diff --git a/config/alfresco/subsystems/Authentication/alfrescoNtlm/ntlm-filter-context.xml b/config/alfresco/subsystems/Authentication/alfrescoNtlm/ntlm-filter-context.xml
index 4c5b8d062f..eedaab66fe 100644
--- a/config/alfresco/subsystems/Authentication/alfrescoNtlm/ntlm-filter-context.xml
+++ b/config/alfresco/subsystems/Authentication/alfrescoNtlm/ntlm-filter-context.xml
@@ -12,6 +12,9 @@
       <property name="active">
          <value>${ntlm.authentication.sso.enabled}</value>
       </property>
+      <property name="ticketLogons">
+         <value>${ntlm.authentication.browser.ticketLogons}</value>
+      </property>
       <property name="serverConfiguration">
          <ref bean="fileServerConfiguration" />
       </property>
@@ -66,6 +69,9 @@
       <property name="active">
          <value>${ntlm.authentication.sso.enabled}</value>
       </property>
+      <property name="ticketLogons">
+         <value>true</value>
+      </property>
       <property name="serverConfiguration">
          <ref bean="fileServerConfiguration" />
       </property>
@@ -93,6 +99,9 @@
       <property name="active">
          <value>${ntlm.authentication.sso.enabled}</value>
       </property>
+      <property name="serverConfiguration">
+         <ref bean="fileServerConfiguration" />
+      </property>
       <property name="authenticationService">
          <ref bean="AuthenticationService" />
       </property>
@@ -108,6 +117,9 @@
       <property name="transactionService">
          <ref bean="TransactionService" />
       </property>
+      <property name="mapUnknownUserToGuest">
+         <value>${ntlm.authentication.mapUnknownUserToGuest}</value>
+      </property>
    </bean>
 
 </beans>
\ No newline at end of file
diff --git a/config/alfresco/subsystems/Authentication/alfrescoNtlm/ntlm-filter.properties b/config/alfresco/subsystems/Authentication/alfrescoNtlm/ntlm-filter.properties
index 1b3f069794..8e342a5c73 100644
--- a/config/alfresco/subsystems/Authentication/alfrescoNtlm/ntlm-filter.properties
+++ b/config/alfresco/subsystems/Authentication/alfrescoNtlm/ntlm-filter.properties
@@ -1,2 +1,3 @@
 ntlm.authentication.sso.enabled=false
-ntlm.authentication.mapUnknownUserToGuest=false
\ No newline at end of file
+ntlm.authentication.mapUnknownUserToGuest=false
+ntlm.authentication.browser.ticketLogons=true
\ No newline at end of file
diff --git a/config/alfresco/subsystems/Authentication/kerberos/kerberos-filter-context.xml b/config/alfresco/subsystems/Authentication/kerberos/kerberos-filter-context.xml
index c49d0cdf31..8ea7c3e69a 100644
--- a/config/alfresco/subsystems/Authentication/kerberos/kerberos-filter-context.xml
+++ b/config/alfresco/subsystems/Authentication/kerberos/kerberos-filter-context.xml
@@ -12,6 +12,9 @@
       <property name="active">
          <value>${kerberos.authentication.sso.enabled}</value>
       </property>
+      <property name="ticketLogons">
+         <value>${kerberos.authentication.browser.ticketLogons}</value>
+      </property>
       <property name="serverConfiguration">
          <ref bean="fileServerConfiguration" />
       </property>
@@ -72,6 +75,9 @@
       <property name="active">
          <value>${kerberos.authentication.sso.enabled}</value>
       </property>
+      <property name="ticketLogons">
+         <value>true</value>
+      </property>
       <property name="serverConfiguration">
          <ref bean="fileServerConfiguration" />
       </property>
@@ -100,4 +106,38 @@
          <value>${kerberos.authentication.http.configEntryName}</value>
       </property>
    </bean>
+   
+   <bean id="sharepointAuthenticationHandler" class="org.alfresco.web.sharepoint.auth.kerberos.KerberosAuthenticationHandler">
+      <property name="active">
+         <value>${kerberos.authentication.sso.enabled}</value>
+      </property>
+      <property name="serverConfiguration">
+         <ref bean="fileServerConfiguration" />
+      </property>
+      <property name="authenticationService">
+         <ref bean="AuthenticationService" />
+      </property>
+      <property name="authenticationComponent">
+         <ref bean="AuthenticationComponent" />
+      </property>
+      <property name="personService">
+         <ref bean="personService" />
+      </property>
+      <property name="nodeService">
+         <ref bean="NodeService" />
+      </property>
+      <property name="transactionService">
+         <ref bean="TransactionService" />
+      </property>
+      <property name="realm">
+         <value>${kerberos.authentication.realm}</value>
+      </property>
+      <property name="password">
+         <value>${kerberos.authentication.http.password}</value>
+      </property>
+      <property name="jaasConfigEntryName">
+         <value>${kerberos.authentication.http.configEntryName}</value>
+      </property>
+   </bean>
+   
 </beans>
\ No newline at end of file
diff --git a/config/alfresco/subsystems/Authentication/kerberos/kerberos-filter.properties b/config/alfresco/subsystems/Authentication/kerberos/kerberos-filter.properties
index 02a4160006..283db3a4d4 100644
--- a/config/alfresco/subsystems/Authentication/kerberos/kerberos-filter.properties
+++ b/config/alfresco/subsystems/Authentication/kerberos/kerberos-filter.properties
@@ -1,3 +1,4 @@
 kerberos.authentication.http.configEntryName=AlfrescoHTTP
 kerberos.authentication.http.password=secret
 kerberos.authentication.sso.enabled=true
+kerberos.authentication.browser.ticketLogons=true
\ No newline at end of file
diff --git a/config/alfresco/subsystems/Authentication/passthru/ntlm-filter-context.xml b/config/alfresco/subsystems/Authentication/passthru/ntlm-filter-context.xml
index 4c5b8d062f..eedaab66fe 100644
--- a/config/alfresco/subsystems/Authentication/passthru/ntlm-filter-context.xml
+++ b/config/alfresco/subsystems/Authentication/passthru/ntlm-filter-context.xml
@@ -12,6 +12,9 @@
       <property name="active">
          <value>${ntlm.authentication.sso.enabled}</value>
       </property>
+      <property name="ticketLogons">
+         <value>${ntlm.authentication.browser.ticketLogons}</value>
+      </property>
       <property name="serverConfiguration">
          <ref bean="fileServerConfiguration" />
       </property>
@@ -66,6 +69,9 @@
       <property name="active">
          <value>${ntlm.authentication.sso.enabled}</value>
       </property>
+      <property name="ticketLogons">
+         <value>true</value>
+      </property>
       <property name="serverConfiguration">
          <ref bean="fileServerConfiguration" />
       </property>
@@ -93,6 +99,9 @@
       <property name="active">
          <value>${ntlm.authentication.sso.enabled}</value>
       </property>
+      <property name="serverConfiguration">
+         <ref bean="fileServerConfiguration" />
+      </property>
       <property name="authenticationService">
          <ref bean="AuthenticationService" />
       </property>
@@ -108,6 +117,9 @@
       <property name="transactionService">
          <ref bean="TransactionService" />
       </property>
+      <property name="mapUnknownUserToGuest">
+         <value>${ntlm.authentication.mapUnknownUserToGuest}</value>
+      </property>
    </bean>
 
