This week's book giveaway is in the Servlets forum.
We're giving away four copies of Murach's Java Servlets and JSP and have Joel Murach on-line!
See this thread for details.
The moose likes Servlets and the fly likes Authentication woes Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of Murach's Java Servlets and JSP this week in the Servlets forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "Authentication woes" Watch "Authentication woes" New topic

Authentication woes

Geoff Tate
Ranch Hand

Joined: Feb 06, 2001
Posts: 55
using jsp/servlet apps on IIS (intranet) we want to be able to capture the currently logged in NT user (NTLM). getRemoteUser() as we all know does not support this. We tried redirecting from a JSP to an ASP that grabs the ServerVariables("LOGON_USER"), drops it in a cookie and redirects back to the JSP. Problem was that the ASP was causing the sessions (this with JRun) to be returned incorrectly, i.e. the clients were getting the wrong session allowing them to see each others data. I also wrote a bean to do a socket connection to the ASP, but an authentication error occurs because there is no way to respond to the NTLM request the ASP requires. We are not fully integrated with AD so LDAP is not a real option at this point. The goal is not to require the users to enter a new set of credentials to get to the apps. Any ideas out there?

<BLOCKQUOTE><font size="1" face="Verdana, Arial">quote:</font><HR> fantastic, a towel? <HR></BLOCKQUOTE>
Adam Hardy
Ranch Hand

Joined: Oct 09, 2001
Posts: 565
why don't you have the users get to the app thro an ASP page to start with? Sort out the LOGON_USER in the ASP and without any session info to worry about, redirect from there to the JSP.

I have seen things you people would not believe, attack ships on fire off the shoulder of Orion, c-beams sparkling in the dark near the Tennhauser Gate. All these moments will be lost in time, like tears in the rain.
Geoff Tate
Ranch Hand

Joined: Feb 06, 2001
Posts: 55
Thats what I was thinking but thats a lot of duplication to have an asp for each app that does the same thing. Incidently, sessions are getting mangled without the redirect. Something is up with JRun - I have found people reporting the same problem on the forum. scary.
I agree. Here's the link:
subject: Authentication woes
Similar Threads
Ntlm authentication
Network Authentication
NTLM proxy authentication for HTTP
How to implement NT authentication using Java
Page not found issue with 8.1 SP5