[jcifs] NTLMHttpFilter for multiple Domains?
aweber at comcast.net
Tue May 13 16:43:30 GMT 2008
Yes. I got something working...I'm "beta testing" it right now.
I have a "known issue" with the interaction with one of our J2EE webapps that I'm trying to figure-out. For whatever reason, it seems like the new filter is clobbering some of the existing HTTP Session's context. I can't see how, and have started to work on debugging it.
Otherwise, it successfully authenticates users against any number of configured allowed domains (and correctly rejects incorrect authentication attempts, or attempts against non-configured domains).
The other "known limitation" is that if the user's workstation/session is NOT currently logged-into any NT Domain, IE falls-back to prompting the user for credentials. In this case, the order in which the NTLM Messages go back-and-forth plays a hurdle, and the current code will only authenticate those users against the "default domain" (that which is configured using the standard jcifs... properties in the web.xml for the filter).
Also, I have only tested this with IE 6.0, 6.5 and 7.0. I have not tested Firefox, etc.
I was planning on releasing the code back to the JCIFS project once I had figured-out this one problem, but I haven't had a lot of luck getting any response at all from them.
----- Original Message -----
From: Jose Luis Martinez Avial
To: AJ Weber ; jcifs at lists.samba.org
Sent: Tuesday, May 13, 2008 11:12 AM
Subject: RE: [jcifs] NTLMHttpFilter for multiple Domains?
Did you get something on this? I'm looking to do the same thing.
From: jcifs-bounces+jlmartinez=bpi-gruposantander.com at lists.samba.org [mailto:jcifs-bounces+jlmartinez=bpi-gruposantander.com at lists.samba.org] On Behalf Of AJ Weber
Sent: Wednesday, April 23, 2008 11:44 AM
To: jcifs at lists.samba.org
Subject: [jcifs] NTLMHttpFilter for multiple Domains?
Has anyone extended the NTLMHttpFilter to support multiple "allowed" domains?
I may have a situation where multiple domains are allowed for authentication to a site, and they don't have an appropriate Trust Relationship setup.
I think I could extend it to support this myself, but didn't want to "reinvent the wheel" if someone else already had done it and can share.
Thanks in advance,
Internet communications are not secure and therefore Banco
Santander International does not accept legal responsibility for
the contents of this message. Any views or opinions presented are
solely those of the author and do not necessarily represent those
of Banco Santander International unless otherwise specifically
Las comunicaciones via Internet no son seguras y por lo tanto
Banco Santander International no asume responsabilidad legal ni
de ningun otro tipo por el contenido de este mensaje. Cualquier
opinion transmitida pertenece unicamente al autor y no
necesariamente representa la opinion del Banco Santander
International a no ser que este expresamente detallado.
-------------- next part --------------
HTML attachment scrubbed and removed
More information about the jcifs