[jcifs] finer access control with LogonShare

Blank, Gregory gregory.blank at citigroup.com
Wed Oct 5 18:55:36 GMT 2005 

Mike,

I have several web apps under Tomcat and they require different ACLs.
(JCIFs 1.2.4 under Tomcat 5.5 with logonShare option)

Since only one logonShare is allowed per JVM (everyting is static, I guess there's a reason for that ...)  I had to add a few lines of code to finetune the ACLs.

I used the fact that you list the contents of the shared dir to verify the access.
By creating subdirectories and listing their contents instead I can now set different permissions for different instances of the NtlmHttpFilter.

Obviously I had to add one extra init parameter to set the name of that subdirectory (jcifs.smb.client.accessResource).

The diffs are below.

Redards

Greg


===============================================================
jcifs/http/NtlmHttpFilter.java

@@ -55,6 +55,8 @@
     private boolean enableBasic;
     private boolean insecureBasic;
     private String realm;
+    
+    private String accessResource = "\\";
 
     public void init( FilterConfig filterConfig ) throws ServletException {
         String name;
@@ -68,7 +70,9 @@
         Enumeration e = filterConfig.getInitParameterNames();
         while( e.hasMoreElements() ) {
             name = (String)e.nextElement();
-            if( name.startsWith( "jcifs." )) {
+            if (name.equals("jcifs.smb.client.accessResource")) {
+                accessResource = filterConfig.getInitParameter(name);
+            } else if( name.startsWith( "jcifs." )) {
                 Config.setProperty( name, filterConfig.getInitParameter( name ));
             }
         }
@@ -179,7 +183,7 @@
             }
             try {
 
-                SmbSession.logon( dc, ntlm );
+                SmbSession.logon( dc, ntlm, accessResource );
 
                 if( log.level > 2 ) {
                     log.println( "NtlmHttpFilter: " + ntlm +

jcifs/smb/SmbSession.java

@@ -155,12 +155,22 @@
     }
 
     public static void logon( UniAddress dc, int port,
-                        NtlmPasswordAuthentication auth ) throws SmbException {
+            NtlmPasswordAuthentication auth) throws SmbException {
+        logon(dc, port, auth, "\\");
+    }
+
+    public static void logon( UniAddress dc,
+            NtlmPasswordAuthentication auth, String accessResource) throws SmbException {
+        logon(dc, 0, auth, accessResource);
+    }
+    
+    public static void logon( UniAddress dc, int port,
+                        NtlmPasswordAuthentication auth, String accessResource ) throws SmbException {
         SmbTree tree = SmbTransport.getSmbTransport( dc, port ).getSmbSession( auth ).getSmbTree( LOGON_SHARE, null );
         if( LOGON_SHARE == null ) {
             tree.treeConnect( null, null );
         } else {
-            Trans2FindFirst2 req = new Trans2FindFirst2( "\\", "*", SmbFile.ATTR_DIRECTORY );
+            Trans2FindFirst2 req = new Trans2FindFirst2(accessResource, "*", SmbFile.ATTR_DIRECTORY );
             Trans2FindFirst2Response resp = new Trans2FindFirst2Response();
             tree.send( req, resp );
         }

More information about the jcifs mailing list