[jcifs] Problem with JCIFS NTLM Authentication for HTTP Connections

Jason Bainbridge jbainbridge at gmail.com
Tue Jan 18 14:58:39 GMT 2005

On Tue, 18 Jan 2005 09:24:56 +0100, Doan, Thi-My-Chi
<thi-my-chi.doan at hp.com> wrote:
> Hi Mike,
> Sorry, the wording I used may be unclear. We have a web application,
> which can be accessed
> 1) By web browser or
> 2) By a Java application via servlet.
> I'm looking a way to authenticate users from both. The only way I found
> is to use the login page to ask WebLogic server to authenticate the user
> and to add appropriate roles, groups to that user by using my own
> authentication provider. Actually, this authenticator does not need to
> verify user login and password, as this already done by jCIFS filter as
> soon as user accessing the login page.
> Using web browser, user has to click on the login button in the login
> page, but they don't need to enter login and password.
> From Java application, users has to enter their NT login and password,
> which then be sent to /j_security_check.
> 1) Is it the right approach?
> 2) Is it safe what I try to do?
> I think there must be a more elegant solution for that, but I couldn't
> find it.
> Jason, you told you are able to ask WebLogic to authenticate user with
> jCIFS. How did you do that?

The filter does the authentication of the user itself so remove that
login-config you have in your web.xml and just let the filter do it's
job. Then I assume that whatever realms or whatever you have setup in
Weblogic will use the Request.getRemoteUser that is set by the filter.
I think you are just trying to over complicate things.

I don't know how it would work accessing your servlet from your client
application though as I haven't had much experience on the client side
of Java.

Jason Bainbridge
KDE - Conquer Your Desktop - http://kde.org
KDE Web Team - webmaster at kde

More information about the jcifs mailing list