views:

153

answers:

1

does anyone tried doing cache for spring-ntlm NtlmProcessingFilter.java file so that every request no need to query from microsoft active directory to authenticate user ? how to implement such cache using ehcache

+1  A: 

I can't help you directly, but some of my experience may be useful. I have an application that uses a modified jcifs ntlm filter. (Beware that the existing filter is not actually secure!) One of my modifications is that once the user is authenticated, the results are stored in the session (not specifically in the cache).

The filter checks to see if there's an authentication result in the session before doing the whole ntlm protocol. If there is, then it doesn't need to bother.

The only thing you need to be careful about is HTTP Posts. Internet Explorer requires that Posts go through the whole authentication process anyway, whether or not the server asks for it. So you have to take care of that in your filter.

John
@John thanks for pointing out this. i still looking for proper way to do it and cache it in NLTMProcessingFilter class directly rather in user session
cometta
I don't have a strong opinion that the authentication information should be stored in the session, but it definitely seems easier that way. It would be easy enough to have a `Map<HttpSession,String>` inside the filter class that could store the authenticated username (or other details) for each session. If the username for the session exists, then it could avoid repeating the authentication (unless it's a post request!).
John