Obtain user name only

Jan 27, 2011 at 8:38 PM

I have tried the filter and it works very well.  All I really need to accomplish is obtaining the user ID without the NTLM handshake being carried forward and being used on all other URL/pages.  Is there a way to use Waffle to only get the user?

Jan 27, 2011 at 8:44 PM

I am not sure what you mean by "handshake being carried forward". You can get the username by calling request.getRemoteUser(). If you just want to do a 1-time authentication and then stop doing authentication after remembering the username, you'll have to write your own filter that does that or perform some kind of clever redirection to a single protected resource.

Jan 28, 2011 at 12:43 PM

That's exactly what I'm trying to do as well - get the user name at the start of the session, one time only.

It seems if I use the Tomcat valve (Tomcat 6 or 7) as opposed to the filter method, there are fewer checks for authentication.

I suspect the filter gets the principal for every JSF Lifecycle. I'm using JSF 2.0, Facelets.

I have tried a few methods to do this. One that might work out is protecting only a single folder or page and redirecting.

But I really don't like all those redirects.

I first hit index.xhtml redirect to protected page and get the name, redirect to a main page.

I could not find a way to protect index while not protecting everything else.


Jan 28, 2011 at 1:47 PM

Ok. I understand what you're trying to achieve. Can you please explain why?

NTLM is a connection-oriented protocol, so you only authenticate once per connection (unless you're doing a POST, read this). The browser is supposed to reissue an Authorization ticket every time it opens a new connection. Some browsers will optimize and do that on the first request on a new connection if the server ever challenged them before. Others will wait for a 401. Lots of scenarios will break if the server behaves other than by obeying the protocol. Filter or valve will make no difference.


Jan 28, 2011 at 2:24 PM

The environment is corporate IT.IE6-IE8All User PC’s are Windows XP

All users log in to the network which has domain controllers etc.

After a user is logged-in to the network and opens my JSF/Facelets application I only want to retrieve the login id used to successfully log in to the network from the PC workstation.

I want to store the retrieved login id for the duration of that browser session.

I will then use the login id to check in one or more SQL Databases for user permissions.

Then control various parts of the web application based on permissions we store in the database(s).


Jan 28, 2011 at 5:20 PM

Sounds like you want to only protect a login page with NTLM and the rest without NTLM (sessions). I am not sure whether that's actually secure and session replay or stealing might be an issue. The rest is hackery.