File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Servlets and the fly likes Authentication woes Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Authentication woes" Watch "Authentication woes" New topic

Authentication woes

Geoff Tate
Ranch Hand

Joined: Feb 06, 2001
Posts: 55
using jsp/servlet apps on IIS (intranet) we want to be able to capture the currently logged in NT user (NTLM). getRemoteUser() as we all know does not support this. We tried redirecting from a JSP to an ASP that grabs the ServerVariables("LOGON_USER"), drops it in a cookie and redirects back to the JSP. Problem was that the ASP was causing the sessions (this with JRun) to be returned incorrectly, i.e. the clients were getting the wrong session allowing them to see each others data. I also wrote a bean to do a socket connection to the ASP, but an authentication error occurs because there is no way to respond to the NTLM request the ASP requires. We are not fully integrated with AD so LDAP is not a real option at this point. The goal is not to require the users to enter a new set of credentials to get to the apps. Any ideas out there?

<BLOCKQUOTE><font size="1" face="Verdana, Arial">quote:</font><HR> fantastic, a towel? <HR></BLOCKQUOTE>
Adam Hardy
Ranch Hand

Joined: Oct 09, 2001
Posts: 567
why don't you have the users get to the app thro an ASP page to start with? Sort out the LOGON_USER in the ASP and without any session info to worry about, redirect from there to the JSP.

I have seen things you people would not believe, attack ships on fire off the shoulder of Orion, c-beams sparkling in the dark near the Tennhauser Gate. All these moments will be lost in time, like tears in the rain.
Geoff Tate
Ranch Hand

Joined: Feb 06, 2001
Posts: 55
Thats what I was thinking but thats a lot of duplication to have an asp for each app that does the same thing. Incidently, sessions are getting mangled without the redirect. Something is up with JRun - I have found people reporting the same problem on the forum. scary.
I agree. Here's the link:
subject: Authentication woes
jQuery in Action, 3rd edition