Thursday, August 03, 2006

Using jCIFS for Authentication

JCIFS is an Open Source client library that implements the CIFS/SMB networking protocol in 100% Java. CIFS is the standard file sharing protocol on the Microsoft Windows platform (e.g. Map Network Drive ...). This client is used extensively in production on large Intranets. The JCIFS SMB client library enables Java applications to remotely access shared files and directories on SMB file servers(i.e. a Microsoft Windows "share") in addition to domain, workgroup, and server enumeration of NetBIOS over TCP/IP networks. It is an advanced implementation of the CIFS protocol supporting Unicode, batching, multiplexing of threaded callers, encrypted authentication, transactions, the Remote Access Protocol (RAP), and much more. It is licensed under LGPL which means commercial organizations can legitimately use it with their proprietary code(you just can't sell or give away a modified binary only version of the library itself without reciprocation). While the core library is for implementing File Sharing, we can also use it for authentication using LDAP. The following are a sequence of steps to setup jCIFS for authentication:
  1. Download jCIFS from the site.
  2. The following three lines of code are enough to check authentication
    UniAddress uniaddress = UniAddress.getByName(LDAP_Host_Name);
    NtlmPasswordAuthentication ntlmpasswordauthentication = new NtlmPasswordAuthentication(domain, username, password);
    SmbSession.logon(uniaddress, ntlmpasswordauthentication);
  3. If the authentication fails, then the logon method throws an exception.
This type of authentication can also be achieved by using JNDI, jCIFS adds more to this, i.e. jCIFS supports NTLM authentication, i.e. users within the domain are not challenged for username and password (if using Internet Explorer, Firefox always prompts for password). This feature is similar to the SPNEGO TAI provided with WebSphere Application server. To know how to setup NTLM authentication with jCIFS, visit the JCIFS NTLM HTTP Authentication page.

3 comments:

  1. Thanks Abhi..This is really a nice and helpful blog on desktop sso...I have gone through the docs provided on jcifs and implemented the desktop sso..But I am failing to find the right steps to implements jcifs on HTTPS..Its working fine on HTTP..Any thouhgts on this..?

    ReplyDelete
  2. o you get the variable password? can you mail this answer? pakizito[AT]gmail[dot]com

    ReplyDelete
  3. Thanks so much! Works like a charm.
    On our company's local network, using the AD's ip address instead of hostname (ad.local) made a 4,000 msecs difference, which is probably the lookup timeout...?

    ReplyDelete