 </beans>
\ No newline at end of file
diff --git a/config/alfresco/subsystems/Authentication/passthru/ntlm-filter.properties b/config/alfresco/subsystems/Authentication/passthru/ntlm-filter.properties
index a2669477f1..acac9ffce5 100644
--- a/config/alfresco/subsystems/Authentication/passthru/ntlm-filter.properties
+++ b/config/alfresco/subsystems/Authentication/passthru/ntlm-filter.properties
@@ -1,2 +1,3 @@
 ntlm.authentication.sso.enabled=true
-ntlm.authentication.mapUnknownUserToGuest=false
\ No newline at end of file
+ntlm.authentication.mapUnknownUserToGuest=false
+ntlm.authentication.browser.ticketLogons=true
\ No newline at end of file
diff --git a/config/alfresco/web-client-application-context.xml b/config/alfresco/web-client-application-context.xml
index d9a9ce61ea..c82ef70454 100644
--- a/config/alfresco/web-client-application-context.xml
+++ b/config/alfresco/web-client-application-context.xml
@@ -284,7 +284,7 @@
       </property>
       <property name="interfaces">
          <list>
-            <value>org.alfresco.web.sharepoint.auth.AuthenticationHandler</value>
+            <value>org.alfresco.repo.webdav.auth.AuthenticationDriver</value>
          </list>
       </property>
       <property name="sourceBeanName">
diff --git a/source/java/org/alfresco/web/app/servlet/KerberosAuthenticationFilter.java b/source/java/org/alfresco/web/app/servlet/KerberosAuthenticationFilter.java
index 9413685e52..151b6446a8 100644
--- a/source/java/org/alfresco/web/app/servlet/KerberosAuthenticationFilter.java
+++ b/source/java/org/alfresco/web/app/servlet/KerberosAuthenticationFilter.java
@@ -111,10 +111,10 @@ public class KerberosAuthenticationFilter extends BaseKerberosAuthenticationFilt
     }
     
     /* (non-Javadoc)
-     * @see org.alfresco.repo.webdav.auth.BaseNTLMAuthenticationFilter#onValidateFailed(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, javax.servlet.http.HttpSession)
+     * @see org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter#onValidateFailed(javax.servlet.ServletContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, javax.servlet.http.HttpSession)
      */
     @Override
-    protected void onValidateFailed(HttpServletRequest req, HttpServletResponse res, HttpSession session)
+    protected void onValidateFailed(ServletContext sc, HttpServletRequest req, HttpServletResponse res, HttpSession session)
         throws IOException
     {
         // Redirect to the login page if user validation fails
diff --git a/source/java/org/alfresco/web/app/servlet/NTLMAuthenticationFilter.java b/source/java/org/alfresco/web/app/servlet/NTLMAuthenticationFilter.java
index 34d72cc0b3..b6f77c355c 100644
--- a/source/java/org/alfresco/web/app/servlet/NTLMAuthenticationFilter.java
+++ b/source/java/org/alfresco/web/app/servlet/NTLMAuthenticationFilter.java
@@ -105,10 +105,10 @@ public class NTLMAuthenticationFilter extends BaseNTLMAuthenticationFilter
     }
     
     /* (non-Javadoc)
-     * @see org.alfresco.repo.webdav.auth.BaseNTLMAuthenticationFilter#onValidateFailed(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, javax.servlet.http.HttpSession)
+     * @see org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter#onValidateFailed(javax.servlet.ServletContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, javax.servlet.http.HttpSession)
      */
     @Override
-    protected void onValidateFailed(HttpServletRequest req, HttpServletResponse res, HttpSession session)
+    protected void onValidateFailed(ServletContext sc, HttpServletRequest req, HttpServletResponse res, HttpSession session)
         throws IOException
     {
         // Redirect to the login page if user validation fails
diff --git a/source/java/org/alfresco/web/sharepoint/auth/AbstractAuthenticationHandler.java b/source/java/org/alfresco/web/sharepoint/auth/AbstractAuthenticationHandler.java
index dac32838e4..8cf4d92d7c 100644
--- a/source/java/org/alfresco/web/sharepoint/auth/AbstractAuthenticationHandler.java
+++ b/source/java/org/alfresco/web/sharepoint/auth/AbstractAuthenticationHandler.java
@@ -18,9 +18,12 @@
  */
 package org.alfresco.web.sharepoint.auth;
 
+import javax.servlet.ServletContext;
+import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.alfresco.repo.management.subsystems.ActivateableBean;
+import org.alfresco.repo.webdav.auth.AuthenticationDriver;
 import org.alfresco.service.cmr.security.AuthenticationService;
 import org.alfresco.service.cmr.security.PersonService;
 import org.apache.commons.logging.Log;
@@ -32,8 +35,10 @@ import org.apache.commons.logging.LogFactory;
  * @author PavelYur
  *
  */
-public abstract class AbstractAuthenticationHandler implements AuthenticationHandler, ActivateableBean
+public abstract class AbstractAuthenticationHandler implements AuthenticationDriver, ActivateableBean
 {
+    private final static String HEADER_WWW_AUTHENTICATE = "WWW-Authenticate";
+
     protected Log logger = LogFactory.getLog(getClass());
     protected AuthenticationService authenticationService;
     protected PersonService personService;
@@ -67,7 +72,11 @@ public abstract class AbstractAuthenticationHandler implements AuthenticationHan
      */
     public abstract String getWWWAuthenticate();
 
-    public void forceClientToPromptLogonDetails(HttpServletResponse response)
+    
+    /* (non-Javadoc)
+     * @see org.alfresco.repo.webdav.auth.SharepointAuthenticationHandler#restartLoginChallenge(javax.servlet.ServletContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+     */
+    public void restartLoginChallenge(ServletContext context, HttpServletRequest request, HttpServletResponse response)
     {
         if (logger.isDebugEnabled())
             logger.debug("Force the client to prompt for logon details");
diff --git a/source/java/org/alfresco/web/sharepoint/auth/AuthenticationHandler.java b/source/java/org/alfresco/web/sharepoint/auth/AuthenticationHandler.java
deleted file mode 100644
index 704fd4b372..0000000000
--- a/source/java/org/alfresco/web/sharepoint/auth/AuthenticationHandler.java
+++ /dev/null
@@ -1,67 +0,0 @@
-/*
- * Copyright (C) 2005-2010 Alfresco Software Limited.
- *
- * This file is part of Alfresco
- *
- * Alfresco is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * Alfresco is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
- */
-package org.alfresco.web.sharepoint.auth;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.alfresco.repo.SessionUser;
-
-/**
- * Sharepoint authentication plugin API
- * 
- * @author PavelYur
- */
-public interface AuthenticationHandler
-{
-    public final static String HEADER_AUTHORIZATION = "Authorization";
-
-    public final static String HEADER_WWW_AUTHENTICATE = "WWW-Authenticate";
-
-    public final static String NTLM_START = "NTLM";
-
-    public final static String BASIC_START = "BASIC";
-
-    public final static String USER_SESSION_ATTRIBUTE = "_vtiAuthTicket";
-
-    /**
-     * Authenticate user based on information in http request such as Authorization header or else.
-     * 
-     * @param request
-     *            http request
-     * @param response
-     *            http response
-     * @param alfrescoContext
-     *            deployment context of alfresco application
-     * @param mapper
-     *            an object capable of determining which users are site members
-     * @return SessionUser information about currently loged in user or null.
-     */
-    public SessionUser authenticateRequest(HttpServletRequest request, HttpServletResponse response,
-            SiteMemberMapper mapper, String alfrescoContext);
-
-    /**
-     * Send to user response with http status 401
-     * 
-     * @param response
-     *            http response
-     */
-    public void forceClientToPromptLogonDetails(HttpServletResponse response);
-
-}
\ No newline at end of file
diff --git a/source/java/org/alfresco/web/sharepoint/auth/BasicAuthenticationHandler.java b/source/java/org/alfresco/web/sharepoint/auth/BasicAuthenticationHandler.java
index 102fe07ad6..03d175792f 100644
--- a/source/java/org/alfresco/web/sharepoint/auth/BasicAuthenticationHandler.java
+++ b/source/java/org/alfresco/web/sharepoint/auth/BasicAuthenticationHandler.java
@@ -18,12 +18,17 @@
  */
 package org.alfresco.web.sharepoint.auth;
 
