2 Replies Latest reply on Aug 8, 2005 4:53 AM by Sebastian Reimann

    Combining Servlet Filter and Login Module

    Thomas Knoblauch Newbie

      For my webapp I am trying to combine the NtlmHttpFilter (http://jcifs.samba.org) with JBoss' LdapLoginModule.

      I managed to get the LoginModule to work. The drawback is that I always have to enter my windows login name and password when accessing the web page for the first time.

      I also managed to get the NtlmHttpFilter to work (in another webapp). I configured the filter in the web.xml and it works really fine - meaning I don't have to enter my username and password and my jsp page displays the correct username. The drawback here is that I haven't found a way so far to create the Principal for the user (including roles) and supply that to JBoss security.

      But what I want to achieve is the following:

      1. go to the web page
      2. the servlet filter uses NTLM (or SPNEGO) and tries to do real (Windows-)SSO.
      3. if the servlet filter is successful it fills the principal object and hands it over to jboss
      4. in case Windows-SSO doesn't work (ex. I am using Mozilla on Unix) the LoginModule jumps in and asks me for my username and password

      I know that there is an option for the NtlmHttpFilter to do basic authentication but I don't want to use that since the LdapLoginModule works really good and because I already extended this module to add some more specific roles and do some more validating.

      As I found out from reading other posts around here it seems like servlet filters are called after the LoginModules. So what can I do do combine both ways of authentication?

      Thanks for any hints on how I can achieve this.