|
Spring Security Framework | |||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
java.lang.Object org.springframework.security.ui.SpringSecurityFilter org.springframework.security.ui.ntlm.NtlmProcessingFilter
public class NtlmProcessingFilter
A clean-room implementation for Spring Security of an NTLM HTTP filter leveraging the JCIFS library.
NTLM is a Microsoft-developed protocol providing single sign-on capabilities to web applications and other integrated applications. It allows a web server to automatically discover the username of a browser client when that client is logged into a Windows domain and is using an NTLM-aware browser. A web application can then reuse the user's Windows credentials without having to ask for them again.
Because NTLM only provides the username of the Windows client, a Spring
Security NTLM deployment must have a UserDetailsService
that
provides a UserDetails
object with the empty string as the
password and whatever GrantedAuthority
values necessary to
pass the FilterSecurityInterceptor
.
The Spring Security bean configuration file must also place the
ExceptionTranslationFilter
before this filter in the
FilterChainProxy
definition.
Field Summary |
---|
Fields inherited from interface org.springframework.core.Ordered |
---|
HIGHEST_PRECEDENCE, LOWEST_PRECEDENCE |
Constructor Summary | |
---|---|
NtlmProcessingFilter()
|
Method Summary | |
---|---|
void |
afterPropertiesSet()
Ensures an AuthenticationManager and authentication failure
URL have been provided in the bean configuration file. |
protected void |
doFilterHttp(HttpServletRequest request,
HttpServletResponse response,
FilterChain chain)
|
int |
getOrder()
|
boolean |
isForceIdentification()
Returns true if NTLM authentication is forced. |
void |
setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource)
|
void |
setAuthenticationManager(AuthenticationManager authenticationManager)
Sets the AuthenticationManager to use. |
void |
setCachePolicy(String numSeconds)
Sets the jcifs.netbios.cachePolicy property to the
number of seconds a NetBIOS address is cached by JCIFS. |
void |
setDefaultDomain(String defaultDomain)
The NT domain against which clients should be authenticated. |
void |
setDomainController(String domainController)
The IP address of any SMB server that should be used to authenticate HTTP clients. |
void |
setForceIdentification(boolean forceIdentification)
Sets a flag denoting whether NTLM authentication should be forced. |
void |
setJcifsProperties(Properties props)
Loads properties starting with "jcifs" into the JCIFS configuration. |
void |
setLoadBalance(boolean loadBalance)
If the default domain is specified and the domain controller is not specified, then query for domain controllers by name. |
void |
setNetbiosWINS(String netbiosWINS)
Configures JCIFS to use a WINS server. |
void |
setRetryOnAuthFailure(boolean retryOnFailure)
Sets a flag denoting whether NTLM should retry whenever authentication fails. |
void |
setSmbClientPassword(String smbClientPassword)
Sets the SMB client password. |
void |
setSmbClientSSNLimit(String smbClientSSNLimit)
Sets the SMB client SSN limit. |
void |
setSmbClientUsername(String smbClientUsername)
Sets the SMB client username. |
void |
setSoTimeout(String timeout)
Sets the jcifs.smb.client.soTimeout property to the
timeout value specified in milliseconds. |
void |
setStripDomain(boolean stripDomain)
Configures NtlmProcessingFilter to strip the Windows
domain name from the username when set to true , which
is the default value. |
Methods inherited from class org.springframework.security.ui.SpringSecurityFilter |
---|
destroy, doFilter, init, toString |
Methods inherited from class java.lang.Object |
---|
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait |
Constructor Detail |
---|
public NtlmProcessingFilter()
Method Detail |
---|
public void afterPropertiesSet() throws Exception
AuthenticationManager
and authentication failure
URL have been provided in the bean configuration file.
afterPropertiesSet
in interface InitializingBean
Exception
public void setAuthenticationManager(AuthenticationManager authenticationManager)
AuthenticationManager
to use.
authenticationManager
- the AuthenticationManager
to use.public void setDefaultDomain(String defaultDomain)
defaultDomain
- The name of the default domain.public void setSmbClientUsername(String smbClientUsername)
smbClientUsername
- The SMB client username.public void setSmbClientPassword(String smbClientPassword)
smbClientPassword
- The SMB client password.public void setSmbClientSSNLimit(String smbClientSSNLimit)
1
, every
authentication is forced to use a separate transport. This effectively
ignores SMB signing requirements, however at the expense of reducing
scalability. Preauthentication with a domain, username, and password is
the preferred method for working with servers that require signatures.
smbClientSSNLimit
- The SMB client SSN limit.public void setNetbiosWINS(String netbiosWINS)
domainController
if there is a WINS server available.
netbiosWINS
- The WINS server JCIFS will use.public void setDomainController(String domainController)
domainController
- The IP address of the domain controller.public void setLoadBalance(boolean loadBalance)
true
, rotate through the list of domain
controllers when authenticating users.
loadBalance
- The load balance flag value.public void setStripDomain(boolean stripDomain)
NtlmProcessingFilter
to strip the Windows
domain name from the username when set to true
, which
is the default value.
stripDomain
- The strip domain flag value.public void setSoTimeout(String timeout)
jcifs.smb.client.soTimeout
property to the
timeout value specified in milliseconds. Defaults to 5 minutes
if not specified.
timeout
- The milliseconds timeout value.public void setCachePolicy(String numSeconds)
jcifs.netbios.cachePolicy
property to the
number of seconds a NetBIOS address is cached by JCIFS. Defaults to
20 minutes if not specified.
numSeconds
- The number of seconds a NetBIOS address is cached.public void setJcifsProperties(Properties props)
props
- The JCIFS properties to set.public boolean isForceIdentification()
true
if NTLM authentication is forced.
true
if NTLM authentication is forced.public void setForceIdentification(boolean forceIdentification)
forceIdentification
- the force identification flag value to set.public void setRetryOnAuthFailure(boolean retryOnFailure)
AuthenticationCredentialsNotFoundException
or InsufficientAuthenticationException
is thrown.
retryOnFailure
- the retry on failure flag value to set.public void setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource)
protected void doFilterHttp(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws IOException, ServletException
doFilterHttp
in class SpringSecurityFilter
IOException
ServletException
public int getOrder()
getOrder
in interface Ordered
|
Spring Security Framework | |||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |