the DirContext is abstract so you will need to construct either a file based directory context (FileDirContext) such as what you see http://tomcat.apache.org/tomcat-5.5-doc/catalina/docs/api/org/apache/naming/ resources/FileDirContext.html
or a ProxyDirContext such as what you see here http://tomcat.apache.org/tomcat-5.5-doc/catalina/docs/api/org/apache/naming/ resources/ProxyDirContext.html then pass in that constructed context to the authenticate method public java.security.Principal authenticate(javax.naming.directory.DirContext context, java.lang.String username, java.lang.String credentials) throws javax.naming.NamingException Return the Principal associated with the specified username and credentials, if there is one; otherwise return null. then you pass in the constructed Principal to hasRole method illustrated here public boolean hasRole(java.security.Principal principal, java.lang.String role) Return true if the specified Principal has the specified security role, within the context of this Realm; otherwise return false. This method can be overridden by Realm implementations, but the default is adequate when an instance of GenericPrincipal is used to represent authenticated Principals from this Realm. NAMES: You cannot change to any names unknown to your (NTLM) authentication algorithm http://tomcat.apache.org/tomcat-5.5-doc/catalina/docs/api/org/apache/catalin a/realm/RealmBase.html#authenticate(java.lang.String,%20java.lang.String) Martin ----- Original Message ----- From: "eborisow" <[EMAIL PROTECTED]> To: <users@tomcat.apache.org> Sent: Tuesday, January 22, 2008 8:43 PM Subject: Re: Question about Tomcat/IIS and NTLM authentication > > > Gabe Wong wrote: > > > > I believe as the user is already authenticated via IIS, the authenticate > > method is not called in this situation. > > So you may try overriding: > > protected Principal getPrincipal(String username) > > > Gabe,<br/><br/> > > Thanks for sticking with this. I did try getPrincipal as well and it > doesn't look like that is being called either. It seems that the only > method that is getting called is hasRole. I guess the question is how could > I manipulate the login name there? If I use getName on the Principal that > is passed in, it returns my NTLM login name. I can manipulate the name, but > then how could I appropriately call super.hasRoles since GenericPrincipal > requires a password.<br/><br/> > > Here is the code: > public boolean hasRole(Principal principal, String roleName) > { > System.out.println("Starting hasRole"); > System.out.println("Principal name: " + principal.getName()); > int slash = principal.getName().indexOf('\\'); > String newUser = slash > 0 ? principal.getName().substring(slash+1) : > principal.getName(); > System.out.println("New user is: " + newUser); > System.out.println("Checking for role name: " + roleName); > > // need to create a new Principal here, I think > boolean userHasRole = super.hasRole(newPrincipal, roleName); > System.out.println("User has role: " + userHasRole); > return userHasRole; > } > > Thanks, > Eric > -- > View this message in context: http://www.nabble.com/Question-about-Tomcat-IIS-and-NTLM-authentication-tp14 997483p15033183.html > Sent from the Tomcat - User mailing list archive at Nabble.com. > > > --------------------------------------------------------------------- > To start a new topic, e-mail: users@tomcat.apache.org > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
