[jcifs] finer access control with LogonShare
Blank, Gregory
gregory.blank at citigroup.com
Wed Oct 5 18:55:36 GMT 2005
Mike,
I have several web apps under Tomcat and they require different ACLs.
(JCIFs 1.2.4 under Tomcat 5.5 with logonShare option)
Since only one logonShare is allowed per JVM (everyting is static, I guess there's a reason for that ...) I had to add a few lines of code to finetune the ACLs.
I used the fact that you list the contents of the shared dir to verify the access.
By creating subdirectories and listing their contents instead I can now set different permissions for different instances of the NtlmHttpFilter.
Obviously I had to add one extra init parameter to set the name of that subdirectory (jcifs.smb.client.accessResource).
The diffs are below.
Redards
Greg
===============================================================
jcifs/http/NtlmHttpFilter.java
@@ -55,6 +55,8 @@
private boolean enableBasic;
private boolean insecureBasic;
private String realm;
+
+ private String accessResource = "\\";
public void init( FilterConfig filterConfig ) throws ServletException {
String name;
@@ -68,7 +70,9 @@
Enumeration e = filterConfig.getInitParameterNames();
while( e.hasMoreElements() ) {
name = (String)e.nextElement();
- if( name.startsWith( "jcifs." )) {
+ if (name.equals("jcifs.smb.client.accessResource")) {
+ accessResource = filterConfig.getInitParameter(name);
+ } else if( name.startsWith( "jcifs." )) {
Config.setProperty( name, filterConfig.getInitParameter( name ));
}
}
@@ -179,7 +183,7 @@
}
try {
- SmbSession.logon( dc, ntlm );
+ SmbSession.logon( dc, ntlm, accessResource );
if( log.level > 2 ) {
log.println( "NtlmHttpFilter: " + ntlm +
jcifs/smb/SmbSession.java
@@ -155,12 +155,22 @@
}
public static void logon( UniAddress dc, int port,
- NtlmPasswordAuthentication auth ) throws SmbException {
+ NtlmPasswordAuthentication auth) throws SmbException {
+ logon(dc, port, auth, "\\");
+ }
+
+ public static void logon( UniAddress dc,
+ NtlmPasswordAuthentication auth, String accessResource) throws SmbException {
+ logon(dc, 0, auth, accessResource);
+ }
+
+ public static void logon( UniAddress dc, int port,
+ NtlmPasswordAuthentication auth, String accessResource ) throws SmbException {
SmbTree tree = SmbTransport.getSmbTransport( dc, port ).getSmbSession( auth ).getSmbTree( LOGON_SHARE, null );
if( LOGON_SHARE == null ) {
tree.treeConnect( null, null );
} else {
- Trans2FindFirst2 req = new Trans2FindFirst2( "\\", "*", SmbFile.ATTR_DIRECTORY );
+ Trans2FindFirst2 req = new Trans2FindFirst2(accessResource, "*", SmbFile.ATTR_DIRECTORY );
Trans2FindFirst2Response resp = new Trans2FindFirst2Response();
tree.send( req, resp );
}
More information about the jcifs
mailing list