[jcifs] Remote User from jcifs with Struts?

Smyth, Jim Jim.Smyth at broadvision.com
Wed Nov 23 12:23:20 GMT 2005 

Raghu,

the filter will get applied before the struts action  (remember you need servlet 2.3 to support filters).

So if you map the filter to all requests, then you can be sure that by the time the action class gets executed, the user has gone through NTLM authentication.

I needed users to be automatically logged in to my portal based on NT credentials and I did this like:

A sample simple filter:
	if (user is NOT logged in to my application) { {
		log.debug("User not yet authenticated");
		NTLMauth;  // do NTLM auth based on original NTLMHttpFilter
		log user into my application;  //if we get this far in to the code then the user credentials are no available
	} else {
		log.debug("Bypassing filter execution because our user is logged in");
	}
	chain.doFilter(...); //continue processing any further filters, then start action class processing

rgds
jim

Date: Wed, 23 Nov 2005 00:03:47 -0500
From: "Rathore, Raghvendra Singh" <raghvendra.rathore at fidelity.co.in>
Subject: [jcifs] Remote User from jcifs with Struts?
To: <jcifs at lists.samba.org>
Message-ID:
	<697DB8FEDD187844AF9A6DFAD66DAFE302E67EF1 at indel702nts.in.fid-intl.com>
Content-Type: text/plain; charset="us-ascii"

Hi Aliaster,

My requirements are very similar to what you have stated.
I want to achieve the similar flow with Struts + NTLM as you have
stated.
initial request --> 
  struts controller -->
    ntlm auth to get remote user --> 
      store user value in session --> 
        do handler stuff
          return view


any other request including POSTs -->
  struts controller -->
    user got from session, do not need NTLM anymore
      do handler stuff
        return view


Facing the similar problem with posts.
Have you got any soln
Can anybody suggest the soln.

Thanks in advance.

Raghu!!
raghvendra.rathore at fidelity.co.in

-----Original Message-----
From: Allistair Crossley 
Sent: 03 December 2003 10:15
To: jcifs at lists.samba.org
Subject: [jcifs] Remote User from jcifs with Struts?


Hi,

We are currently developing a new version of our intranet using Jakarta
Struts and a Content Management System. The current intranet prompts a
user for username and password before logging in. This is to be
eliminated.

Instead, we wish to detect from the user Windows 2000 login who they are
as this login username will be used to tie up with other databases. 

I don't know if you know about Struts but essentially all requests from
the front end web application are mapped to a Controller Servlet
provided by Struts (or in our case a subclass of). 

Anyways, for every request, we have that request routed to a handler
class called an Action, and each Action extends our base SecuredAction
handler class. 

I found an algorithm a short while ago that performs NTLM
authentication. I have built this into the SecuredAction so that if no
session user object exists, it redirects with the WWW-Authenitcate stuff
for NTLM and within a few moments I am able to detect the remote
username, domain and their workstation id.

This has been working very nicely until yesterday when I discovered to
my dismay that I cannot post forms. It seems this will be to do with the
NTLM authentication.

The only other thing I have found out about is JCIFS. I have managed to
find the jcifgs.http package and have seen the filter installation. 

Question:

I am not sure if I can use jcifs just as a means to identifying the
remote user which is all I want and just once, and then have POSTs
working. 

I want to keep my SecuredAction base. It does not have to have the NTLM
in it if there is another way. 

All requests must go through the Struts Controller. I do not know if
this has implications for the jcfis filter since that seems to say I
need to map all requests /* to this. 

Here are 2 little sequences that depict how I want things to work :)

initial request --> 
  struts controller -->
    ntlm auth to get remote user --> 
      store user value in session --> 
        do handler stuff
          return view


any other request including POSTs -->
  struts controller -->
    user got from session, do not need NTLM anymore
      do handler stuff
        return view

More information about the jcifs mailing list