RE: Problem with JCIFS NTLM Authentication for HTTP Connections

Hi Mike,

Sorry, the wording I used may be unclear. We have a web application,
which can be accessed 

1) By web browser or
2) By a Java application via servlet.

I'm looking a way to authenticate users from both. The only way I found
is to use the login page to ask WebLogic server to authenticate the user
and to add appropriate roles, groups to that user by using my own
authentication provider. Actually, this authenticator does not need to
verify user login and password, as this already done by jCIFS filter as
soon as user accessing the login page. 

Using web browser, user has to click on the login button in the login
page, but they don't need to enter login and password.
>From Java application, users has to enter their NT login and password,
which then be sent to /j_security_check.

1) Is it the right approach?
2) Is it safe what I try to do?

I think there must be a more elegant solution for that, but I couldn't
find it.

Jason, you told you are able to ask WebLogic to authenticate user with
jCIFS. How did you do that?

Thanks a lot for all your feedback
Cheers 
My Chi

 

-----Original Message-----
From: Jason Bainbridge [mailto:jbainbridge@xxxxxxxxx] 
Sent: Montag, 17. Januar 2005 22:18
To: Michael B Allen
Cc: Doan, Thi-My-Chi; jcifs@xxxxxxxxxxxxxxx
Subject: Re: [jcifs] Problem with JCIFS NTLM Authentication for HTTP
Connections


On Mon, 17 Jan 2005 15:17:08 -0500, Michael B Allen <mba2000@xxxxxxxxxx>
wrote:
> On Mon, 17 Jan 2005 14:34:18 +0100
> "Doan, Thi-My-Chi" <thi-my-chi.doan@xxxxxx> wrote:
> 
> > > If it's a "standalone Java application" why not just use
> > SmbSession.logon
> > > directly?
> >
> > I can authenticate user by using SmbSession.logon, but I don't know 
> > how to tell WebLogic Server that the user is already authenticated 
> > and WebLogic needs only to assign user's principal and check whether

> > the user is authorized to access the servlet.
> 
> If it's a servlet running in a container than it's not a "standalone 
> Java application".
> 
> You're going to need to be a lot clearer about your problem.

I think what they are trying to do is use the web application from a
client written in Java as opposed to accessing it via a web browser and
integrating WebLogic realm based security with the NTLM authentication
filter.

Shouldn't realm based security work just by using the filter? You
shouldn't need a seaprate login form or anything like that unless I am
missing something, which is entirely possible as I don't use realm based
security.

Cheers,
-- 
Jason Bainbridge
KDE - Conquer Your Desktop - http://kde.org
KDE Web Team - webmaster@kde