[jcifs] Windows login username required at server end

aweber at comcast.net aweber at comcast.net
Thu Jun 5 18:36:17 GMT 2008


(Re-reading that email...if you need the username -- not the domain that I was going on about -- you'll need to send the Type 2 message back to the client and retrieve the Type 3 message, which contains the Username.  At that point, you can retrieve it from that helper-class and discard the message; don't bother actually then sending it for authentication to the domain controllers.)

Sorry for the confusion,
AJ

 -------------- Original message ----------------------
From: aweber at comcast.net
> Right, if you use the beginning-part of the filter, you'll want to send the 
> browser the 401 with the Authenticate: NTLM (see actual code).  The 
> client/browers should send you back an NTLM "Type 1 Message".
> 
> There is a helper-class you can use to read the properties of that message 
> returned from the client.  One is the Domain.  It _should_ be the domain to 
> which the user is currently authenticated.
> 
> Again, this isn't highly secure, but given your requirements to NOT 
> re-authenticate the user (which, BTW would be transparent for IE browsers, and 
> just add some security to the mix), it should be what you need.  If you allow 
> the whole filter to continue, it'll do all three messages and attempt to 
> authenticate the user against the PDC or BDC again.  If you cut-out the code 
> after you receive the Type 1 message, you'll be left with access to that 
> message's properties (including the Domain), and you can go on from there how 
> ever your solution requires.
> 
> -AJ
> 
> 
>  -------------- Original message ----------------------
> From: Yannick Lavanant <yannick at smellyfrog.com>
> > Well, there is a class called jcifs.http.NTLMHttpFilter that you should 
> > be able to extend. You could then override some methods to stop the 
> > authentication. Then of course, change you web.xml to use the new filter 
> > class.
> > 
> > I'm not sure how doable that is, but your best bet is to read the filter 
> > class and see what you can do with it.
> > 
> > There are a lot of message exchange going on between the client and the 
> > server during the authentication. So if you manage to intercept that 
> > process at the right time, you might be able to do what you want.
> > 
> > Regards
> > Yannick
> > 
> > Abhijit Karpe wrote:
> > > Hello Yannick,
> > >
> > > Thanks for your quick response.
> > >
> > > In my case domain authentication is immaterial so I would rather avoid
> > > it. For me a user who is successfully logged in to the windows machine
> > > (which is in a secured network) is secure enough to give him access to
> > > my application. It is sort of an SSO support.
> > > Also I need to find the authorization information for the user from my
> > > application database. For this purpose I need the username.
> > >
> > > It would be really helpful if anyone could point me to some detailed
> > > documentation on how JCIFS internally works. In that case I would either
> > > be able to extend the behavior to support my requirement or maybe even
> > > write the code that would suffice.
> > >
> > > Thanks again for your response!
> > >
> > > ~
> > > Abhi
> > >
> > > -----Original Message-----
> > > From: Yannick Lavanant [mailto:yannick at smellyfrog.com] 
> > > Sent: Thursday, June 05, 2008 7:14 PM
> > > To: Abhijit Karpe
> > > Cc: jcifs at lists.samba.org
> > > Subject: Re: [jcifs] Windows login username required at server end
> > >
> > > Hi Abhi,
> > >
> > > I'm not a specialist, but as far as I understand, JCIFS performs a 
> > > domain authentication.
> > >
> > > I remember using some native code that did what you are describing.
> > > The advantage of JCIFS is that you are platform independant. As soon as 
> > > you introduce native code, you get stuck with the operating system.
> > >
> > > Is there any reason why you don't want to do a domain authentication?
> > >
> > > Yannick
> > >
> > > Abhijit Karpe wrote:
> > >   
> > >> Hello,
> > >>
> > >>  
> > >>
> > >> I have a requirement wherein I need the windows login username in my 
> > >> application on JBoss.
> > >>
> > >> I have been investigating using the JCIFS library but so far whatever 
> > >> I do, JCIFS tries to authenticate the user with the domain controller.
> > >>
> > >>  
> > >>
> > >> What I need is not authentication with the domain controller. I just 
> > >> need access to the username with which the user has logged in to the 
> > >> windows machine.
> > >>
> > >> My application assumes that if the user has successfully logged in, he
> > >>     
> > >
> > >   
> > >> is a valid user.
> > >>
> > >>  
> > >>
> > >> Can JCIFS help me with my requirement?
> > >>
> > >>  
> > >>
> > >> If not, does anyone know how I may be able to achieve this? Any help 
> > >> in this regard is highly appreciated.
> > >>
> > >>  
> > >>
> > >> Thanking everyone in advance,
> > >>
> > >> Abhi
> > >>
> > >>     
> > >
> > >
> > >   
> > 
> 



More information about the jcifs mailing list