tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: Java applet NTLM authentication
Date Fri, 27 Feb 2009 16:09:58 GMT
André Warnier wrote:
[...]
As complementary information to my own question, I have already read the 
document located here :
http://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk/NTLM_SUPPORT.txt

However, that does not seem to fit the bill, in the sense that the 
method outlined there (using the jCIFS library) requires finally a call 
like this :

    httpclient.getCredentialsProvider().setCredentials(
         new AuthScope("myserver", -1),
         new NTCredentials("username", "password", "MYSERVER", "MYDOMAIN"));

which implies seemingly that I would have to present an authentication 
dialog to the user and ask them to enter their user-id and password, 
then submit these to the NTCredentials constructor.

This is marketing-wise impossible, since the user (via his IE browser) 
is already authenticated in his own Windows/NTLM domain, and furthermore 
he is so transparently.  It would thus be impossible for me to "sell" 
the idea that they need to re-enter their credentials just to use this 
facet of the application.
(I am also not quite sure how I would get the "DOMAIN" information from 
within my applet.)
(It is also quite impossible to sell to the security people, that I 
would, in my applet, be able to get hold of the user's password for 
their domain account).

What I would like is some method by which the Java applet can pick up 
this information from the browser it is running inside of, since that 
browser /is/ already authenticated.

If that is impossible, I am afraid that instead of using the Java applet 
to do both the local file selection and the POST submission to the 
server, I'll have to merely do the file selection, pass the list back to 
some javascript function back in the html page, and do the POST 
submission via an XMLHttpRequest at that level (supposing of course that 
this object, at least under IE, allows for NTLM authentication).


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message