[jcifs] ntlm authentication using spnego + jcifs

Rohnny Moland rmoland at gmail.com
Mon Apr 7 18:21:21 GMT 2008

Hi Asaf,

On Mon, Apr 7, 2008 at 4:49 PM, Asaf Mesika <asaf.mesika at gmail.com> wrote:
> Well first of, it would help if you can describe the solution you've
> implemented in a broad sense: Tomcat Authenticators, JBoss Login Modules.
> Are you using any third party library for that? (jCIFS is targeted at NTLM
> authentication and not NEGOTIATE).

Thanks for your reply. Attached to the wiki page I referred to is a
negotiate module, built on top of jcifs which I use. The solution uses
negotiate and then silent NTLM or silent kerberos. The wiki page also
describes how I should set up a login module inside jboss, which I
have done. After looking closer at it, I understood that the number I
got back is some sort of encoded value, which can be decoded to the
real remote username (the user registered in the active directory
service). This is done in a custom valve (which did not work for me),
but this valve should modify the request and substibute the negotiate
number, with the real username. The wiki says I should create a
context.xml file inside WEB-INF in my app with this content:

	<Valve className="org.jboss.web.tomcat.security.HttpServletRequestResponseValve"

But this valve seems to never be called (using jboss-4.0.5.GA), it
seems like this is not the right way to inject a valve. So what I
maybe should do instead is to create a tomcat authenticator in jboss.
I see that HttpServletRequestResponseValve inherit from
AuthenticatorBase anyway. Does this sound right to you?

I realize that I probably am in the wrong mailing list, because this
now seems to be more like a jboss/tomcat problem than a jcifs problem.
Sorry for that.

Kind regards,

More information about the jcifs mailing list