NtlmSecurityValve (Jetspeed-2 Portal Components 2.1.3 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.apache.jetspeed.security.impl.ntlm
Class NtlmSecurityValve

java.lang.Object
  org.apache.jetspeed.pipeline.valve.AbstractValve
      org.apache.jetspeed.security.impl.AbstractSecurityValve
          org.apache.jetspeed.security.impl.ntlm.NtlmSecurityValve

All Implemented Interfaces:: SecurityValve, org.apache.jetspeed.pipeline.valve.Valve

public class NtlmSecurityValve
extends AbstractSecurityValve
extends AbstractSecurityValve

NTLMSecurityValve provides Subject creation based on the NTLM provided request.getRemoteUser() user name. When request.getRemoteUser() holds a valid value, then this user is authorized. Otherwise the username is retrieved from the Principal name in the request. In this way you can use NTLM authentication, with a fallback authentication method in case the user is not properly authenticated / authorized using NTLM. There are basically three authentication scenarios:

The user is successfully authenticated and authorized by Ntml authentication

A Subject is created, with Principal derived from the remoteUser value from Ntlm authentication
The user is not authenticated by Ntlm, or the authenticated (can be NTLM or any other method) user cannot be authorized by Jetspeed.

An anonymous Subject is created. The user can then be redirected to a login page for example.
The user is authenticated by a (non-NTLM) authentication method, e.g. container-based form authentication.

A subject is created based on the Principal name in the request.

Version:: $Id$
Author:: David Sean Taylor , Randy Walter , Scott T. Weaver, Dennis Dam

Field Summary
`private String`	`networkDomain`
`private boolean`	`ntlmAuthRequired`
`private boolean`	`omitDomain`
`private org.apache.jetspeed.statistics.PortalStatistics`	`statistics`
`private org.apache.jetspeed.security.UserManager`	`userMgr`

Fields inherited from class org.apache.jetspeed.security.impl.AbstractSecurityValve
`authenticationConfiguration`

Fields inherited from interface org.apache.jetspeed.pipeline.valve.SecurityValve
`IP_ADDRESS`

Constructor Summary
`NtlmSecurityValve(org.apache.jetspeed.security.UserManager userMgr, String networkDomain, boolean omitDomain, boolean ntlmAuthRequired)`
`NtlmSecurityValve(org.apache.jetspeed.security.UserManager userMgr, String networkDomain, boolean omitDomain, boolean ntlmAuthRequired, org.apache.jetspeed.statistics.PortalStatistics statistics)`
`NtlmSecurityValve(org.apache.jetspeed.security.UserManager userMgr, String networkDomain, boolean omitDomain, boolean ntlmAuthRequired, org.apache.jetspeed.statistics.PortalStatistics statistics, org.apache.jetspeed.administration.PortalAuthenticationConfiguration authenticationConfiguration)`

Method Summary
`protected Subject`	`getSubject(org.apache.jetspeed.request.RequestContext context)` getSubject
`protected Principal`	`getUserPrincipal(org.apache.jetspeed.request.RequestContext context)` getUserPrincipal
`String`	`toString()`

Methods inherited from class org.apache.jetspeed.security.impl.AbstractSecurityValve
`getSubjectFromSession, invoke, isSessionExpired`

Methods inherited from class org.apache.jetspeed.pipeline.valve.AbstractValve
`initialize`

Methods inherited from class java.lang.Object
`clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait`

Methods inherited from interface org.apache.jetspeed.pipeline.valve.Valve
`initialize`

Field Detail

userMgr

private org.apache.jetspeed.security.UserManager userMgr

statistics

private org.apache.jetspeed.statistics.PortalStatistics statistics

networkDomain

private String networkDomain

ntlmAuthRequired

private boolean ntlmAuthRequired

omitDomain

private boolean omitDomain

Constructor Detail