Hello all-
I am really puzzled right now and was hoping you all could shed some light onto me. I am developing a corporate intranet. I have jcifs ntlm http filter ( http://jcifs.samba.org/ ) working for me and all seems to be working fine. I can call getRemoteUser() and get the domain and username for the user. Which is great, I can use the username to tie into AD and get that persons security groups to determine access to certain job specific functions on the intranet (btw, all clients are IE). But, I'm concerned. My question does not really have to do with jcifs but with security realms. I ultimately want to isUserInRole("role") within my jsp's to determine access (I think). But I'm confused as to go about implementing such a scheme. I was thinking that I may have to write a custom realm but I'm not sure if this is the right way to go about it. With jcifs I can use the username from getRemoteUser() and use that to lookup which security groups that user is member and determine my access this way. But I'm really skeptical of this scenario. Does anyone have any suggestions or ideas for my situation? Thanx in advance Russ
