Multiple Domain Controllers

[rc123]

Hi ,
We are using NTLM authentication using spring security 2.0.6 and we are able to login with active directory.
I know that now NTLM is not supported , but we need some inputs on some of these issues as it is very much critical for us.

1)Can we support NTLM authentication without cookies enabled ?
2) Is it possible to provide multiple domain controllers in spring security xml.(do we have some reference)

It would be very much appreciated if we get response for this.

Thanks

spring-security.xml that i tried :

Code:

<beans xmlns="http://www.springframework.org/schema/beans"
	xmlns:security="http://www.springframework.org/schema/security"
	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
              http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.4.xsd">


	<!-- ======================== FILTER CHAIN ======================= -->

	<bean id="propertyConfigurer"
		class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer">
		<property name="location" value="file:/home/rajesh/ntlm.properties" />
	</bean>

	<security:http create-session="never" servlet-api-provision="false" 
	entry-point-ref="ntlmProcessingFilterEntryPoint">
		
		<!-- Restrict URLs based on role -->
		<security:intercept-url pattern="/**" access="ROLE_USER,ROLE_ADMIN" />
		<security:intercept-url pattern="/fail.jsp" filters="none" />
		

	</security:http>

	<security:authentication-manager alias="authenticationManager" />

	<bean id="ntlmProcessingFilter"
		class="org.springframework.security.ui.ntlm.NtlmProcessingFilter">
		<security:custom-filter position="NTLM_FILTER" />
		<property name="authenticationManager" ref="authenticationManager" />
		<property name="defaultDomain" value="${domain}" />
		<property name="domainController" value="${domainController}" />
		<property name="loadBalance" value="true" />
		<property name="jcifsProperties">
		<value>
			<!--jcifs.smb.client.domian=${domain}-->
			jcifs.smb.client.username=${username}
			jcifs.smb.client.password=${password}
			jcifs.smb.lmCompatibility=0
			jcifs.smb.client.useExtendedSecurity=false
			jcifs.netbios.wins=acesv1.com,yomonksace
		</value>
	</property>
	<!--<property name="stripDomain" value="false" />-->

	</bean>

	<bean id="ntlmProcessingFilterEntryPoint"
		class="org.springframework.security.ui.ntlm.NtlmProcessingFilterEntryPoint">
		<property name="authenticationFailureUrl" value="/fail.jsp" />
	</bean>

	<security:authentication-provider>
	<security:user-service id="userService">
		<security:user name="sh1" password="" authorities="ROLE_ADMIN,ROLE_USER" />
		<security:user name="administrator" password="" authorities="ROLE_ADMIN,ROLE_USER" />

	</security:user-service>
	</security:authentication-provider>
	
	
		<bean id="filterChainProxy" class="org.springframework.security.util.FilterChainProxy">
	<security:filter-chain-map path-type="ant">
		<security:filter-chain pattern="/**" filters="
			httpSessionContextIntegrationFilterWithASCTrue,
			ntlmProcessingFilter, exceptionTranslationFilter,
		    filterSecurityInterceptor " />
	</security:filter-chain-map>
	
	</bean>
	

	<bean id="httpSessionContextIntegrationFilterWithASCTrue"
		class="org.springframework.security.context.HttpSessionContextIntegrationFilter">
		<property name="allowSessionCreation" value="true" />
	</bean>


	<bean id="exceptionTranslationFilter" class="org.springframework.security.ui.ExceptionTranslationFilter">

	<property name="authenticationEntryPoint">
		<ref bean="ntlmProcessingFilterEntryPoint" />
	</property>

	<property name="accessDeniedHandler">
		<bean class="org.springframework.security.ui.AccessDeniedHandlerImpl" />
	</property>

	</bean>

	<bean id="filterSecurityInterceptor" class="org.springframework.security.intercept.web.FilterSecurityInterceptor">

		<property name="authenticationManager" ref="authenticationManager" />
		<property name="accessDecisionManager" ref="accessDecisionManager" />
		<property name="objectDefinitionSource">
		
		<security:filter-invocation-definition-source>
			<security:intercept-url pattern="/**"
				access="ROLE_USER,ROLE_ADMIN" />
		</security:filter-invocation-definition-source>
	
		</property>
	</bean>


	<bean id="accessDecisionManager" class="org.springframework.security.vote.AffirmativeBased">
		<property name="decisionVoters">
			<list>
				<ref local="roleVoter" />
				<bean class="org.springframework.security.vote.AuthenticatedVoter" />
			</list>
		</property>
	</bean>

	<bean id="roleVoter" class="org.springframework.security.vote.RoleVoter" />
	

	<!-- ****** END SPRING Security Configuration ******* -->


</beans>