Hi again, the problem with NTLM is that is has to be 'spoken' by the client. Currently only IE supports NTLM natively, so only webservice client stubs that uses the HTTP libraries of the local installed IE will work properly!!! We have encountered problems with using the IE-stack (in some intranet configurations there are download options configured: such as setting the proxy and configuration locally with a template from a domain controller or so... If such a configuration is broken you'll have to wait for a timeout [15-30 seconds] and will encounter this time on every webservice invocation:-((( ) BEWARE of using IE (and it's configuration settings) behind the scenes! There are several postings about this phenomenon (waiting 15-20 secs before a ws-invocation starts) in the jboss and other forums. I prefer to integrate a whole HTTP stack in applications, not relying on local configurations. Then it's the question what this stack supports, whether you can enhance it with the NTLM protocol (if u have to use it) or so. Another hint: You can implement the JCIFS servlet as Tomcat Valve, so that no extra login servlet step is needed: In intranet environments you won't have to supply login/password and over the internet/out of domain you could be asked for login credentials by your application because of the BASIC auth fallback in the JCIFS servlet. Anyone interested in the valve code?
PS: What about opening a thread in the jboss forums so that other people can search for this? Kind regards, S. Pohl > -----Urspr�ngliche Nachricht----- > Von: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Auftrag von > Sreedhar, > Dantam > Gesendet: Freitag, 7. Mai 2004 17:06 > An: [EMAIL PROTECTED] > Betreff: RE: [JBoss-user] Security and C# clients > > > Hi, > > In one of our applications we have used the following > architecture (this > works only in *intranet*) > > 1) Expose a servlet called authenticate using jCIFS > (http://jcifs.samba.org/). This servlet gets the NTLM user credentials > and check for authentication against database. If the user is allowed, > then returns a sessionId, else returns a error message. > 2) All SOAP methods expect session id as one of the arguments. The > server code checks the submitted sessionId against stored list of > sessionIds. If the submitted sessionId is valid, then proceed > to do the > business logic, else return an error. > 3) C# client calls authenticate servlet and gets a valid > session Id and > the client submits this session for each SOAP method call. > 4) The server should also have own implementation of expiring the > session after certain duration. > > We have used this logic in two of our projects and they are > working fine > with out any problem. > > -Sreedhar > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of JAYARAM, > Sujay, FM > Sent: Friday, May 07, 2004 6:31 PM > To: '[EMAIL PROTECTED]' > Cc: BENVENUTTO, Simon, FM > Subject: [JBoss-user] Security and C# clients > > > > Hi all, > > We are currently exposing session beans within JBoss as web services > (using > axis) to C# clients. We want to use the declarative syntax provided by > J2EE > within our beans' deployment descriptors and to use > JAAS/JBoss security > features - the problem is that there seems to be no standard mechanism > for a > C# client to provide it's credentials (that we know of) so that any > beans > with restricted role access can never be called (or rather these calls > will > return with security exception). > > Have other people solved this problem in any form? One thing we have > looked > at is writing an Interceptor which uses known 'user'/'password' > parameters > from the C# client and attempts to do a JAAS logon at a point in the > call > stack prior to the SecurityInterceptor, so as to assume the roles > required > by the bean we mean to call. However this still seems to fail :-( > > Any help with this would be appreciated. > > Thanks > Sujay > > > > ************************************************************** > ********** > *********** > The Royal Bank of Scotland plc. Registered in Scotland No 90312. > Registered Office: 36 St Andrew Square, Edinburgh EH2 2YB. > > Authorised and regulated by the Financial Services Authority > > This e-mail message is confidential and for use by the > > addressee only. If the message is received by anyone other > > than the addressee, please return the message to the sender > by replying to it and then delete the message from your > > computer. Internet e-mails are not necessarily secure. The > > Royal Bank of Scotland plc does not accept responsibility for > > changes made to this message after it was sent. > > > > Whilst all reasonable care has been taken to avoid the > > transmission of viruses, it is the responsibility of the recipient to > > ensure that the onward transmission, opening or use of this > > message and any attachments will not adversely affect its > > systems or data. No responsibility is accepted by The Royal > > Bank of Scotland plc in this regard and the recipient should carry > out such virus and other checks as it considers appropriate. > > > Visit our websites at: > > http://www.rbs.co.uk/CBFM > > http://www.rbsmarkets.com > > > ************************************************************** > ********** > ******** > > > > ------------------------------------------------------- > This SF.Net email is sponsored by Sleepycat Software > Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to > deliver higher performing products faster, at low TCO. > http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 > _______________________________________________ > JBoss-user mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/jboss-user > > > ------------------------------------------------------- > This SF.Net email is sponsored by Sleepycat Software > Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to > deliver higher performing products faster, at low TCO. > http://www.sleepycat.com/telcomwpreg.php?From=dnemail3 > _______________________________________________ > JBoss-user mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/jboss-user
<<attachment: winmail.dat>>
