Fork me on GitHub

Sunday, March 21, 2010

Spring Security NTLM 3

As of version 3.X Spring Security doesn't include the NTLM extension anymore.

For the purpose of using NTLM authentication on Spring 3 projects, I migrated the 2.0.5 NTLM extension to the new version of Spring Security.

The full project sources are available here:
http://github.com/aloiscochard/spring-security-ntlm

I haven't took time fixing the following bugs found on version 2.0.5:
https://jira.springsource.org/browse/SEC-1003
https://jira.springsource.org/browse/SEC-1087

If your are interested to help correcting this defects don't hesitate to get in touch.

Download
You can download the spring-security-ntlm snapshot here:
http://github.com/downloads/aloiscochard/spring-security-ntlm/spring-security-ntlm-3.0.2.SNAPSHOT.jar

Usage
Due to the fact that NTLM isn't integrated in new version of spring-security-core, you need to add a custom filter.
Here is a snippet describing briefly how to do that:
Don't hesitate to ask if you need help, this extension work exactly as version 2.0.5. You can use an example from version 2.0.5 if you are starting from scratch.

6 comments:

  1. Any chance you will have a full example coming soon? I guess I'm missing the "your configuration here" part. I have it configured the way I think it should work, but clearly it does not.

    ReplyDelete
  2. Probably it's a bug in a pom.xml file with dependencies to spring-security-ldap library

    ReplyDelete
  3. @Craig

    I'm unfortunatly waiting for the release of the Atlassian Crowd connector for Spring Security 3 before investigating the use of NTLM in our application ...

    But the 'your configuration here' must be the configuration you used before integrating NTLM.

    You must be able to make work spring security whithout NTLM before trying my code.

    Good luck if it's not too late, I didn't noticed your post before ... sorry !

    ReplyDelete
  4. Hi!

    Congratulations for your great blog.

    I'm waiting too for Crowd conector for spring security 3

    Now I'm following this tutorial http://confluence.atlassian.com/display/CROWD/Integrating+Crowd+with+Spring+Security

    I downloaded crowd update for spring security 3 in

    http://jira.atlassian.com/browse/CWD-1807?page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#issue-tabs

    I hope have successful

    Regards

    ReplyDelete
  5. @tmsanchez
    Hi!

    I made it for spring security 2 and it was relatively straightforward.

    Don't got time to do it with new version. But I'm confident Erik's jar must work.

    A real shame Atlassian didn't provide an updated jar... the issue was reported in January and still in 'Awaiting Review'.

    Good luck and let me now if you faced issue.

    Thanks !

    ReplyDelete
  6. Thanks alot for your blog post it helped me alot with the configuration of NTLM within my Spring 3 project. I confirm the jar works just fine.

    Though I did change your pom.xml a little and replaced

    <dependency> <groupId>org.springframework.security</groupId>
    <artifactId>org.springframework.security.ldap</artifactId>
    <version>${spring-security.version}</version>
    </dependency>

    by

    <dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-ldap</artifactId>
    <version>${spring-security.version}</version>
    </dependency>

    To avoid having spring jars fetched packaged twice within my war.

    Also for anyone that asked a fully working example here's my full configuration where ntlmAuthenticationProvider is just my standard bean where I load my users' roles :


    <?xml version="1.0" encoding="UTF-8"?>
    <beans:beans xmlns="http://www.springframework.org/schema/security"
    xmlns:beans="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
    http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
    http://www.springframework.org/schema/security
    http://www.springframework.org/schema/security/spring-security-3.0.xsd">

    <beans:bean id="ntlmFilter" class="org.springframework.security.ui.ntlm.NtlmAuthenticationFilter">
    <beans:property name="authenticationManager" ref="authenticationManager" />
    <beans:property name="retryOnAuthFailure" value="false" />
    <beans:property name="domainController" value="${ntlm.domain.controller}" />
    <beans:property name="defaultDomain" value="${ntlm.default.domain}" />
    <beans:property name="smbClientUsername" value="${ntlm.smbclient.username}" />
    <beans:property name="smbClientPassword" value="${ntlm.smbclient.password}" />
    </beans:bean>

    <beans:bean id="ntlmFilterEntryPoint" class="org.springframework.security.ui.ntlm.NtlmAuthenticationFilterEntryPoint">
    <beans:property name="authenticationFailureUrl" value="/ntlmFailed.html" />
    </beans:bean>

    <beans:bean id="nullRequestCacheAwareFilter" class="org.springframework.security.web.savedrequest.NullRequestCache"/>

    <http auto-config="false" entry-point-ref="ntlmFilterEntryPoint">
    <request-cache ref="nullRequestCacheAwareFilter"/>
    <custom-filter after="EXCEPTION_TRANSLATION_FILTER" ref="ntlmFilter"/>
    </http>

    <global-method-security pre-post-annotations="enabled">
    <expression-handler ref="securityExpressionHandler"/>
    </global-method-security>

    <authentication-manager alias="authenticationManager">
    <authentication-provider ref="ntlmAuthenticationProvider" />
    </authentication-manager>

    <beans:bean id="ntlmAuthenticationProvider" class="com........NtlmAuthenticationServiceImpl" />

    <beans:bean id="securityExpressionHandler" class="org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler" />

    </beans:beans>I hope this could help

    ReplyDelete