public class NtlmProcessingFilter extends SpringSecurityFilter implements org.springframework.beans.factory.InitializingBean
NTLM is a Microsoft-developed protocol providing single sign-on capabilities to web applications and other integrated applications. It allows a web server to automatically discover the username of a browser client when that client is logged into a Windows domain and is using an NTLM-aware browser. A web application can then reuse the user's Windows credentials without having to ask for them again.
Because NTLM only provides the username of the Windows client, a Spring
Security NTLM deployment must have a UserDetailsService
that
provides a UserDetails
object with the empty string as the
password and whatever GrantedAuthority
values necessary to
pass the FilterSecurityInterceptor
.
The Spring Security bean configuration file must also place the
ExceptionTranslationFilter
before this filter in the
FilterChainProxy
definition.
Constructor and Description |
---|
NtlmProcessingFilter() |
Modifier and Type | Method and Description |
---|---|
void |
afterPropertiesSet()
Ensures an
AuthenticationManager and authentication failure
URL have been provided in the bean configuration file. |
protected void |
doFilterHttp(javax.servlet.http.HttpServletRequest request,
javax.servlet.http.HttpServletResponse response,
javax.servlet.FilterChain chain) |
int |
getOrder() |
boolean |
isForceIdentification()
Returns
true if NTLM authentication is forced. |
void |
setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource) |
void |
setAuthenticationManager(AuthenticationManager authenticationManager)
Sets the
AuthenticationManager to use. |
void |
setCachePolicy(java.lang.String numSeconds)
Sets the
jcifs.netbios.cachePolicy property to the
number of seconds a NetBIOS address is cached by JCIFS. |
void |
setDefaultDomain(java.lang.String defaultDomain)
The NT domain against which clients should be authenticated.
|
void |
setDomainController(java.lang.String domainController)
The IP address of any SMB server that should be used to authenticate
HTTP clients.
|
void |
setForceIdentification(boolean forceIdentification)
Sets a flag denoting whether NTLM authentication should be forced.
|
void |
setJcifsProperties(java.util.Properties props)
Loads properties starting with "jcifs" into the JCIFS configuration.
|
void |
setLoadBalance(boolean loadBalance)
If the default domain is specified and the domain controller is not
specified, then query for domain controllers by name.
|
void |
setNetbiosWINS(java.lang.String netbiosWINS)
Configures JCIFS to use a WINS server.
|
void |
setRetryOnAuthFailure(boolean retryOnFailure)
Sets a flag denoting whether NTLM should retry whenever authentication
fails.
|
void |
setSmbClientPassword(java.lang.String smbClientPassword)
Sets the SMB client password.
|
void |
setSmbClientSSNLimit(java.lang.String smbClientSSNLimit)
Sets the SMB client SSN limit.
|
void |
setSmbClientUsername(java.lang.String smbClientUsername)
Sets the SMB client username.
|
void |
setSoTimeout(java.lang.String timeout)
Sets the
jcifs.smb.client.soTimeout property to the
timeout value specified in milliseconds. |
void |
setStripDomain(boolean stripDomain)
Configures
NtlmProcessingFilter to strip the Windows
domain name from the username when set to true , which
is the default value. |
destroy, doFilter, init, toString
public void afterPropertiesSet() throws java.lang.Exception
AuthenticationManager
and authentication failure
URL have been provided in the bean configuration file.afterPropertiesSet
in interface org.springframework.beans.factory.InitializingBean
java.lang.Exception
public void setAuthenticationManager(AuthenticationManager authenticationManager)
AuthenticationManager
to use.authenticationManager
- the AuthenticationManager
to use.public void setDefaultDomain(java.lang.String defaultDomain)
defaultDomain
- The name of the default domain.public void setSmbClientUsername(java.lang.String smbClientUsername)
smbClientUsername
- The SMB client username.public void setSmbClientPassword(java.lang.String smbClientPassword)
smbClientPassword
- The SMB client password.public void setSmbClientSSNLimit(java.lang.String smbClientSSNLimit)
1
, every
authentication is forced to use a separate transport. This effectively
ignores SMB signing requirements, however at the expense of reducing
scalability. Preauthentication with a domain, username, and password is
the preferred method for working with servers that require signatures.smbClientSSNLimit
- The SMB client SSN limit.public void setNetbiosWINS(java.lang.String netbiosWINS)
domainController
if there is a WINS server available.netbiosWINS
- The WINS server JCIFS will use.public void setDomainController(java.lang.String domainController)
domainController
- The IP address of the domain controller.public void setLoadBalance(boolean loadBalance)
true
, rotate through the list of domain
controllers when authenticating users.loadBalance
- The load balance flag value.public void setStripDomain(boolean stripDomain)
NtlmProcessingFilter
to strip the Windows
domain name from the username when set to true
, which
is the default value.stripDomain
- The strip domain flag value.public void setSoTimeout(java.lang.String timeout)
jcifs.smb.client.soTimeout
property to the
timeout value specified in milliseconds. Defaults to 5 minutes
if not specified.timeout
- The milliseconds timeout value.public void setCachePolicy(java.lang.String numSeconds)
jcifs.netbios.cachePolicy
property to the
number of seconds a NetBIOS address is cached by JCIFS. Defaults to
20 minutes if not specified.numSeconds
- The number of seconds a NetBIOS address is cached.public void setJcifsProperties(java.util.Properties props)
props
- The JCIFS properties to set.public boolean isForceIdentification()
true
if NTLM authentication is forced.true
if NTLM authentication is forced.public void setForceIdentification(boolean forceIdentification)
forceIdentification
- the force identification flag value to set.public void setRetryOnAuthFailure(boolean retryOnFailure)
AuthenticationCredentialsNotFoundException
or InsufficientAuthenticationException
is thrown.retryOnFailure
- the retry on failure flag value to set.public void setAuthenticationDetailsSource(AuthenticationDetailsSource authenticationDetailsSource)
protected void doFilterHttp(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, javax.servlet.FilterChain chain) throws java.io.IOException, javax.servlet.ServletException
doFilterHttp
in class SpringSecurityFilter
java.io.IOException
javax.servlet.ServletException
public int getOrder()
getOrder
in interface org.springframework.core.Ordered