Matt RaibleMatt Raible is a Web Developer and Java Champion. Connect with him on LinkedIn.

The Angular Mini-Book The Angular Mini-Book is a guide to getting started with Angular. You'll learn how to develop a bare-bones application, test it, and deploy it. Then you'll move on to adding Bootstrap, Angular Material, continuous integration, and authentication.

Spring Boot is a popular framework for building REST APIs. You'll learn how to integrate Angular with Spring Boot and use security best practices like HTTPS and a content security policy.

For book updates, follow @angular_book on Twitter.

The JHipster Mini-Book The JHipster Mini-Book is a guide to getting started with hip technologies today: Angular, Bootstrap, and Spring Boot. All of these frameworks are wrapped up in an easy-to-use project called JHipster.

This book shows you how to build an app with JHipster, and guides you through the plethora of tools, techniques and options you can use. Furthermore, it explains the UI and API building blocks so you understand the underpinnings of your great application.

For book updates, follow @jhipster-book on Twitter.

10+ YEARS


Over 10 years ago, I wrote my first blog post. Since then, I've authored books, had kids, traveled the world, found Trish and blogged about it all.

RECENT ENTRIES


Tag Cloud


abbie appfuse birthday denver family grails gwt jack java javascript jhipster jsf linkedin maven roller skiing softwaresummit spring springmvc struts2 travel trish vacation webframeworks wicket
« Using JasperReports... | Main | Maven Console and... »
Thursday January 20, 2005

JCIFS and jWebUnit

On my current project, we're using JCIFS to integrate our application authentication process with NT Domain logins. While I found it quite easy to integrate, the one issue I found is I couldn't replicate the login process in a jWebUnit test. I tried setting the WWW-Authentication header to NTLM, but couldn't get it to work. The solution I ended up using is to subclass the NtlmHttpFilter and disable authentication when the User-Agent is "httpunit".

public class LoginFilter extends NtlmHttpFilter {

  public void doFilter(ServletRequest req, ServletResponse res,
                         FilterChain chain)
    throws IOException, ServletException {
        HttpServletRequest request = (HttpServletRequestreq;
        String userAgent = request.getHeader("user-agent");

        // prompt for login, except when jWebUnit is used
        if (userAgent == null || !userAgent.startsWith("httpunit")) {
            super.doFilter(req, res, chain);
            return;
        }

        chain.doFilter(req, res);
    }
}

Hopefully this is useful for others. If you've managed to get regular jWebUnit authentication working with NTLM, I'm all ears.

Posted in Java at Jan 20 2005, 09:34:41 AM MST 16 Comments
Comments:

Doesn't this cause a security hole or am I missing something?

Posted by 130.234.179.86 on January 20, 2005 at 05:13 PM MST #

Yes, but in my situation, you'd have to get through the corporate firewall, figure out the URL, fake the user-agent, etc. to "hack" the system. Like I said, I'd rather do a "real" login with NTLM and jWebUnit, but I couldn't get it working. Another option would be to parse/comment out the filter-mapping in web.xml, but this seemed easier.

Posted by Matt Raible on January 20, 2005 at 05:22 PM MST #

I understand where you're coming from Matt, but it does sound a little silly to diable the security of an application so a test can run. Wouldn't it be better to fix jwebunit instead? I've never used it, but it would seem to be a bug in jwebunit to not allow NTLM authentication.

Posted by Ben C on January 21, 2005 at 03:08 PM MST #

A somewhat cumbersome option to deal with the security issue would be to set a system property that indicates whether it's a test deployment of the app. Then, only when that property is set will the filter do the httpunit uagent check, but not in production.

Posted by Todd Huss on January 21, 2005 at 06:07 PM MST #

Instead of using JCIFS directly, a much better way is to use Jakarta-Commons-VFS: http://jakarta.apache.org/commons/sandbox/vfs. It has support for JCIFS too, as a "virtual file system". It can support a lot of file types : http://jakarta.apache.org/commons/sandbox/vfs/filesystems.html, and all of them in the same manner, with the same API.

Posted by Ahmed Mohombe on January 25, 2005 at 09:47 AM MST #

Matt, <p/> If jWebUnit uses the URL class to manage URLs, install the NTLM HTTP client wrapper as described here: <p/> http://jcifs.samba.org/src/docs/httpclient.html <p/> Mike

Posted by Mike on January 28, 2005 at 09:16 AM MST #

Hi, I'm currently running a web site with JCIFS and its running correclty. But I want some users that are not on the domain (contractor) to connect on the web site by a login page where they will enter user / pwd stored in a database. I just want to know if it can be done and what do I have to do. Thanks

Posted by Jonathan Dubois on March 07, 2005 at 05:45 PM MST #

Jonathan,

I don't think this is possible with JCIFS. It might be possible with Acegi Security. You can chain authentication providers, and you could have a JAAS one that talks to NT and then another one that talks to a database.

Posted by Matt Raible on March 07, 2005 at 06:17 PM MST #

Thank you, I'll check what I can do.

Posted by Jonathan Dubois on March 07, 2005 at 06:28 PM MST #

Hi, Is it possible with jCIFS to get the user-groups? Can someone direct me to the appropriate way. Regards aks

Posted by Vicky on March 31, 2005 at 07:35 AM MST #

Vicky - you should be able to do request.isUserInRole(NT_GROUP_NAME). Have you tried that? I'm not much of an expert on JCIFS - you might want to search (or join) their mailing list.

Posted by Matt Raible on April 03, 2005 at 08:56 PM MDT #

Hi, I am using appfuse 1.7. Is it possible to "integrate application authentication process with NT Domain logins" with acegi? Do I have to integrate JCIFS then? Seems that this kind of integration is not possible with the "proxy system" solution CAS which is supported by acegi security.

Posted by Rene Guenther on August 08, 2005 at 12:00 PM MDT #

I was wrong: of course I am using appfuse 1.8.

Posted by Rene Guenther on August 08, 2005 at 12:13 PM MDT #

Rene - it looks like the Acegi Developers are planning on NT Domain authentication support as part of version 1.0. I found this by searching the Spring Forums.

Posted by Matt Raible on August 08, 2005 at 03:50 PM MDT #

Thanks Matt. I think, I really can wait for 1.0.

Posted by Rene Guenther on August 09, 2005 at 05:19 PM MDT #

Dear All,

I am having problem setting up the session replication for JCIFS on JBoss Clustering.

Here is my environment:

Web Server: 1 X Apache 2.2.8 (mod_jk 1.2.26 for load balancing) on SUN Sparc T2000 Solaris 10 Application Server: 2 X JBoss 4.2.2 GA (Clustering) on SUN Sparc T2000 Solaris 10 JCIFS: 1.2.18

The error I have is that JCIFS.UniAddress is not Serializable and not able to replicate the session for it.

I have read some of articles on-line and it all mentioned about not able to get the load-balance/clustering to work properly on JCIFS.

Is there any way to make it work?

Posted by Eric on March 25, 2008 at 02:58 PM MDT #

Post a Comment:
  • HTML Syntax: Allowed