+import java.io.IOException;
+
+import javax.servlet.ServletContext;
+import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
 import org.alfresco.repo.SessionUser;
 import org.alfresco.repo.security.authentication.AuthenticationException;
+import org.alfresco.repo.webdav.auth.SharepointConstants;
 import org.alfresco.web.bean.repository.User;
 import org.apache.commons.codec.binary.Base64;
 
@@ -33,19 +38,20 @@ import org.apache.commons.codec.binary.Base64;
  * @author PavelYur
  *
  */
-public class BasicAuthenticationHandler extends AbstractAuthenticationHandler
+public class BasicAuthenticationHandler extends AbstractAuthenticationHandler implements SharepointConstants
 {
+    private final static String HEADER_AUTHORIZATION = "Authorization";
+
+    private final static String BASIC_START = "BASIC";
+
+    
     /* (non-Javadoc)
-     * @see org.alfresco.web.vti.auth.AuthenticationHandler#authenticateRequest(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, org.alfresco.web.vti.auth.SiteMemberMapper, java.lang.String)
+     * @see org.alfresco.repo.webdav.auth.SharepointAuthenticationHandler#authenticateRequest(javax.servlet.ServletContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
      */
-    public SessionUser authenticateRequest(HttpServletRequest request, HttpServletResponse response,
-            SiteMemberMapper mapper, String alfrescoContext)
+    public boolean authenticateRequest(ServletContext context, HttpServletRequest request, HttpServletResponse response)
+            throws IOException, ServletException
     {
-        SessionUser user = null;
-        
         String authHdr = request.getHeader(HEADER_AUTHORIZATION);
-        HttpSession session = request.getSession();
-        
         if (authHdr != null && authHdr.length() > 5 && authHdr.substring(0, 5).equalsIgnoreCase(BASIC_START))
         {
             String basicAuth = new String(Base64.decodeBase64(authHdr.substring(5).getBytes()));
@@ -76,21 +82,42 @@ public class BasicAuthenticationHandler extends AbstractAuthenticationHandler
                 
                 if (logger.isDebugEnabled())
                     logger.debug("Authenticated user '" + username + "'");
-
-                if (mapper.isSiteMember(request, alfrescoContext, username))
-                {
-                    user = new User(username, authenticationService.getCurrentTicket(), personService.getPerson(username));
-                    if (session != null)
-                        session.setAttribute(USER_SESSION_ATTRIBUTE, user);
-                }
+                
+                request.getSession().setAttribute(USER_SESSION_ATTRIBUTE, new User(username, authenticationService.getCurrentTicket(), personService.getPerson(username)));                
+                
+                return true;
             }
             catch (AuthenticationException ex)
             {
                 // Do nothing, user object will be null
             }
         }
+        else
+        {
+            HttpSession session = request.getSession(false);
+            if (session == null)
+            {
+                return false;
+            }
 
-        return user;
+            SessionUser user = (SessionUser) session
+                    .getAttribute(USER_SESSION_ATTRIBUTE);
+            if (user == null)
+            {
+                return false;
+            }
+            try
+            {
+                authenticationService.validate(user.getTicket());
+                return true;
+            }
+            catch (AuthenticationException ex)
+            {
+                session.invalidate();
+            }                        
+        }
+
+        return false;
     }
 
