[jcifs] Windows login username required at server end

Fri Jun 6 04:41:16 GMT 2008

Hello AJ,

Thanks a lot for your timely responses.

Since I am a newbie please bear with my questions.

As I understand, there will be 3 Messages transferred during this
process to authenticate the user and I can break the chain wherever I
want so that the authentication does not proceed further. For this I
assume the application will popup a dialog box asking for username and
password.

But since I only need the username from the client machine, I don't want
such a popup box to appear. The username should be silently passed on
from the client machine to server without the user being provided with a
dialogue box.

I tried a sample application using JCIFS and it shows a popup. However I
observed that even when the popup appears, the following line is shown
on the jboss console -

10:09:09,796 ERROR [STDERR] NtlmHttpFilter: MYDOMAIN\abhijitk:
0xC0000022: j
cifs.smb.SmbAuthException: Access is denied.

This essentially means that before even showing the popup, JCIFS was
able to extract the username from client.

Could you please point me to how I can just get hold of this username?

Deeply appreciate your help!

Thanks,
Abhi

-----Original Message-----
From: aweber at comcast.net [mailto:aweber at comcast.net] 
Sent: Friday, June 06, 2008 12:06 AM
To: Yannick Lavanant; Abhijit Karpe
Cc: jcifs at lists.samba.org
Subject: Re: [jcifs] Windows login username required at server end

(Re-reading that email...if you need the username -- not the domain that
I was going on about -- you'll need to send the Type 2 message back to
the client and retrieve the Type 3 message, which contains the Username.
At that point, you can retrieve it from that helper-class and discard
the message; don't bother actually then sending it for authentication to
the domain controllers.)

Sorry for the confusion,
AJ

 -------------- Original message ----------------------
From: aweber at comcast.net
> Right, if you use the beginning-part of the filter, you'll want to
send the 
> browser the 401 with the Authenticate: NTLM (see actual code).  The 
> client/browers should send you back an NTLM "Type 1 Message".
> 
> There is a helper-class you can use to read the properties of that
message 
> returned from the client.  One is the Domain.  It _should_ be the
domain to 
> which the user is currently authenticated.
> 
> Again, this isn't highly secure, but given your requirements to NOT 
> re-authenticate the user (which, BTW would be transparent for IE
browsers, and 
> just add some security to the mix), it should be what you need.  If
you allow 
> the whole filter to continue, it'll do all three messages and attempt
to 
> authenticate the user against the PDC or BDC again.  If you cut-out
the code 
> after you receive the Type 1 message, you'll be left with access to
that 
> message's properties (including the Domain), and you can go on from
there how 
> ever your solution requires.
> 
> -AJ
> 
> 
>  -------------- Original message ----------------------
> From: Yannick Lavanant <yannick at smellyfrog.com>
> > Well, there is a class called jcifs.http.NTLMHttpFilter that you
should 
> > be able to extend. You could then override some methods to stop the 
> > authentication. Then of course, change you web.xml to use the new
filter 
> > class.
> > 
> > I'm not sure how doable that is, but your best bet is to read the
filter 
> > class and see what you can do with it.
> > 
> > There are a lot of message exchange going on between the client and
the 
> > server during the authentication. So if you manage to intercept that

> > process at the right time, you might be able to do what you want.
> > 
> > Regards
> > Yannick
> > 
> > Abhijit Karpe wrote:
> > > Hello Yannick,
> > >
> > > Thanks for your quick response.
> > >
> > > In my case domain authentication is immaterial so I would rather
avoid
> > > it. For me a user who is successfully logged in to the windows
machine
> > > (which is in a secured network) is secure enough to give him
access to
> > > my application. It is sort of an SSO support.
> > > Also I need to find the authorization information for the user
from my
> > > application database. For this purpose I need the username.
> > >
> > > It would be really helpful if anyone could point me to some
detailed
> > > documentation on how JCIFS internally works. In that case I would
either
> > > be able to extend the behavior to support my requirement or maybe
even
> > > write the code that would suffice.
> > >
> > > Thanks again for your response!
> > >
> > > ~
> > > Abhi
> > >
> > > -----Original Message-----
> > > From: Yannick Lavanant [mailto:yannick at smellyfrog.com] 
> > > Sent: Thursday, June 05, 2008 7:14 PM
> > > To: Abhijit Karpe
> > > Cc: jcifs at lists.samba.org
> > > Subject: Re: [jcifs] Windows login username required at server end
> > >
> > > Hi Abhi,
> > >
> > > I'm not a specialist, but as far as I understand, JCIFS performs a

> > > domain authentication.
> > >
> > > I remember using some native code that did what you are
describing.
> > > The advantage of JCIFS is that you are platform independant. As
soon as 
> > > you introduce native code, you get stuck with the operating
system.
> > >
> > > Is there any reason why you don't want to do a domain
authentication?
> > >
> > > Yannick
> > >
> > > Abhijit Karpe wrote:
> > >   
> > >> Hello,
> > >>
> > >>  
> > >>
> > >> I have a requirement wherein I need the windows login username in
my 
> > >> application on JBoss.
> > >>
> > >> I have been investigating using the JCIFS library but so far
whatever 
> > >> I do, JCIFS tries to authenticate the user with the domain
controller.
> > >>
> > >>  
> > >>
> > >> What I need is not authentication with the domain controller. I
just 
> > >> need access to the username with which the user has logged in to
the 
> > >> windows machine.
> > >>
> > >> My application assumes that if the user has successfully logged
in, he
> > >>     
> > >
> > >   
> > >> is a valid user.
> > >>
> > >>  
> > >>
> > >> Can JCIFS help me with my requirement?
> > >>
> > >>  
> > >>
> > >> If not, does anyone know how I may be able to achieve this? Any
help 
> > >> in this regard is highly appreciated.
> > >>
> > >>  
> > >>
> > >> Thanking everyone in advance,
> > >>
> > >> Abhi
> > >>
> > >>     
> > >
> > >
> > >   
> > 
> 