org.apache.jetspeed.security.impl.ntlm
Class NtlmSecurityValve

java.lang.Object
  extended by org.apache.jetspeed.pipeline.valve.AbstractValve
      extended by org.apache.jetspeed.security.impl.AbstractSecurityValve
          extended by org.apache.jetspeed.security.impl.ntlm.NtlmSecurityValve
All Implemented Interfaces:
SecurityValve, Valve

public class NtlmSecurityValve
extends AbstractSecurityValve

NTLMSecurityValve provides Subject creation based on the NTLM provided request.getRemoteUser() user name. When request.getRemoteUser() holds a valid value, then this user is authorized. Otherwise the username is retrieved from the Principal name in the request. In this way you can use NTLM authentication, with a fallback authentication method in case the user is not properly authenticated / authorized using NTLM. There are basically three authentication scenarios:

  1. The user is successfully authenticated and authorized by Ntml authentication

    A Subject is created, with Principal derived from the remoteUser value from Ntlm authentication

  2. The user is not authenticated by Ntlm, or the authenticated (can be NTLM or any other method) user cannot be authorized by Jetspeed.

    An anonymous Subject is created. The user can then be redirected to a login page for example.

  3. The user is authenticated by a (non-NTLM) authentication method, e.g. container-based form authentication.

    A subject is created based on the Principal name in the request.

Version:
$Id$
Author:
David Sean Taylor , Randy Walter , Scott T. Weaver, Dennis Dam

Field Summary
 
Fields inherited from class org.apache.jetspeed.security.impl.AbstractSecurityValve
authenticationConfiguration
 
Fields inherited from interface org.apache.jetspeed.pipeline.valve.SecurityValve
IP_ADDRESS
 
Constructor Summary
NtlmSecurityValve(UserManager userMgr, java.lang.String networkDomain, boolean omitDomain, boolean ntlmAuthRequired)
           
NtlmSecurityValve(UserManager userMgr, java.lang.String networkDomain, boolean omitDomain, boolean ntlmAuthRequired, PortalStatistics statistics)
           
NtlmSecurityValve(UserManager userMgr, java.lang.String networkDomain, boolean omitDomain, boolean ntlmAuthRequired, PortalStatistics statistics, PortalAuthenticationConfiguration authenticationConfiguration)
           
 
Method Summary
protected  javax.security.auth.Subject getSubject(RequestContext context)
           getSubject
protected  java.security.Principal getUserPrincipal(RequestContext context)
           getUserPrincipal
 java.lang.String toString()
           
 
Methods inherited from class org.apache.jetspeed.security.impl.AbstractSecurityValve
getSubjectFromSession, invoke, isSessionExpired
 
Methods inherited from class org.apache.jetspeed.pipeline.valve.AbstractValve
initialize
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 
Methods inherited from interface org.apache.jetspeed.pipeline.valve.Valve
initialize
 

Constructor Detail

NtlmSecurityValve

public NtlmSecurityValve(UserManager userMgr,
                         java.lang.String networkDomain,
                         boolean omitDomain,
                         boolean ntlmAuthRequired,
                         PortalStatistics statistics,
                         PortalAuthenticationConfiguration authenticationConfiguration)
Parameters:
userMgr - A UserManager
statistics - Portal Statistics
networkDomain - The network domain is used in combination with the omitDomain flag.
omitDomain - If true, then the network domain is stripped from the remoteUser name.
ntlmAuthRequired - if true, then an exception is thrown when there is no valid remoteUser, or the remoteUser cannot be authorized.

NtlmSecurityValve

public NtlmSecurityValve(UserManager userMgr,
                         java.lang.String networkDomain,
                         boolean omitDomain,
                         boolean ntlmAuthRequired,
                         PortalStatistics statistics)

NtlmSecurityValve

public NtlmSecurityValve(UserManager userMgr,
                         java.lang.String networkDomain,
                         boolean omitDomain,
                         boolean ntlmAuthRequired)
Method Detail

toString

public java.lang.String toString()
Overrides:
toString in class java.lang.Object

getUserPrincipal

protected java.security.Principal getUserPrincipal(RequestContext context)
                                            throws java.lang.Exception
Description copied from class: AbstractSecurityValve

getUserPrincipal

Should build and return a java.security.Principal that represents the user name the Subject returned from getSubject()

Specified by:
getUserPrincipal in class AbstractSecurityValve
Returns:
Principal
Throws:
java.lang.Exception

getSubject

protected javax.security.auth.Subject getSubject(RequestContext context)
                                          throws java.lang.Exception
Description copied from class: AbstractSecurityValve

getSubject

Should build and return a javax.security.Subject

Specified by:
getSubject in class AbstractSecurityValve
Returns:
Subject
Throws:
java.lang.Exception


Copyright © 1999-2010 Apache Software Foundation. All Rights Reserved.