[jcifs] Windows login username required at server end

aweber at comcast.net aweber at comcast.net
Thu Jun 5 18:31:19 GMT 2008 

Right, if you use the beginning-part of the filter, you'll want to send the browser the 401 with the Authenticate: NTLM (see actual code).  The client/browers should send you back an NTLM "Type 1 Message".

There is a helper-class you can use to read the properties of that message returned from the client.  One is the Domain.  It _should_ be the domain to which the user is currently authenticated.

Again, this isn't highly secure, but given your requirements to NOT re-authenticate the user (which, BTW would be transparent for IE browsers, and just add some security to the mix), it should be what you need.  If you allow the whole filter to continue, it'll do all three messages and attempt to authenticate the user against the PDC or BDC again.  If you cut-out the code after you receive the Type 1 message, you'll be left with access to that message's properties (including the Domain), and you can go on from there how ever your solution requires.

-AJ


 -------------- Original message ----------------------
From: Yannick Lavanant <yannick at smellyfrog.com>
> Well, there is a class called jcifs.http.NTLMHttpFilter that you should 
> be able to extend. You could then override some methods to stop the 
> authentication. Then of course, change you web.xml to use the new filter 
> class.
> 
> I'm not sure how doable that is, but your best bet is to read the filter 
> class and see what you can do with it.
> 
> There are a lot of message exchange going on between the client and the 
> server during the authentication. So if you manage to intercept that 
> process at the right time, you might be able to do what you want.
> 
> Regards
> Yannick
> 
> Abhijit Karpe wrote:
> > Hello Yannick,
> >
> > Thanks for your quick response.
> >
> > In my case domain authentication is immaterial so I would rather avoid
> > it. For me a user who is successfully logged in to the windows machine
> > (which is in a secured network) is secure enough to give him access to
> > my application. It is sort of an SSO support.
> > Also I need to find the authorization information for the user from my
> > application database. For this purpose I need the username.
> >
> > It would be really helpful if anyone could point me to some detailed
> > documentation on how JCIFS internally works. In that case I would either
> > be able to extend the behavior to support my requirement or maybe even
> > write the code that would suffice.
> >
> > Thanks again for your response!
> >
> > ~
> > Abhi
> >
> > -----Original Message-----
> > From: Yannick Lavanant [mailto:yannick at smellyfrog.com] 
> > Sent: Thursday, June 05, 2008 7:14 PM
> > To: Abhijit Karpe
> > Cc: jcifs at lists.samba.org
> > Subject: Re: [jcifs] Windows login username required at server end
> >
> > Hi Abhi,
> >
> > I'm not a specialist, but as far as I understand, JCIFS performs a 
> > domain authentication.
> >
> > I remember using some native code that did what you are describing.
> > The advantage of JCIFS is that you are platform independant. As soon as 
> > you introduce native code, you get stuck with the operating system.
> >
> > Is there any reason why you don't want to do a domain authentication?
> >
> > Yannick
> >
> > Abhijit Karpe wrote:
> >   
> >> Hello,
> >>
> >>  
> >>
> >> I have a requirement wherein I need the windows login username in my 
> >> application on JBoss.
> >>
> >> I have been investigating using the JCIFS library but so far whatever 
> >> I do, JCIFS tries to authenticate the user with the domain controller.
> >>
> >>  
> >>
> >> What I need is not authentication with the domain controller. I just 
> >> need access to the username with which the user has logged in to the 
> >> windows machine.
> >>
> >> My application assumes that if the user has successfully logged in, he
> >>     
> >
> >   
> >> is a valid user.
> >>
> >>  
> >>
> >> Can JCIFS help me with my requirement?
> >>
> >>  
> >>
> >> If not, does anyone know how I may be able to achieve this? Any help 
> >> in this regard is highly appreciated.
> >>
> >>  
> >>
> >> Thanking everyone in advance,
> >>
> >> Abhi
> >>
> >>     
> >
> >
> >   
>

More information about the jcifs mailing list