     
diff --git a/source/java/org/alfresco/web/sharepoint/auth/SiteMemberMapper.java b/source/java/org/alfresco/web/sharepoint/auth/SiteMemberMapper.java
deleted file mode 100644
index 707904de56..0000000000
--- a/source/java/org/alfresco/web/sharepoint/auth/SiteMemberMapper.java
+++ /dev/null
@@ -1,46 +0,0 @@
-/*
- * Copyright (C) 2005-2010 Alfresco Software Limited.
- *
- * This file is part of Alfresco
- *
- * Alfresco is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * Alfresco is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
- */
-package org.alfresco.web.sharepoint.auth;
-
-import javax.servlet.http.HttpServletRequest;
-
-/**
- * An object capable of answering whether a particular user is a member of the site indicated by the request URL.
- * 
- * @author dward
- */
-public interface SiteMemberMapper
-{
-
-    /**
-     * Determines whether a particular user is a member of the site indicated by the request URI.
-     * 
-     * @param request
-     *            the request
-     * @param alfrescoContext
-     *            the context path to strip from the request URI
-     * @param userName
-     *            the user name
-     * @return <code>true</code> if the user is a member
-     * @throws SiteMemberMappingException
-     *             on error
-     */
-    boolean isSiteMember(HttpServletRequest request, String alfrescoContext, String userName)
-            throws SiteMemberMappingException;
-}
diff --git a/source/java/org/alfresco/web/sharepoint/auth/SiteMemberMappingException.java b/source/java/org/alfresco/web/sharepoint/auth/SiteMemberMappingException.java
deleted file mode 100644
index dd8f917e53..0000000000
--- a/source/java/org/alfresco/web/sharepoint/auth/SiteMemberMappingException.java
+++ /dev/null
@@ -1,85 +0,0 @@
-/*
- * Copyright (C) 2005-2010 Alfresco Software Limited.
- *
- * This file is part of Alfresco
- *
- * Alfresco is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Lesser General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * Alfresco is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public License
- * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
- */
-package org.alfresco.web.sharepoint.auth;
-
-import org.alfresco.error.AlfrescoRuntimeException;
-
-/**
- * An exception thrown by a {@link SiteMemberMapper}.
- * 
- * @author dward
- */
-public class SiteMemberMappingException extends AlfrescoRuntimeException
-{
-    
-    private static final long serialVersionUID = -7235067946629381543L;
-
-    /**
-     * Constructs a <code>SiteMemberMappingException</code>.
-     * 
-     * @param msgId
-     *            the message id
-     */
-    public SiteMemberMappingException(String msgId)
-    {
-        super(msgId);
-    }
-
-    /**
-     * Constructs a <code>SiteMemberMappingException</code>.
-     * 
-     * @param msgId
-     *            the message id
-     * @param msgParams
-     *            the message parameters
-     */
-    public SiteMemberMappingException(String msgId, Object[] msgParams)
-    {
-        super(msgId, msgParams);
-    }
-
-    /**
-     * Constructs a <code>SiteMemberMappingException</code>.
-     * 
-     * @param msgId
-     *            the message id
-     * @param cause
-     *            the cause
-     */
-    public SiteMemberMappingException(String msgId, Throwable cause)
-    {
-        super(msgId, cause);
-    }
-
-    /**
-     * Constructs a <code>SiteMemberMappingException</code>.
-     * 
-     * @param msgId
-     *            the message id
-     * @param msgParams
-     *            the message parameters
-     * @param cause
-     *            the cause
-     */
-    public SiteMemberMappingException(String msgId, Object[] msgParams, Throwable cause)
-    {
-        super(msgId, msgParams, cause);
-    }
-
-}
diff --git a/source/java/org/alfresco/web/sharepoint/auth/kerberos/KerberosAuthenticationHandler.java b/source/java/org/alfresco/web/sharepoint/auth/kerberos/KerberosAuthenticationHandler.java
new file mode 100644
index 0000000000..cc5015c585
--- /dev/null
+++ b/source/java/org/alfresco/web/sharepoint/auth/kerberos/KerberosAuthenticationHandler.java
@@ -0,0 +1,84 @@
+/*
+ * Copyright (C) 2005-2010 Alfresco Software Limited.
+ *
+ * This file is part of Alfresco
+ *
+ * Alfresco is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Lesser General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * Alfresco is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with Alfresco. If not, see <http://www.gnu.org/licenses/>.
+ */
+package org.alfresco.web.sharepoint.auth.kerberos;
+
+import java.io.IOException;
+
+import javax.servlet.ServletContext;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.alfresco.repo.SessionUser;
+import org.alfresco.repo.webdav.auth.BaseKerberosAuthenticationFilter;
+import org.alfresco.repo.webdav.auth.SharepointConstants;
+import org.alfresco.service.cmr.repository.NodeRef;
+import org.alfresco.web.bean.repository.User;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
+
+/**
+ * <p>
+ * Kerberos SSO web authentication implementation.
+ * </p>
+ */
+public class KerberosAuthenticationHandler extends BaseKerberosAuthenticationFilter
+{
+    // Debug logging
+    private static Log logger = LogFactory.getLog(KerberosAuthenticationHandler.class);
+
+    @Override
+    protected void init() throws ServletException
+    {
+        setUserAttributeName(SharepointConstants.USER_SESSION_ATTRIBUTE);
+        super.init();
+    }
+    
+    /* (non-Javadoc)
+     * @see org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter#onValidateFailed(javax.servlet.ServletContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, javax.servlet.http.HttpSession)
+     */
+    @Override
+    protected void onValidateFailed(ServletContext sc, HttpServletRequest req, HttpServletResponse res, HttpSession session)
+        throws IOException
+    {
+        // Restart the login challenge process if validation fails
+        
+        restartLoginChallenge(sc, req, res);
+    }    
+
+    /* (non-Javadoc)
+     * @see org.alfresco.repo.webdav.auth.BaseAuthenticationFilter#createUserObject(java.lang.String, java.lang.String, org.alfresco.service.cmr.repository.NodeRef, org.alfresco.service.cmr.repository.NodeRef)
+     */
+    @Override
+    protected SessionUser createUserObject(String userName, String ticket, NodeRef personNode, NodeRef homeSpaceRef)
+    {
+        // Create a web client user object
+        User user = new User( userName, ticket, personNode);
+        user.setHomeSpaceId( homeSpaceRef.getId());
+        
+        return user;
+    }
+    
+    @Override
+    protected Log getLogger()
+    {
+        return logger;
+    }
+}
\ No newline at end of file
diff --git a/source/java/org/alfresco/web/sharepoint/auth/ntlm/NtlmAuthenticationHandler.java b/source/java/org/alfresco/web/sharepoint/auth/ntlm/NtlmAuthenticationHandler.java
index 8636cc8a77..72a3c759d8 100644
--- a/source/java/org/alfresco/web/sharepoint/auth/ntlm/NtlmAuthenticationHandler.java
+++ b/source/java/org/alfresco/web/sharepoint/auth/ntlm/NtlmAuthenticationHandler.java
@@ -19,845 +19,66 @@
 package org.alfresco.web.sharepoint.auth.ntlm;
 
 import java.io.IOException;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
-import java.util.Random;
 
+import javax.servlet.ServletContext;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
-import javax.transaction.UserTransaction;
 
-import net.sf.acegisecurity.BadCredentialsException;
-
-import org.alfresco.jlan.server.auth.PasswordEncryptor;
-import org.alfresco.jlan.server.auth.ntlm.NTLM;
-import org.alfresco.jlan.server.auth.ntlm.NTLMLogonDetails;
-import org.alfresco.jlan.server.auth.ntlm.NTLMMessage;
-import org.alfresco.jlan.server.auth.ntlm.NTLMv2Blob;
-import org.alfresco.jlan.server.auth.ntlm.TargetInfo;
-import org.alfresco.jlan.server.auth.ntlm.Type1NTLMMessage;
-import org.alfresco.jlan.server.auth.ntlm.Type2NTLMMessage;
-import org.alfresco.jlan.server.auth.ntlm.Type3NTLMMessage;
-import org.alfresco.jlan.util.DataPacker;
-import org.alfresco.model.ContentModel;
 import org.alfresco.repo.SessionUser;
-import org.alfresco.repo.security.authentication.AuthenticationException;
-import org.alfresco.repo.security.authentication.AuthenticationUtil;
-import org.alfresco.repo.security.authentication.MD4PasswordEncoder;
-import org.alfresco.repo.security.authentication.MD4PasswordEncoderImpl;
-import org.alfresco.repo.security.authentication.NTLMMode;
-import org.alfresco.repo.security.authentication.AuthenticationUtil.RunAsWork;
-import org.alfresco.repo.security.authentication.ntlm.NLTMAuthenticator;
-import org.alfresco.repo.security.authentication.ntlm.NTLMPassthruToken;
+import org.alfresco.repo.webdav.auth.BaseNTLMAuthenticationFilter;
+import org.alfresco.repo.webdav.auth.SharepointConstants;
 import org.alfresco.service.cmr.repository.NodeRef;
-import org.alfresco.service.cmr.repository.NodeService;
-import org.alfresco.service.transaction.TransactionService;
 import org.alfresco.web.bean.repository.User;
-import org.alfresco.web.sharepoint.auth.AbstractAuthenticationHandler;
-import org.alfresco.web.sharepoint.auth.SiteMemberMapper;
-import org.alfresco.web.sharepoint.auth.SiteMemberMappingException;
-import org.apache.commons.codec.binary.Base64;
-import org.springframework.beans.factory.InitializingBean;
+import org.apache.commons.logging.Log;
+import org.apache.commons.logging.LogFactory;
 
