Sunday, March 21, 2010

Spring Security NTLM 3

As of version 3.X Spring Security doesn't include the NTLM extension anymore.

For the purpose of using NTLM authentication on Spring 3 projects, I migrated the 2.0.5 NTLM extension to the new version of Spring Security.

The full project sources are available here:
http://github.com/aloiscochard/spring-security-ntlm

I haven't took time fixing the following bugs found on version 2.0.5:
https://jira.springsource.org/browse/SEC-1003
https://jira.springsource.org/browse/SEC-1087

If your are interested to help correcting this defects don't hesitate to get in touch.

Download
You can download the spring-security-ntlm snapshot here:
http://github.com/downloads/aloiscochard/spring-security-ntlm/spring-security-ntlm-3.0.2.SNAPSHOT.jar

Usage
Due to the fact that NTLM isn't integrated in new version of spring-security-core, you need to add a custom filter.
Here is a snippet describing briefly how to do that:
Don't hesitate to ask if you need help, this extension work exactly as version 2.0.5. You can use an example from version 2.0.5 if you are starting from scratch.
Posted by at
Labels: , , , ,

6 comments:

  1. Craig St. JeanMarch 30, 2010 at 8:17 AM

    Any chance you will have a full example coming soon? I guess I'm missing the "your configuration here" part. I have it configured the way I think it should work, but clearly it does not.

    ReplyDelete
  2. Tomek KuprowskiJuly 29, 2010 at 10:16 AM

    Probably it's a bug in a pom.xml file with dependencies to spring-security-ldap library

    ReplyDelete
  3. Alois CochardSeptember 24, 2010 at 7:12 AM

    @Craig

    I'm unfortunatly waiting for the release of the Atlassian Crowd connector for Spring Security 3 before investigating the use of NTLM in our application ...

    But the 'your configuration here' must be the configuration you used before integrating NTLM.

    You must be able to make work spring security whithout NTLM before trying my code.

    Good luck if it's not too late, I didn't noticed your post before ... sorry !

    ReplyDelete
  4. tmsanchezOctober 6, 2010 at 10:35 PM

    Hi!

    Congratulations for your great blog.

    I'm waiting too for Crowd conector for spring security 3

    Now I'm following this tutorial http://confluence.atlassian.com/display/CROWD/Integrating+Crowd+with+Spring+Security

    I downloaded crowd update for spring security 3 in

    http://jira.atlassian.com/browse/CWD-1807?page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#issue-tabs

    I hope have successful

    Regards

    ReplyDelete
  5. Alois CochardOctober 13, 2010 at 6:59 AM

    @tmsanchez
    Hi!

    I made it for spring security 2 and it was relatively straightforward.

    Don't got time to do it with new version. But I'm confident Erik's jar must work.

    A real shame Atlassian didn't provide an updated jar... the issue was reported in January and still in 'Awaiting Review'.

    Good luck and let me now if you faced issue.

    Thanks !

    ReplyDelete
  6. MilesJuly 27, 2024 at 10:24 AM

    Interestting read

    ReplyDelete

Subscribe to: Post Comments (Atom)