[jcifs] Providing an alternative sign on mechanism.

Jonathan Trumbull jonathan.trumbull at gmail.com
Fri May 11 13:52:29 GMT 2007 

Viraj,

>>Can you send me the code sample that you used in order to accomplish this.
I have this issue where our users are on the Network but not authenticated
via AD, and they see a blank screen when they launch the web site. I am
using the NtlmFIlter for our Spring application.<<

Here is a small snippet from our filter that handles manual logons.  Your
application just needs to set a cookie (in our case a constant
SessionKeys.ManualLogin) to kick the process off.  Some things you can
ignore like the references to AuthorizerObject which is an interface used to
determine whether a user can access a given URL (in our case we are basing
this on active directory group membership).  I have thought about releasing
the full code if anyone thinks this would be useful to a broader audience...

Also, we use the Apache commons logging instead of the approach jcifs takes
(works a lot better with app server logging).

>From the doFilter method of the extended filter:

 if (handleManualLoginRequest(req,resp))
    {
      resp.setContentLength(0);
      resp.flushBuffer();
      return;
    }

Which is defined as below:

  /*
   * To specify a manual logon, the "ManualLogin" property is set to a
non-null value by
   * application. Then the connection is refused twice forcing IE to bring
up a logon dialog box.
   * When this returns true, the calling function should just return.
   */
  private boolean handleManualLoginRequest(HttpServletRequest req,
HttpServletResponse resp)
      throws IOException
  {
    if (req.getSession().getAttribute(SessionKeys.ManualLogin) != null)
    {
      logger.debug("Manual login request present.");
      req.getSession().setAttribute(SessionKeys.ManualLoginCount.toString(),
new Integer(3));
      req.getSession().removeAttribute(SessionKeys.ManualLogin);
      req.getSession().removeAttribute(SessionKeys.AuthorizerObject);
    }

    if (req.getSession().getAttribute(SessionKeys.ManualLoginCount) != null)
    {
      int mlc = ((Integer) (req.getSession().getAttribute(
SessionKeys.ManualLoginCount)))
          .intValue();

      if (mlc > 1)
      {
        mlc--;

        req.getSession().setAttribute(SessionKeys.ManualLoginCount, new
Integer(mlc));

        resp.setHeader("WWW-Authenticate", "NTLM");
        resp.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
        return true;
      }
      else
      {
        req.getSession().removeAttribute(SessionKeys.ManualLoginCount);
      }
    }
    logger.debug("No manual login request present.");
    return false;
  }

--Jonathan

On 5/8/07, Viraj Bhatnagar <viraj_bhatnagar at yahoo.com> wrote:
>
> Can you send me the code sample that you used in order to accomplish this.
> I have this issue where our users are on the Network but not authenticated
> via AD, and they see a blank screen when they launch the web site. I am
> using the NtlmFIlter for our Spring application.
> Thanks
> ~ Nidhi
>
> *Jonathan Trumbull <jonathan.trumbull at gmail.com>* wrote:
>
> Shibu,
>
> I had the same issue and handled it by extending NtlmHttpFilter.
> Basically the user clicks a link on the page which sets a "Manual Logon"
> cookie that tells the filter to send back 3 SC_UNAUTHORIZED status's in a
> row (the count is stored in a cookie as well).  This forces the browser to
> bring up the manual logon dialogbox--works like a champ.
>
> --Jonathan
>
> On 3/16/07, BASHEER, SHIBU <shibu.basheer at emera.com> wrote:
> >
> >  Hi,
> >
> > We are using NtlmHttpFilter for seamless single sign on to our
> > applications.  Problem is, some PCs are shared among multiple users.
> >
> > Is there a way to provide an alternative sign on mechanism so user who
> > are not logged on to themselves on a PC can click on a link to sign out and
> > sign in as a different user without having to logout and login again to
> > windows?
> >
> > Currently, we have a all our ..do (struts) url being filtered
> > by NtlmHttpFilter.
> >
> > Thanks,
> > Shibu
> >   Confidentiality Notice -This email communication is considered
> > confidential and is intended only for the recipient(s). If you received this
> > email in error,please contact the sender and delete this email. Unauthorized
> > disclosure or copying of this email is prohibited.
> >
> > Attachment Limits -Emera will not accept emails larger than 10MB or
> > emails containing high risk attachments like ZIP, EXE or others that could
> > contain viruses. If you have a business need to send such an email, please
> > contact the recipient for instructions.
> >
> >
>
>
>
> Thanks,
> Viraj Bhatnagar, PMP
> (Cell)510-967-6059
>
> ------------------------------
> Ahhh...imagining that irresistible "new car" smell?
> Check out new cars at Yahoo! Autos.<http://us.rd.yahoo.com/evt=48245/*http://autos.yahoo.com/new_cars.html;_ylc=X3oDMTE1YW1jcXJ2BF9TAzk3MTA3MDc2BHNlYwNtYWlsdGFncwRzbGsDbmV3LWNhcnM->
>
-------------- next part --------------
HTML attachment scrubbed and removed

More information about the jcifs mailing list