Can we do network authentication in JSP. For example, while accessing a webpage it should pop-up a standard NT authentication dialog. If we can do the authentication, which application server supports this? Thanks, Mani
A couple things come to my mind. First, do you want integration with web container security? In that case, you'll have to rely on container-provided authentication methods, or external authentication code with some glue logic that you write to integrate it with the container-specific security API. Second, if your browser is Internet Explorer and the clients are all logged in on the network, then you can use NTLM to authenticate the clients transparently. If your container doesn't support this out of the box, have a look at jCIFS. It is not just an SMB library, but also contains NTLM goodies including an NTLM HTTP Authentication servlet Filter for authenticating MSIE clients. Third, if you want a pop-up window to log on (using container security or not) and authenticate the user that way, consider JAAS with the Windows NT authentication module. You can probably also use jCIFS, but JAAS is the standard and an integral part of JDK 1.4 (for earlier versions you can download it as an add-on). Whatever you do, beware of using basic HTTP authentication over anything other than a HTTPS connection. You won't want your NT credentials to go over the network in plaintext, I suspect. Does that help? - Peter
Thanks Peter, My case is the second one, where the users log into network and access the site. The browser is also Internet Explorer. Do I need to go for JAAS in that case? Can you explain how the NTLM authentication is done in case of IE-NT combination. Thanks, Mani
Originally posted by Mani Balasubramani: My case is the second one, where the users log into network and access the site. The browser is also Internet Explorer. Do I need to go for JAAS in that case?
No, JAAS is probably not your best bet; rather, check out the jCIFS NTLM authentication filter. NTLM is a proprietary Microsoft challenge-response protocol allowing the server to verify the client's credentials against a Windows authentication server. It is reasonably secure and completely transparent to the user -- i.e. the user doesn't get a login prompt, the server simply "knows" who the user is logged in as. Sounds like the way to go in your case. - Peter
Hi peter, I am trying implementing ntlm authentication for my application. I know jcifs can do the work. (I am using tomcat as webserver I am trying to configure as realm. Can any one help me how to configure jcifs as realm? I gone through the jcifs website I couldn�t find proper answer. Thanks in advance. Hima
Our application resides in Weblogic 6.1 runnning on Solaris machine, whereas the clients(IE) are on Windows2000. My objective is to get the user's windows login id in the server side, and then authenticate him across our LDAP server. Will jCIFS help doing this? It would be great if someone could throw some light on this issue. Any sort of help is appreciated.
You showed up just in time for the waffles! And this tiny ad:
Building a Better World in your Backyard by Paul Wheaton and Shawn Klassen-Koop