[jcifs] WEB credentials to open a local file, can JCIFS do this?

Michael B Allen ioplex at gmail.com
Tue Aug 26 16:57:04 GMT 2008

On Tue, Aug 26, 2008 at 12:14 PM, Newell, Gary <gary.newell at intel.com> wrote:
> Hi -
> I'm curious if JCIFS could accomplish the following sequence of tasks:
>    - JCIFS is setup with a valid, but privilege less domain account (already
> done)
>    - a user accesses my WEB page and is authenticated by JCIFS (works now)
>    - using the user's WEB credentials, attempt to open local files and using
> ACL's then determine which datasets can be viewed (help!)
> note1:  this is jsp/servlet application using Tomcat on a windows server.
> note2:  I do not have access direct to the domain server and I can not use
> it for the dataset level (the file ACL level) authentication
> note3:  I do not want the user to enter passwords on the WEB page
> I'm having difficulty using the authenticated user's WEB credentials to open
> a local file.  The attempts have resulted in either GUEST or the default
> jcifs account being used.

Hi Gary,

I assume you're talking about the NTLM HTTP Filter. If that is the
case, the answer is basically "no". The NtlmPasswordAuthentication
object used during Filter authentication is accessible from the
session but it would only be valid with the server that provided the
challenge used to compute the password hashes which in this case would
be the "domain controller" the Filter is using. Meaning if you want to
access files on the domain controller it would work but otherwise it
would not because the password hashes would not be correct.

There is a Servlet in the JCIFS package called NetworkExplorer that
can browse the network using the user's credentials. That could access
a resource on an arbitrary share (local or otherwise). But it cannot
be used in conjunction with the NTLM HTTP Filter (although it is
effectively an authentication filter in itself).


Michael B Allen
PHP Active Directory SPNEGO SSO

More information about the jcifs mailing list