Sunday, March 21, 2010

Spring Security NTLM 3

As of version 3.X Spring Security doesn't include the NTLM extension anymore.

For the purpose of using NTLM authentication on Spring 3 projects, I migrated the 2.0.5 NTLM extension to the new version of Spring Security.

The full project sources are available here:

I haven't took time fixing the following bugs found on version 2.0.5:

If your are interested to help correcting this defects don't hesitate to get in touch.

You can download the spring-security-ntlm snapshot here:

Due to the fact that NTLM isn't integrated in new version of spring-security-core, you need to add a custom filter.
Here is a snippet describing briefly how to do that:
Don't hesitate to ask if you need help, this extension work exactly as version 2.0.5. You can use an example from version 2.0.5 if you are starting from scratch.


  1. Any chance you will have a full example coming soon? I guess I'm missing the "your configuration here" part. I have it configured the way I think it should work, but clearly it does not.

  2. Probably it's a bug in a pom.xml file with dependencies to spring-security-ldap library

  3. @Craig

    I'm unfortunatly waiting for the release of the Atlassian Crowd connector for Spring Security 3 before investigating the use of NTLM in our application ...

    But the 'your configuration here' must be the configuration you used before integrating NTLM.

    You must be able to make work spring security whithout NTLM before trying my code.

    Good luck if it's not too late, I didn't noticed your post before ... sorry !

  4. Hi!

    Congratulations for your great blog.

    I'm waiting too for Crowd conector for spring security 3

    Now I'm following this tutorial

    I downloaded crowd update for spring security 3 in

    I hope have successful


  5. @tmsanchez

    I made it for spring security 2 and it was relatively straightforward.

    Don't got time to do it with new version. But I'm confident Erik's jar must work.

    A real shame Atlassian didn't provide an updated jar... the issue was reported in January and still in 'Awaiting Review'.

    Good luck and let me now if you faced issue.

    Thanks !