Hello, I'm new to the tomcat-dev mailing list. I've joined as a result of a project I've been working on; I suspect the work I've done may be useful to others.
My company's Intranet does much of its hosting on Wintel boxes running IIS with .asp technology. This doesn't suit me :) I prefer Java and circumstances permit me to run my system on a Sun box. I had used the Apache httpd server and added tomcat (I think it had another name back then) way back in its early days. After upgrading to faster hardware and moving all of my cgi code to servlet/jsp code, I ditched the httpd front end and now use tomcat exclusively. Many of the intranet sites that require authentication take advantage of the tight links shared by IIS and Internet Explorer (my company's "standard" browser) providing an almost transparent logon. I wanted this convenience for my users. The authentication used is a type of NTLM authentication that Windows uses for other things like file sharing. In this case it involves a conversation between the browser, web server, and back end domain controller. I required a solution that was only changing the web server part of the conversation. Check here for a good description http://www.innovation.ch/java/ntlm.html I noticed there was a mod_ntlm for the Apache httpd front end. As I said before, I had already moved away from using httpd, but for the sake of my users... Well anyway, I tried it and somehow couldn't get it to work. The only thing left to do was write something myself and that meant no need for httpd! A 100% Java solution is always best - I've had some trouble using JNI in the past. I wrote the code to perform the part of the conversation between the web server and browser, that wasn't so hard. Writing the other part between the web server and the domain controller (providing the REAL authentication) was going to be much harder. Fortunately I came across the work done by the JCIFS group. For anyone familiar with Samba, these guys are related. They're writing pure Java code that allows you to access an NT (or samba) server for file sharing. Their code already had everything in place, there's no way I could have written all the low level Netbios networking code. This, however, may be a stumbling block of sorts. Their code is written under the LGPL license and this may not be agreeable to Apache - someone else may know more. http://jcifs.samba.org So where to from here. Is anyone else using IE in an Intranet with back end domain controllers? Even if there aren't any tomcat-dev people using it, then could there be others in the wider tomcat world? I have a solution that is working for me and I might stop there if there's no further interest. If anyone else wants to be involved, I'd be happy to discuss the topic further. Remember I'm new to tomcat development even though I've been using it as an end user for several years. My code requires a fair bit of cleaning up by someone who knows the org.apache.catalina.authenticator.* code. The modifications I've made to the JCIFS code are minimal, but if this goes anywhere, it would be best if I talked to them and had my changes integrated though that's another story. Then if someone wanted to do NTLM authentication with tomcat, they would just have to put the jcifs jar file in $TOMCAT_HOME/server/lib and modify their web.xml to use <auth-method>NTLM</auth-method> Kind regards, Jason Pugsley -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
