating Users

[Jason Bainbridge]

On 4/12/05, Michael B Allen <mba2000 at ioplex.com> wrote:
> We get this type of question occasionally and I believe the prevailing
> answer is to use 'Basic' authentication w/ SSL. Of course that is not
> transparent to the user though. With a good understanding of the NTLM
> HTTP Authentication protocol [1] you might figure out a way to use a
> combination of NTLM and Basic authentication and customize the filter
> to trick IE into renegotiating credentials on demand.

Well you could just use jcifs to get the current user's credentials
and use that to automatically log them into your application level
security and allow them to logoff the application so someone else can
logon with their application credentials (not their Windows logon).
However all they would need to do is close the browser and reopen to
get logged on as the logged in Windows user.

We currently have the situation where all our authentication was
previously handled within the application so now what we do is grabbed
the currently logged in Windows user credentials than compare that to
our application security to see if that user exists and if they do
they are logged on automatically and in Production they can't switch
users at all. In Development though we have it setup so you can log
out of the application and log in as a different user and can set it
up for specific users in Production to be able to do that as well.

So that solution doesn't really deal with the NTLM at all but works
completely around it and may or may not work for the original posters
needs, keep in mind though if it is the same domain scenario then a
simple close and reopen of the browser will get them logged in as the
previous user no matter how you implement logoff  functionality unless
you do something further to work around that.

Regards,
-- 
Jason Bainbridge
http://kde.org - webmaster at kde.org
Personal Site - http://jasonbainbridge.com