 /**
  * <p>
  * NTLM SSO web authentication implementation.
  * </p>
  */
-public class NtlmAuthenticationHandler extends AbstractAuthenticationHandler implements InitializingBean
+public class NtlmAuthenticationHandler extends BaseNTLMAuthenticationFilter
 {
-    // NTLM authentication session object names
-    private static final String NTLM_AUTH_DETAILS = "_alfNTLMDetails";
-
-    private MD4PasswordEncoder md4Encoder = new MD4PasswordEncoderImpl();
-    private PasswordEncryptor encryptor = new PasswordEncryptor();
-    private Random random = new Random(System.currentTimeMillis());
-
-    private NLTMAuthenticator authenticationComponent;
-    private TransactionService transactionService;
-    private NodeService nodeService;
-   
-    // NTLM flags mask for use with an authentication component that supports MD4 hashed password
-    // Enable NTLMv1 and NTLMv2
-    private static final int NTLM_FLAGS_NTLM2 = NTLM.Flag56Bit +
-                                         NTLM.Flag128Bit +
-                                         NTLM.FlagLanManKey +
-                                         NTLM.FlagNegotiateNTLM +
-                                         NTLM.FlagNTLM2Key +
-                                         NTLM.FlagNegotiateUnicode;
-    
-    // NTLM flags mask for use with an authentication component that uses passthru auth
-    // Enable NTLMv1 only
-    private static final int NTLM_FLAGS_NTLM1 = NTLM.Flag56Bit +
-                                                NTLM.FlagLanManKey +
-                                                NTLM.FlagNegotiateNTLM +
-                                                NTLM.FlagNegotiateOEM +
-                                                NTLM.FlagNegotiateUnicode;
-   
-    private int ntlmFlags;
-    
-    public void setAuthenticationComponent(NLTMAuthenticator authenticationComponent)
-    {
-        this.authenticationComponent = authenticationComponent;
-    }
-
-    public void setTransactionService(TransactionService transactionService)
-    {
-        this.transactionService = transactionService;
-    }
-
-    public void setNodeService(NodeService nodeService)
-    {
-        this.nodeService = nodeService;
-    }
-
-    public void afterPropertiesSet() throws Exception
-    {
-        if (authenticationComponent.getNTLMMode() == NTLMMode.MD4_PROVIDER)
-        {
-            ntlmFlags = NTLM_FLAGS_NTLM2;
-        }        
-        else
-        {
-            ntlmFlags = NTLM_FLAGS_NTLM1;
-        }
-    }
-
-    public SessionUser authenticateRequest(HttpServletRequest request, HttpServletResponse response,
-            SiteMemberMapper mapper, String alfrescoContext)
-    {
-        if (logger.isDebugEnabled())
-        {
-            logger.debug("Start NTLM authentication for request: " + request.getRequestURI());
-        }
-
-        HttpSession session = request.getSession();
-        SessionUser user = (SessionUser) session.getAttribute(USER_SESSION_ATTRIBUTE);
-
-        String authHdr = request.getHeader(HEADER_AUTHORIZATION);
-
-        boolean needToAuthenticate = false;
-
-        if (authHdr != null && authHdr.startsWith(NTLM_START))
-        {
-            needToAuthenticate = true;
-        }
-
-        if (user != null && needToAuthenticate == false)
-        {
-            try
-            {
-                authenticationService.validate(user.getTicket());
-                needToAuthenticate = false;
-            }
-            catch (AuthenticationException e)
-            {
-                session.removeAttribute(USER_SESSION_ATTRIBUTE);
-                needToAuthenticate = true;
-            }
-        }
-
-        if (needToAuthenticate == false && user != null)
-        {
-            if (logger.isDebugEnabled())
-            {
-                logger.debug("NTLM header wasn't present. Authenticated by user from session. Username: "
-                        + user.getUserName());
-            }
-            return user;
-        }
-
-        if (authHdr == null)
-        {
-            if (logger.isDebugEnabled())
-            {
-                logger.debug("NTLM header wasn't present. No user was found in session. Return 401 status.");
-            }
-            removeNtlmLogonDetailsFromSession(request);
-            forceClientToPromptLogonDetails(response);
-            return null;
-        }
-        else
-        {
-            if (logger.isDebugEnabled())
-            {
-                logger.debug("NTLM header present in request.");
-            }
-            // Decode the received NTLM blob and validate
-            final byte[] ntlmByts = Base64.decodeBase64(authHdr.substring(5).getBytes());
-            int ntlmTyp = NTLMMessage.isNTLMType(ntlmByts);
-            if (ntlmTyp == NTLM.Type1)
-            {
-                Type1NTLMMessage type1Msg = new Type1NTLMMessage(ntlmByts);
-                try
-                {
-                    if (logger.isDebugEnabled())
-                    {
-                        logger.debug("Start process type 1 message.");
-                    }
-                    processType1(type1Msg, request, response, session);
-                    user = null;
-                    if (logger.isDebugEnabled())
-                    {
-                        logger.debug("Finish process type 1 message.");
-                    }
-                }
-                catch (Exception e)
-                {
-                    if (logger.isDebugEnabled())
-                    {
-                        logger.debug("Process type 1 message fail with error: " + e.getMessage());
-                    }
-                    session.removeAttribute(USER_SESSION_ATTRIBUTE);
-                    removeNtlmLogonDetailsFromSession(request);
-                    return null;
-                }
-
-            }
-            else if (ntlmTyp == NTLM.Type3)
-            {
-                Type3NTLMMessage type3Msg = new Type3NTLMMessage(ntlmByts);
-
-                try
-                {
-                    if (logger.isDebugEnabled())
-                    {
-                        logger.debug("Start process message type 3.");
-                    }
-                    user = processType3(type3Msg, mapper, request, response, session, alfrescoContext);
-                    if (logger.isDebugEnabled())
-                    {
-                        logger.debug("Finish process message type 3.");
-                    }
-                }
-                catch (SiteMemberMappingException e)
-                {
-                    throw e;
-                }
-                catch (Exception e)
-                {
-                    if (user != null)
-                    {
-                        try
-                        {
-                            authenticationService.validate(user.getTicket());
-                            return user;
-                        }
-                        catch (AuthenticationException ae)
-                        {
-                        }
-                    }
-                    if (logger.isDebugEnabled())
-                    {
-                        logger.debug("Process message type 3 fail with message: " + e.getMessage());
-                    }
-                    session.removeAttribute(USER_SESSION_ATTRIBUTE);
-                    removeNtlmLogonDetailsFromSession(request);
-                    return null;
-                }
-            }
-
-            return user;
-        }
-    }       
+    // Debug logging
+    private static Log logger = LogFactory.getLog(NtlmAuthenticationHandler.class);
 
     @Override
-    public String getWWWAuthenticate()
+    protected void init() throws ServletException
     {
-        return NTLM_START;
+        setUserAttributeName(SharepointConstants.USER_SESSION_ATTRIBUTE);
+        super.init();
     }
-
-    private void processType1(Type1NTLMMessage type1Msg, HttpServletRequest request, HttpServletResponse response,
-            HttpSession session) throws IOException
+    
+    /* (non-Javadoc)
+     * @see org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter#onValidateFailed(javax.servlet.ServletContext, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, javax.servlet.http.HttpSession)
+     */
+    @Override
+    protected void onValidateFailed(ServletContext sc, HttpServletRequest req, HttpServletResponse res, HttpSession session)
+        throws IOException
     {
-        removeNtlmLogonDetailsFromSession(request);
-
-        NTLMLogonDetails ntlmDetails = new NTLMLogonDetails();
-
-        // Set the 8 byte challenge for the new logon request
-        byte[] challenge = null;
-
-        // Generate a random 8 byte challenge
-        NTLMPassthruToken authToken = null;
+        // Restart the login challenge process if validation fails
         
-        if (authenticationComponent.getNTLMMode() == NTLMMode.MD4_PROVIDER)
-        {
-            challenge = new byte[8];
-            DataPacker.putIntelLong(random.nextLong(), challenge, 0);
-        }
-        else
-        {
-            // Get the client domain
-            String domain = type1Msg.getDomain();
-            
-            // Create an authentication token for the new logon
-            authToken = new NTLMPassthruToken(domain);
-            
-            // Run the first stage of the passthru authentication to get the challenge
-            authenticationComponent.authenticate(authToken);
-            
-            // Get the challenge from the token
-            if (authToken.getChallenge() != null)
-            {
-                challenge = authToken.getChallenge().getBytes();
-            }
-        }
+        restartLoginChallenge(sc, req, res);
+    }    
 
