[jcifs] Providing an alternative sign on mechanism.
jonathan.trumbull at gmail.com
Fri May 11 13:52:29 GMT 2007
>>Can you send me the code sample that you used in order to accomplish this.
I have this issue where our users are on the Network but not authenticated
via AD, and they see a blank screen when they launch the web site. I am
using the NtlmFIlter for our Spring application.<<
Here is a small snippet from our filter that handles manual logons. Your
application just needs to set a cookie (in our case a constant
SessionKeys.ManualLogin) to kick the process off. Some things you can
ignore like the references to AuthorizerObject which is an interface used to
determine whether a user can access a given URL (in our case we are basing
this on active directory group membership). I have thought about releasing
the full code if anyone thinks this would be useful to a broader audience...
Also, we use the Apache commons logging instead of the approach jcifs takes
(works a lot better with app server logging).
>From the doFilter method of the extended filter:
Which is defined as below:
* To specify a manual logon, the "ManualLogin" property is set to a
non-null value by
* application. Then the connection is refused twice forcing IE to bring
up a logon dialog box.
* When this returns true, the calling function should just return.
private boolean handleManualLoginRequest(HttpServletRequest req,
if (req.getSession().getAttribute(SessionKeys.ManualLogin) != null)
logger.debug("Manual login request present.");
if (req.getSession().getAttribute(SessionKeys.ManualLoginCount) != null)
int mlc = ((Integer) (req.getSession().getAttribute(
if (mlc > 1)
logger.debug("No manual login request present.");
On 5/8/07, Viraj Bhatnagar <viraj_bhatnagar at yahoo.com> wrote:
> Can you send me the code sample that you used in order to accomplish this.
> I have this issue where our users are on the Network but not authenticated
> via AD, and they see a blank screen when they launch the web site. I am
> using the NtlmFIlter for our Spring application.
> ~ Nidhi
> *Jonathan Trumbull <jonathan.trumbull at gmail.com>* wrote:
> I had the same issue and handled it by extending NtlmHttpFilter.
> Basically the user clicks a link on the page which sets a "Manual Logon"
> cookie that tells the filter to send back 3 SC_UNAUTHORIZED status's in a
> row (the count is stored in a cookie as well). This forces the browser to
> bring up the manual logon dialogbox--works like a champ.
> On 3/16/07, BASHEER, SHIBU <shibu.basheer at emera.com> wrote:
> > Hi,
> > We are using NtlmHttpFilter for seamless single sign on to our
> > applications. Problem is, some PCs are shared among multiple users.
> > Is there a way to provide an alternative sign on mechanism so user who
> > are not logged on to themselves on a PC can click on a link to sign out and
> > sign in as a different user without having to logout and login again to
> > windows?
> > Currently, we have a all our ..do (struts) url being filtered
> > by NtlmHttpFilter.
> > Thanks,
> > Shibu
> > Confidentiality Notice -This email communication is considered
> > confidential and is intended only for the recipient(s). If you received this
> > email in error,please contact the sender and delete this email. Unauthorized
> > disclosure or copying of this email is prohibited.
> > Attachment Limits -Emera will not accept emails larger than 10MB or
> > emails containing high risk attachments like ZIP, EXE or others that could
> > contain viruses. If you have a business need to send such an email, please
> > contact the recipient for instructions.
> Viraj Bhatnagar, PMP
> Ahhh...imagining that irresistible "new car" smell?
> Check out new cars at Yahoo! Autos.<http://us.rd.yahoo.com/evt=48245/*http://autos.yahoo.com/new_cars.html;_ylc=X3oDMTE1YW1jcXJ2BF9TAzk3MTA3MDc2BHNlYwNtYWlsdGFncwRzbGsDbmV3LWNhcnM->
-------------- next part --------------
HTML attachment scrubbed and removed
More information about the jcifs