In a Windows-centric environment, you may wish to use NTLM authentication rather than a login dialog box. Each user will be "pre-authenticated" and identified based on their workstation login.

This works for IE and for Firefox, but Firefox users must manually turn on NTLM support.

To use NTLM you just need to change JspWiki's web.xml to specify its at least a version 2.3 servlet (Tomcat 4+) and then add a servlet filter to set the response's remote user.

Its easy to do that, just change the second line of web.xml from the 2.2 DTD to 2.3

<!DOCTYPE web-app
     PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.3//EN"
    "http://java.sun.com/dtd/web-app_2_3.dtd">

Obviously this will only work if your servlet container supports 2.3 or above, such as Tomcat 4 or above.

Then add the filter specification before the first <servlet> tag. Order matters to Tomcat.

<filter>
    <filter-name>NtlmHttpFilter</filter-name>
    <filter-class>jcifs.http.NtlmHttpFilter</filter-class>

    <init-param>
        <param-name>jcifs.smb.client.domain</param-name>
        <param-value>YOURDOMAINNAME</param-value>
    </init-param> 

    <init-param>
        <param-name>jcifs.netbios.wins</param-name>
        <param-value>1.2.3.4</param-value>
    </init-param>
</filter>

<filter-mapping>
    <filter-name>NtlmHttpFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

In the above, replace YOURDOMAINNAME with your NTLM domain name and replace 1.2.3.4 with the ip address of your WINS server. Use ipconfig /all to find out the ip numbers of your WINS server.

And of course, you need to add the JCIFS jar file to WEB-INF/lib.

For more information on how this works, see the JCIFS site.

rpalvesky


Anyone had any luck using this in JSPWiki v2.4+? This worked exactly as advertised in v2.2, however I'm having a little bit of an issue getting this to work with the new v2.4 security options (in jspwiki.properties, jspwiki.policy, jspwiki.jaas, web.xml, etc.) Now, it's "authenticating" all the time, without querying WINS at all. Rather, the user is authenticated as the default user w/ just their IP address as the username. I'm sure I just have to turn something "off" that was added in v2.4 to get this to work again....

--msn, 17-Jul-2006

RegisDecamps 24-07-07
I Have a fresh installation, but it works pretty well for me on JSPWiki 2.4.102, except No InterWiki reference defined in properties for Wiki called "Bug"!

Q: Is there a possibility to use the NTLM Authentication with jspwiki 2.4.82 ?

--AnonymousCoward, 20-Dec-2006


jcifs does not work in Vista/W7 environment, jcifs' pages recommend jespa, which requires computer account in AD

--AnonymousCoward, 21-sep-2010 16:57

Add new attachment

Only authorized users are allowed to upload new attachments.

List of attachments

Kind Attachment Name Size Version Date Modified Author Change note
doc
NikitaResume.doc 57.9 kB 1 17-Feb-2012 09:09 182.72.46.34
pdf
tahir.pdf 53.2 kB 1 17-Feb-2012 09:08 182.72.46.34
« This page (revision-10) was last changed on 21-Sep-2010 16:57 by AnonymousCoward