-        // Get the flags from the client request and mask out unsupported features
-        int flags = type1Msg.getFlags() & ntlmFlags;
-
-        // Build a type2 message to send back to the client, containing the challenge
-        List<TargetInfo> tList = new ArrayList<TargetInfo>();
-        String srvName = getServerName();
-        tList.add(new TargetInfo(NTLM.TargetServer, srvName));
-
-        Type2NTLMMessage type2Msg = new Type2NTLMMessage();
-        type2Msg.buildType2(flags, srvName, challenge, null, tList);
-
-        // Store the NTLM logon details, cache the type2 message, and token if using passthru
-        ntlmDetails.setType2Message(type2Msg);
-        ntlmDetails.setAuthenticationToken(authToken);
-
-        putNtlmLogonDetailsToSession(request, ntlmDetails);
-
-        // Send back a request for NTLM authentication
-        byte[] type2Bytes = type2Msg.getBytes();
-        String ntlmBlob = "NTLM " + new String(Base64.encodeBase64(type2Bytes));
-
-        response.setHeader(HEADER_WWW_AUTHENTICATE, ntlmBlob);
-        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
-        response.flushBuffer();
-        response.getOutputStream().close();
-
-    }
-
-    private SessionUser processType3(Type3NTLMMessage type3Msg, SiteMemberMapper callback, HttpServletRequest request,
-            HttpServletResponse response, HttpSession session, String alfrescoContext) throws IOException,
-            ServletException
+    /* (non-Javadoc)
+     * @see org.alfresco.repo.webdav.auth.BaseAuthenticationFilter#createUserObject(java.lang.String, java.lang.String, org.alfresco.service.cmr.repository.NodeRef, org.alfresco.service.cmr.repository.NodeRef)
+     */
+    @Override
+    protected SessionUser createUserObject(String userName, String ticket, NodeRef personNode, NodeRef homeSpaceRef)
     {
-
-        // Get the existing NTLM details
-        NTLMLogonDetails ntlmDetails = null;
-        SessionUser user = null;
-
-        if (session != null)
-        {
-            ntlmDetails = getNtlmLogonDetailsFromSession(request);
-            user = (SessionUser) session.getAttribute(USER_SESSION_ATTRIBUTE);
-        }
-
-        // Get the NTLM logon details
-        String userName = type3Msg.getUserName();
-        String workstation = type3Msg.getWorkstation();
-        String domain = type3Msg.getDomain();
-
-        boolean authenticated = false;
-
-        if (authenticationComponent.getNTLMMode() == NTLMMode.MD4_PROVIDER)
-        {
-            // Get the stored MD4 hashed password for the user, or null if the user does not exist
-            String md4hash = getMD4Hash(userName);
-
-            if (md4hash != null)
-            {
-                authenticated = validateLocalHashedPassword(type3Msg, ntlmDetails, authenticated, md4hash);
-            }
-            else
-            {
-                authenticated = false;
-            }
-        }
-        else        
-        {            
-            //  Determine if the client sent us NTLMv1 or NTLMv2
-            if (type3Msg.hasFlag(NTLM.Flag128Bit) && type3Msg.hasFlag(NTLM.FlagNTLM2Key) ||
-                (type3Msg.getNTLMHash() != null && type3Msg.getNTLMHash().length > 24))
-            {
-                // Cannot accept NTLMv2 if we are using passthru auth
-                if (logger.isErrorEnabled())
-                    logger.error("Client " + workstation + " using NTLMv2 logon, not valid with passthru authentication");
-            }
-            else
-            {
-                // Passthru mode, send the hashed password details to the passthru authentication server
-                NTLMPassthruToken authToken = (NTLMPassthruToken) ntlmDetails.getAuthenticationToken();
-                authToken.setUserAndPassword(type3Msg.getUserName(), type3Msg.getNTLMHash(), PasswordEncryptor.NTLM1);
-                
-                try
-                {
-                    // Run the second stage of the passthru authentication
-                    authenticationComponent.authenticate(authToken);
-                    authenticated = true;                
-                    
-                    // Set the authentication context
-                    authenticationComponent.setCurrentUser(userName);
-                }
-                catch (BadCredentialsException ex)
-                {
-                    if (logger.isDebugEnabled())
-                        logger.debug("Authentication failed, " + ex.getMessage());
-                }
-                catch (AuthenticationException ex)
-                {
-                    if (logger.isDebugEnabled())
-                        logger.debug("Authentication failed, " + ex.getMessage());
-                }
-                finally
-                {
-                    // Clear the authentication token from the NTLM details
-                    ntlmDetails.setAuthenticationToken(null);
-                }
-            }
-        }
-
-        // Check if the user has been authenticated, if so then setup the user environment
-        if (authenticated == true && callback.isSiteMember(request, alfrescoContext, userName))
-        {
-            String uri = request.getRequestURI();
-
-            if (request.getMethod().equals("POST") && !uri.endsWith(".asmx"))
-            {
-                response.setHeader("Connection", "Close");
-                response.setContentType("application/x-vermeer-rpc");
-            }
-
-            if (user == null)
-            {
-                user = createUserEnvironment(session, userName);
-                session.setAttribute(USER_SESSION_ATTRIBUTE, user);
-            }
-            else
-            {
-                // user already exists - revalidate ticket to authenticate the current user thread
-                try
-                {
-                    authenticationService.validate(user.getTicket());
-                }
-                catch (AuthenticationException ex)
-                {
-                    session.removeAttribute(USER_SESSION_ATTRIBUTE);
-                    removeNtlmLogonDetailsFromSession(request);
-                    return null;
-                }
-            }
-
-            // Update the NTLM logon details in the session
-            String srvName = getServerName();
-            if (ntlmDetails == null)
-            {
-                // No cached NTLM details
-                ntlmDetails = new NTLMLogonDetails(userName, workstation, domain, false, srvName);
-                putNtlmLogonDetailsToSession(request, ntlmDetails);
-            }
-            else
-            {
-                // Update the cached NTLM details
-                ntlmDetails.setDetails(userName, workstation, domain, false, srvName);
-                putNtlmLogonDetailsToSession(request, ntlmDetails);
-            }
-        }
-        else
-        {
-            removeNtlmLogonDetailsFromSession(request);
-            session.removeAttribute(USER_SESSION_ATTRIBUTE);
-            return null;
-        }
+        // Create a web client user object
+        User user = new User( userName, ticket, personNode);
+        user.setHomeSpaceId( homeSpaceRef.getId());
+        
         return user;
     }
-
-    /*
-     * returns server name
-     */
-    private String getServerName()
-    {
-        return "Alfresco Server";
-    }
-
-    /*
-     * Create the SessionUser object that represent currently authenticated user.
-     */
-    private SessionUser createUserEnvironment(HttpSession session, final String userName) throws IOException,
-            ServletException
-    {
-        SessionUser user = null;
-
-        UserTransaction tx = transactionService.getUserTransaction();
-
-        try
-        {
-            tx.begin();
-
-            RunAsWork<NodeRef> getUserNodeRefRunAsWork = new RunAsWork<NodeRef>()
-            {
-                public NodeRef doWork() throws Exception
-                {
-
-                    return personService.getPerson(userName);
-                }
-            };
-
-            NodeRef personNodeRef = AuthenticationUtil.runAs(getUserNodeRefRunAsWork,
-                    AuthenticationUtil.SYSTEM_USER_NAME);
-
-            // Use the system user context to do the user lookup
-            RunAsWork<String> getUserNameRunAsWork = new RunAsWork<String>()
-            {
-                public String doWork() throws Exception
-                {
-                    final NodeRef personNodeRef = personService.getPerson(userName);
-                    return (String) nodeService.getProperty(personNodeRef, ContentModel.PROP_USERNAME);
-                }
-            };
-            String username = AuthenticationUtil.runAs(getUserNameRunAsWork, AuthenticationUtil.SYSTEM_USER_NAME);
-
-            authenticationComponent.setCurrentUser(userName);
-            String currentTicket = authenticationService.getCurrentTicket();
-
-            // Create the user object to be stored in the session
-            user = new User(username, currentTicket, personNodeRef);
-
-            tx.commit();
-        }
-        catch (Throwable ex)
-        {
-            try
-            {
-                tx.rollback();
-            }
-            catch (Exception err)
-            {
-                logger.error("Failed to rollback transaction", err);
-            }
-            if (ex instanceof RuntimeException)
-            {
-                throw (RuntimeException) ex;
-            }
-            else if (ex instanceof IOException)
-            {
-                throw (IOException) ex;
-            }
-            else if (ex instanceof ServletException)
-            {
-                throw (ServletException) ex;
-            }
-            else
-            {
-                throw new RuntimeException("Authentication setup failed", ex);
-            }
-        }
-
-        // Store the user on the session
-        session.setAttribute(USER_SESSION_ATTRIBUTE, user);
-
-        return user;
-    }
-
-    /*
-     * returns the hash of password
-     */
-    protected String getMD4Hash(String userName)
-    {
-        String md4hash = null;
-
-        // Wrap the auth component calls in a transaction
-        UserTransaction tx = transactionService.getUserTransaction();
-        try
-        {
-            tx.begin();
-
-            // Get the stored MD4 hashed password for the user, or null if the user does not exist
-            md4hash = authenticationComponent.getMD4HashedPassword(userName);
-
-            tx.commit();
-        }
-        catch (Throwable ex)
-        {
-            try
-            {
-                tx.rollback();
-            }
-            catch (Exception e)
-            {
-            }
-        }
-
-        return md4hash;
-    }
-
-    /*
-     * Validate local hash for user password and hash that was sent by client
-     */
-    private boolean validateLocalHashedPassword(Type3NTLMMessage type3Msg, NTLMLogonDetails ntlmDetails,
-            boolean authenticated, String md4hash)
-    {
-        if (ntlmDetails == null || ntlmDetails.getType2Message() == null)
-        {
-            return false;
-        }
-
-        if (type3Msg.hasFlag(NTLM.FlagNTLM2Key))
-        {
-            //  Determine if the client sent us an NTLMv2 blob or an NTLMv2 session key
-            if (type3Msg.getNTLMHashLength() > 24)
-            {
-                //  Looks like an NTLMv2 blob
-                authenticated = checkNTLMv2(md4hash, ntlmDetails.getChallengeKey(), type3Msg);                
-                if (logger.isDebugEnabled())
-                {
-                    logger.debug((authenticated ? "Logged on" : "Logon failed") + " using NTLMSSP/NTLMv2");
-                }
-                
-                if ( authenticated == false && type3Msg.hasFlag(NTLM.Flag56Bit) && type3Msg.getLMHashLength() == 24)
-                {   
-                    authenticated = checkNTLMv1(md4hash, ntlmDetails.getChallengeKey(), type3Msg, true);
-                    if (logger.isDebugEnabled())
-                    {
-                        logger.debug((authenticated ? "Logged on" : "Logon failed") + " using NTLMSSP/NTLMv1 (via fallback)");
-                    }
-                }
-            }
-            else
-            {                
-                authenticated = checkNTLMv2SessionKey(md4hash, ntlmDetails.getChallengeKey(), type3Msg);                
-                if (logger.isDebugEnabled())
-                {
-                    logger.debug((authenticated ? "Logged on" : "Logon failed") + " using NTLMSSP/NTLMv2SessKey");
-                }
-            }
-        }
-        else
-        {            
-            authenticated = checkNTLMv1(md4hash, ntlmDetails.getChallengeKey(), type3Msg, false);
-            if (logger.isDebugEnabled())
-            {
-                logger.debug((authenticated ? "Logged on" : "Logon failed") + " using NTLMSSP/NTLMv1");
-            }
-        }
-
-        return authenticated;
-    }
-
-    private final boolean checkNTLMv1(String md4hash, byte[] challenge, Type3NTLMMessage type3Msg, boolean checkLMHash)
-    {
-        // Generate the local encrypted password using the challenge that was sent to the client
-        byte[] p21 = new byte[21];
-        byte[] md4byts = md4Encoder.decodeHash(md4hash);
-        System.arraycopy(md4byts, 0, p21, 0, 16);
-
-        // Generate the local hash of the password using the same challenge
-        byte[] localHash = null;
-
-        try
-        {
-            localHash = encryptor.doNTLM1Encryption(p21, challenge);
-        }
-        catch (NoSuchAlgorithmException ex)
-        {
-        }
-
-        // Validate the password
-        byte[] clientHash = checkLMHash ? type3Msg.getLMHash() : type3Msg.getNTLMHash();
-
-        if (clientHash != null && localHash != null && clientHash.length == localHash.length)
-        {
-            int i = 0;
-
-            while (i < clientHash.length && clientHash[i] == localHash[i])
-            {
-                i++;
-            }
-
-            if (i == clientHash.length)
-            {
-                // Hashed passwords match
-                return true;
-            }
-        }
-
-        // Hashed passwords do not match
-        return false;
-    }
-
-    private final boolean checkNTLMv2(String md4hash, byte[] challenge, Type3NTLMMessage type3Msg)
-    {
-        boolean ntlmv2OK = false;
-        boolean lmv2OK   = false;
-        
-        try
-        {
-            byte[] v2hash = encryptor.doNTLM2Encryption(md4Encoder.decodeHash(md4hash), type3Msg.getUserName(), type3Msg.getDomain());
-
-            NTLMv2Blob v2blob = new NTLMv2Blob(type3Msg.getNTLMHash());
-
-            byte[] srvHmac = v2blob.calculateHMAC(challenge, v2hash);
-            byte[] clientHmac = v2blob.getHMAC();
-
-            if (clientHmac != null && srvHmac != null && clientHmac.length == srvHmac.length)
-            {
-                int i = 0;
-
-                while (i < clientHmac.length && clientHmac[i] == srvHmac[i])
-                {
-                    i++;
-                }
-                if (i == clientHmac.length)
-                {
-                    ntlmv2OK = true;
-                }
-            }
-
-            if ( ntlmv2OK == false)
-            {
-                byte[] lmv2 = type3Msg.getLMHash();
-                byte[] clChallenge = v2blob.getClientChallenge();
-                
-                if ( lmv2 != null && lmv2.length == 24 && clChallenge != null && clChallenge.length == 8)
-                {   
-                    int i = 0;
-                    
-                    while ( i < clChallenge.length && lmv2[ i + 16] == clChallenge[ i])
-                        i++;
-                    
-                    if ( i == clChallenge.length)
-                    {                        
-                        
-                        byte[] lmv2Hmac = v2blob.calculateLMv2HMAC(v2hash, challenge, clChallenge);
-                        i = 0;
     
