...
Additional properties that can effect the authentication process can be found here, where they can be set in the JCifsProperties section to alter the authentication process.
| Wiki Markup |
|---|
{graphviz}
strict digraph G {
graph [ ratio="0.7 compressed",
rankdir="LR",
ranksep=0.75,
concentrate="false",
remincross="true",
fontname=helvetica
fontsize=12
];
node [ shape=box,
style=filled,
fillcolor=white,
fontname=helvetica
fontsize=12,
fontcolor=black
];
edge [
];
subgraph "cluster_security_ntlm_step_1.xml" {
label="security_ntlm_step_1.xml";
style=filled;
color=ivory3;
"filterChainProxy" [];
"ntlmZeroPostFilter" [];
"ntlmProcessingFilter" [];
"ntlmEntryPoint" [];
"ntlmAuthenticationManager" [];
"nullDaoAuthenticationProvider" [];
"userDetailsService" [];
"httpSessionContextIntegrationFilter" [];
"securityContextHolderAwareRequestFilter" [];
"exceptionTranslationFilter" [];
"jsonExceptionTranslationFilter" [];
"filterInvocationInterceptor" [];
"ntlmAuthenticationManager" -> "nullDaoAuthenticationProvider" [];
"ntlmProcessingFilter" -> "ntlmEntryPoint" [];
"ntlmProcessingFilter" -> "ntlmAuthenticationManager" [];
"nullDaoAuthenticationProvider" -> "userDetailsService" [];
"filterInvocationInterceptor" -> "ntlmAuthenticationManager" [];
"filterChainProxy" -> "filterInvocationInterceptor" [];
"filterChainProxy" -> "jsonExceptionTranslationFilter" [];
"filterChainProxy" -> "exceptionTranslationFilter" [];
"filterChainProxy" -> "securityContextHolderAwareRequestFilter" [];
"filterChainProxy" -> "ntlmProcessingFilter" [];
"filterChainProxy" -> "httpSessionContextIntegrationFilter" [];
"filterChainProxy" -> "ntlmZeroPostFilter" [];
}
}
{graphviz} |
Extended authentication example
...
It will also require editing of the ntlmProcessingFilter bean to at least set the correct defaultDomain and domainController.
It may also require changing the loadBalance property to set it to true (false is the default if it's not set).
| Wiki Markup |
|---|
{graphviz}
strict digraph G {
graph [ ratio="0.7 compressed",
rankdir="LR",
ranksep=0.75,
concentrate="false",
remincross="true",
fontname=helvetica
fontsize=12
];
node [ shape=box,
style=filled,
fillcolor=white,
fontname=helvetica
fontsize=12,
fontcolor=black
];
edge [
];
subgraph "cluster_security_ntlm_step_2.xml" {
label="security_ntlm_step_2.xml";
style=filled;
color=ivory3;
"filterChainProxy" [];
"ntlmZeroPostFilter" [];
"ntlmProcessingFilter" [];
"ntlmEntryPoint" [];
"ntlmAuthenticationManager" [];
"nullDaoAuthenticationProvider" [];
"httpSessionContextIntegrationFilter" [];
"logoutFilter" [];
"authenticationProcessingFilter" [];
"securityContextHolderAwareRequestFilter" [];
"rememberMeProcessingFilter" [];
"anonymousProcessingFilter" [];
"exceptionTranslationFilter" [];
"jsonExceptionTranslationFilter" [];
"filterInvocationInterceptor" [];
"rememberMeServices" [];
"authenticationManager" [];
"daoAuthenticationProvider" [];
"userDetailsService" [];
"ntlmAuthenticationManager" -> "nullDaoAuthenticationProvider" [];
"authenticationManager" -> "daoAuthenticationProvider" [];
"ntlmProcessingFilter" -> "ntlmEntryPoint" [];
"ntlmProcessingFilter" -> "ntlmAuthenticationManager" [];
"nullDaoAuthenticationProvider" -> "userDetailsService" [];
"authenticationProcessingFilter" -> "authenticationManager" [];
"authenticationProcessingFilter" -> "rememberMeServices" [];
"rememberMeProcessingFilter" -> "authenticationManager" [];
"rememberMeProcessingFilter" -> "rememberMeServices" [];
"filterInvocationInterceptor" -> "authenticationManager" [];
"rememberMeServices" -> "userDetailsService" [];
"daoAuthenticationProvider" -> "userDetailsService" [];
"logoutFilter" -> "rememberMeServices" [];
"filterChainProxy" -> "logoutFilter" [];
"filterChainProxy" -> "filterInvocationInterceptor" [];
"filterChainProxy" -> "jsonExceptionTranslationFilter" [];
"filterChainProxy" -> "exceptionTranslationFilter" [];
"filterChainProxy" -> "anonymousProcessingFilter" [];
"filterChainProxy" -> "rememberMeProcessingFilter" [];
"filterChainProxy" -> "securityContextHolderAwareRequestFilter" [];
"filterChainProxy" -> "authenticationProcessingFilter" [];
"filterChainProxy" -> "ntlmProcessingFilter" [];
"filterChainProxy" -> "logoutFilter" [];
"filterChainProxy" -> "httpSessionContextIntegrationFilter" [];
"filterChainProxy" -> "ntlmZeroPostFilter" [];
}
}
{graphviz} |
Getting roles from Active Directory (via LDAP)
...
The information setup in the ldapUserSearch, ldapAuthoritiesPopulator and initialDirContextFactory will at least need to updated to reflect your local settings.
...