[jcifs] Do I need to inform domain+user+password
Eric Glass
eric.glass at gmail.com
Tue Jan 2 12:32:06 GMT 2007
The jCIFS servlet filter is applied to the servlet/application by
adding it to the web.xml deployment descriptor, as described here:
http://jcifs.samba.org/src/docs/ntlmhttpauth.html
The filter will authenticate all requests for resources to which it is
mapped against the domain controller; that is, if a request from a
client successfully traverses the filter, it is assured that they have
provided valid domain credentials by the time the request hits your
servlet.
You can obtain the username in your servlet by doing
request.getRemoteUser(); if you need the domain you can get that by
doing:
NtlmPasswordAuthentication ntlm =
(NtlmPasswordAuthentication) request.getAttribute("NtlmHttpAuth");
String domain = ntlm.getDomain();
NTLM is a challenge/response protocol, so it is not possible to obtain
the actual account password (if that is what you are asking).
Basically the filter will authenticate the client, handling the NTLM
handshake; your servlet will receive an already-authenticated request,
from which you can obtain the authenticated username and domain.
Eric
On 1/2/07, Luiz_Estivalet at dell.com <Luiz_Estivalet at dell.com> wrote:
> I see... But how can I get the credentials? I have a main servlet that
> is used to service all my requests. I'm trying to understand how can
> this servlet can get user's credentials to be used to authenticate the
> webservice. Is there a sample code that I can use?
>
>
> -----Original Message-----
> From: Eric Glass [mailto:eric.glass at gmail.com]
> Sent: Friday, December 29, 2006 7:03 PM
> To: Estivalet, Luiz
> Cc: mba2000 at ioplex.com; jcifs at lists.samba.org
> Subject: Re: [jcifs] Do I need to inform domain+user+password
>
> It is not possible to retrieve the plaintext password provided by the
> web service consumer. It is possible to authenticate that the client
> possesses valid credentials however (i.e. you will know that the client
> has a valid password, but your service will not itself obtain the
> password).
>
> On 12/29/06, Luiz_Estivalet at dell.com <Luiz_Estivalet at dell.com> wrote:
> > I want to implement SSO in my web application that is using web
> > services. I'd like to have the username and password (NT login) to
> > authenticate my webservice. I can get the username and domain but it
> > is also possible to get the password?
> >
> >
> > Luiz Fernando Estivalet
> > Global Corporate IT
> > >Dell | Information Technology - Brazil
> > >Phone: +55 (51) 3320-7530
> > >From Austin: 7-781-7530
> > >luiz_estivalet at dell.com
> >
> > -----Original Message-----
> > From: Michael B Allen [mailto:mba2000 at ioplex.com]
> > Sent: Friday, December 29, 2006 2:56 PM
> > To: Estivalet, Luiz
> > Cc: jcifs at lists.samba.org
> > Subject: Re: [jcifs] Do I need to inform domain+user+password
> >
> > On Fri, 29 Dec 2006 14:52:50 -0200
> > <Luiz_Estivalet at Dell.com> wrote:
> >
> > > Is there a way to get the password?
> >
> > I don't understand the question. Get the password in what situation?
> >
> > > -----Original Message-----
> > > From: Michael B Allen [mailto:mba2000 at ioplex.com]
> > > Sent: Friday, December 29, 2006 2:52 PM
> > > To: Estivalet, Luiz
> > > Cc: jcifs at lists.samba.org
> > > Subject: Re: [jcifs] Do I need to inform domain+user+password
> > >
> > > On Fri, 29 Dec 2006 11:22:35 -0200
> > > <Luiz_Estivalet at Dell.com> wrote:
> > >
> > > > Hi,
> > > >
> > > > I'm new to the list and to NTLM stuff. I need to perform a SSO, I
> > > > have
> > >
> > > > downloaded and tried JCIFS examples but I always have to inform
> > > > doamin+user+password in web.xml... And I really don't want that.
> > > >
> > > > What I need is to discover the domain+user+password without
> > > > informing it in the web.xml. How can I achieve this?
> > >
> > > If the domain controller requires SMB signatures you must have the
> > > domain+user+password in your web.xml.
> > >
> > > Mike
> > >
> > > --
> > > Michael B Allen
> > > PHP Active Directory SSO
> > > http://www.ioplex.com/
> > >
> >
> >
> > --
> > Michael B Allen
> > PHP Active Directory SSO
> > http://www.ioplex.com/
> >
>
More information about the jcifs
mailing list