-                        while (i < lmv2Hmac.length && lmv2[i] == lmv2Hmac[i])
-                            i++;
-    
-                        if (i == lmv2Hmac.length)
-                        {
-                            lmv2OK = true;
-                        }
-                        
-                    }
-                }
-            }
-        }
-        catch (Exception ex)
-        {
-            if (logger.isDebugEnabled())
-            {
-                logger.debug(ex);
-            }
-        }
-        if ( ntlmv2OK || lmv2OK)
-            return true;
-        return false;
-    }
-    
-    private final boolean checkNTLMv2SessionKey(String md4hash, byte[] challenge, Type3NTLMMessage type3Msg)
+    @Override
+    protected Log getLogger()
     {
-        // Create the value to be encrypted by appending the server challenge and client challenge
-        // and applying an MD5 digest
-        byte[] nonce = new byte[16];
-        System.arraycopy(challenge, 0, nonce, 0, 8);
-        System.arraycopy(type3Msg.getLMHash(), 0, nonce, 8, 8);
-
-        MessageDigest md5 = null;
-        byte[] v2challenge = new byte[8];
-
-        try
-        {
-            md5 = MessageDigest.getInstance("MD5");
-            //  Apply the MD5 digest to the nonce
-            md5.update(nonce);
-            byte[] md5nonce = md5.digest();
-
-            //  We only want the first 8 bytes
-            System.arraycopy(md5nonce, 0, v2challenge, 0, 8);
-        }
-        catch (NoSuchAlgorithmException ex)
-        {
-            if (logger.isDebugEnabled())
-            {
-                logger.debug(ex.getMessage());                
-            }
-        }
-
-        // Generate the local encrypted password using the MD5 generated challenge
-        byte[] p21 = new byte[21];
-        byte[] md4byts = md4Encoder.decodeHash(md4hash);
-        System.arraycopy(md4byts, 0, p21, 0, 16);
-
-        // Generate the local hash of the password
-        byte[] localHash = null;
-
-        try
-        {
-            localHash = encryptor.doNTLM1Encryption(p21, v2challenge);
-        }
-        catch (NoSuchAlgorithmException ex)
-        {
-            if (logger.isDebugEnabled())
-            {
-                logger.debug(ex.getMessage());
-            }
-        }
-        byte[] clientHash = type3Msg.getNTLMHash();
-
-        if (clientHash != null && localHash != null && clientHash.length == localHash.length)
-        {
-            int i = 0;
-
-            while (i < clientHash.length && clientHash[i] == localHash[i])
-            {
-                i++;
-            }
-
-            if (i == clientHash.length)
-            {
-                return true;
-            }
-        }
-        return false;
+        return logger;
     }
-    
-    @SuppressWarnings("unchecked")
-    private void putNtlmLogonDetailsToSession(HttpServletRequest request, NTLMLogonDetails details)
-    {
-        Object detailsMap = request.getSession().getAttribute(NTLM_AUTH_DETAILS);
-
-        if (detailsMap != null)
-        {
-            ((Map<String, NTLMLogonDetails>) detailsMap).put(request.getRequestURI(), details);
-            return;
-        }
-        else
-        {
-            Map<String, NTLMLogonDetails> newMap = new HashMap<String, NTLMLogonDetails>();
-            newMap.put(request.getRequestURI(), details);
-            request.getSession().setAttribute(NTLM_AUTH_DETAILS, newMap);
-        }
-    }
-
-    @SuppressWarnings("unchecked")
-    private NTLMLogonDetails getNtlmLogonDetailsFromSession(HttpServletRequest request)
-    {
-        Object detailsMap = request.getSession().getAttribute(NTLM_AUTH_DETAILS);
-        if (detailsMap != null)
-        {
-            return ((Map<String, NTLMLogonDetails>) detailsMap).get(request.getRequestURI());
-        }
-        return null;
-    }
-
-    @SuppressWarnings("unchecked")
-    private void removeNtlmLogonDetailsFromSession(HttpServletRequest request)
-    {
-        Object detailsMap = request.getSession().getAttribute(NTLM_AUTH_DETAILS);
-        if (detailsMap != null)
-        {
-            ((Map<String, NTLMLogonDetails>) detailsMap).remove(request.getRequestURI());
-        }
-    }
-
 }
\ No newline at end of file
diff --git a/source/web/jsp/login.jsp b/source/web/jsp/login.jsp
index 7927b31a16..cb9e951370 100644
--- a/source/web/jsp/login.jsp
+++ b/source/web/jsp/login.jsp
@@ -210,7 +210,7 @@
 
