[jcifs] Providing an alternative sign on mechanism.
Jonathan Trumbull
jonathan.trumbull at gmail.com
Fri May 11 13:52:29 GMT 2007
Viraj,
>>Can you send me the code sample that you used in order to accomplish this.
I have this issue where our users are on the Network but not authenticated
via AD, and they see a blank screen when they launch the web site. I am
using the NtlmFIlter for our Spring application.<<
Here is a small snippet from our filter that handles manual logons. Your
application just needs to set a cookie (in our case a constant
SessionKeys.ManualLogin) to kick the process off. Some things you can
ignore like the references to AuthorizerObject which is an interface used to
determine whether a user can access a given URL (in our case we are basing
this on active directory group membership). I have thought about releasing
the full code if anyone thinks this would be useful to a broader audience...
Also, we use the Apache commons logging instead of the approach jcifs takes
(works a lot better with app server logging).
>From the doFilter method of the extended filter:
if (handleManualLoginRequest(req,resp))
{
resp.setContentLength(0);
resp.flushBuffer();
return;
}
Which is defined as below:
/*
* To specify a manual logon, the "ManualLogin" property is set to a
non-null value by
* application. Then the connection is refused twice forcing IE to bring
up a logon dialog box.
* When this returns true, the calling function should just return.
*/
private boolean handleManualLoginRequest(HttpServletRequest req,
HttpServletResponse resp)
throws IOException
{
if (req.getSession().getAttribute(SessionKeys.ManualLogin) != null)
{
logger.debug("Manual login request present.");
req.getSession().setAttribute(SessionKeys.ManualLoginCount.toString(),
new Integer(3));
req.getSession().removeAttribute(SessionKeys.ManualLogin);
req.getSession().removeAttribute(SessionKeys.AuthorizerObject);
}
if (req.getSession().getAttribute(SessionKeys.ManualLoginCount) != null)
{
int mlc = ((Integer) (req.getSession().getAttribute(
SessionKeys.ManualLoginCount)))
.intValue();
if (mlc > 1)
{
mlc--;
req.getSession().setAttribute(SessionKeys.ManualLoginCount, new
Integer(mlc));
resp.setHeader("WWW-Authenticate", "NTLM");
resp.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
return true;
}
else
{
req.getSession().removeAttribute(SessionKeys.ManualLoginCount);
}
}
logger.debug("No manual login request present.");
return false;
}
--Jonathan
On 5/8/07, Viraj Bhatnagar <viraj_bhatnagar at yahoo.com> wrote:
>
> Can you send me the code sample that you used in order to accomplish this.
> I have this issue where our users are on the Network but not authenticated
> via AD, and they see a blank screen when they launch the web site. I am
> using the NtlmFIlter for our Spring application.
> Thanks
> ~ Nidhi
>
> *Jonathan Trumbull <jonathan.trumbull at gmail.com>* wrote:
>
> Shibu,
>
> I had the same issue and handled it by extending NtlmHttpFilter.
> Basically the user clicks a link on the page which sets a "Manual Logon"
> cookie that tells the filter to send back 3 SC_UNAUTHORIZED status's in a
> row (the count is stored in a cookie as well). This forces the browser to
> bring up the manual logon dialogbox--works like a champ.
>
> --Jonathan
>
> On 3/16/07, BASHEER, SHIBU <shibu.basheer at emera.com> wrote:
> >
> > Hi,
> >
> > We are using NtlmHttpFilter for seamless single sign on to our
> > applications. Problem is, some PCs are shared among multiple users.
> >
> > Is there a way to provide an alternative sign on mechanism so user who
> > are not logged on to themselves on a PC can click on a link to sign out and
> > sign in as a different user without having to logout and login again to
> > windows?
> >
> > Currently, we have a all our ..do (struts) url being filtered
> > by NtlmHttpFilter.
> >
> > Thanks,
> > Shibu
> > Confidentiality Notice -This email communication is considered
> > confidential and is intended only for the recipient(s). If you received this
> > email in error,please contact the sender and delete this email. Unauthorized
> > disclosure or copying of this email is prohibited.
> >
> > Attachment Limits -Emera will not accept emails larger than 10MB or
> > emails containing high risk attachments like ZIP, EXE or others that could
> > contain viruses. If you have a business need to send such an email, please
> > contact the recipient for instructions.
> >
> >
>
>
>
> Thanks,
> Viraj Bhatnagar, PMP
> (Cell)510-967-6059
>
> ------------------------------
> Ahhh...imagining that irresistible "new car" smell?
> Check out new cars at Yahoo! Autos.<http://us.rd.yahoo.com/evt=48245/*http://autos.yahoo.com/new_cars.html;_ylc=X3oDMTE1YW1jcXJ2BF9TAzk3MTA3MDc2BHNlYwNtYWlsdGFncwRzbGsDbmV3LWNhcnM->
>
-------------- next part --------------
HTML attachment scrubbed and removed
More information about the jcifs
mailing list