[jcifs] silent authentication

Fri Sep 9 10:47:47 GMT 2005

It would be possible, but you would probably have to do some legwork:

1. In the filter, where it does SmbSession.logon(), you would modify
the catch clause.  Instead of reinitiating the NTLM logon, you would
do a request dispatcher forward or redirect to your login page.

2. You would probably need to exclude your login pages etc. from the
filter mapping (since you don't want it to grab the request and
reattempt NTLM logon).

3. After successful login using your form-based stuff, you would set
the identity in the session.  You would need to modify the filter to
check that identity also, and not perform NTLM if the user is already
authenticated with the form-based approach.

On 9/7/05, Markus Pitsch <markus_pitsch at gmx.net> wrote:
> > --- Ursprüngliche Nachricht ---
> > Von: Richard Caper <rcaper at gmail.com>
> > An: jcifs at samba.org
> > Betreff: [jcifs] silent authentication
> > Datum: Tue, 6 Sep 2005 10:49:54 -0400
> >
> 
> thanks a lot for your help,...
> 
> > How are the failing users logged in?  If they are not in the ww300
> > domain, then there would need to be a trust between ww300 and whatever
> > domain they are in.
> 
> i would like to do a single sign on when the user is in the domain. The
> failing user should do a login on the start page with his user credits(email
> an password).
> so it´s nessacary for me the check out the user within the servlet and the
> filter. i thought i do this by checking out in my servlet before the normal
> start page with the login dialog appears. if a user is in the domain the
> filter is working fine, and i get the remote user. then the logged user gets
> directly in the real application without doing a login by email and
> password.
> >
> > If they are local users or similar, this would probably not work at
> > all; the filter connects to a domain controller for the specified
> > domain (ww300) and authenticates the credentials provided by the user
> > against that domain.  If they are not members of the domain (or one
> > trusted by that domain) then this authentication cannot be done.
> 
> o.k this seem to be clear for me. but is there a possibilty to get an
> exception or something like that in my servlet or elsewhere , when the local
> user tries to connect and the filter can´t make the authentication.
> 
> i hope you understand me problems,
> 
> best regards, M.P.
> 
> --
> Lust, ein paar Euro nebenbei zu verdienen? Ohne Kosten, ohne Risiko!
> Satte Provisionen für GMX Partner: http://www.gmx.net/de/go/partner
>