     function validate()
     {
-        return validateName(document.getElementById("loginForm:user-name"), null, false);
+        return validateUserNameForLogin(document.getElementById("loginForm:user-name"), null, false);
     }
 
     function updateButtonState()
diff --git a/source/web/jsp/users/new-user-wizard/new-user-properties.jsp b/source/web/jsp/users/new-user-wizard/new-user-properties.jsp
index 11e8fb1035..0d7b380975 100644
--- a/source/web/jsp/users/new-user-wizard/new-user-properties.jsp
+++ b/source/web/jsp/users/new-user-wizard/new-user-properties.jsp
@@ -78,7 +78,7 @@ function validate()
       finishButtonPressed = false;
 
       var message = $("wizard:wizard-body:validation_invalid_character").textContent ? $("wizard:wizard-body:validation_invalid_character").textContent : $("wizard:wizard-body:validation_invalid_character").innerText;
-      return validateName(document.getElementById("wizard:wizard-body:userName"),
+      return validateUserNameForCreate(document.getElementById("wizard:wizard-body:userName"),
             message,
             true);
    }
diff --git a/source/web/scripts/validation.js b/source/web/scripts/validation.js
index 947ed655ff..d294aa34cd 100644
--- a/source/web/scripts/validation.js
+++ b/source/web/scripts/validation.js
@@ -157,8 +157,40 @@ function validateRegex(control, expression, requiresMatch, matchMessage, noMatch
  */
 function validateName(control, message, showMessage)
 {
-   var result = true;
    var pattern = /([\"\*\\\>\<\?\/\:\|]+)|([ ]+$)|([\.]?[\.]+$)/;
+   return validateValue(control, pattern, message, showMessage);
+}
+
+/**
+ * Ensures the user name value does not contain any illegal characters while user creating.
+ * 
+ * @return true if the user name is valid
+ */
+function validateUserNameForCreate(control, message, showMessage)
+{
+   var pattern = /([\"\*\\\>\<\?\:\|]+)|([ ]+$)|([\.]?[\.]+$)/;
+   return validateValue(control, pattern, message, showMessage);
+}
+
+/**
+ * Ensures the user name value does not contain any illegal characters while login.
+ * 
+ * @return true if the user name is valid
+ */
+function validateUserNameForLogin(control, message, showMessage)
+{
+   var pattern = /([\"\*\>\<\?\:\|]+)|([ ]+$)|([\.]?[\.]+$)/;
+   return validateValue(control, pattern, message, showMessage);
+}
+
+/**
+ * Ensures the value of the 'control' coresponds to required pattern.
+ * 
+ * @return true if the file name is valid
+ */
+function validateValue(control, pattern, message, showMessage)
+{
+   var result = true;
    var trimed = control.value.replace(/^\s\s*/, '').replace(/\s\s*$/, '');
    var idx = trimed.search(pattern);
    if (idx != -1)