[jcifs] Using JCIFS with JRun 4

[Jason Bainbridge]

All,

I am being forced to revisit this issue and have had a little more luck with
the IIS plugin for JRun 4, on it's own it won't authenticate and will always
prompt for the login details but by pure luck I worked out that if I first
make the request through the internal JRun webserver (which uses http/1.0) and
then access the NTLM HTTP Authentication Example it somehow magically works.

I am guessing that Jrun's internal webserver gets as far as getting the
Authentication header but for some reason it hangs probably related to the
lack of persistent connections and then when the servlet is accessed through
IIS it can then pick up the header details and use them.

Does anyone have any idea on how something like this could be programatically
done? Unfortunately we have clients that refuse to use any open source
products so that rules out both Tomcat and plugging Jrun into Apache.

What we are trying to accomplish is to grab the domain and user name of the
currently logged in NT user, pass that to our web application and then match
it to our own legacy security system within the web app. It all works great
through Tomcat and plugging Jrun into the Apache Web Server but I am being
pressed for a solution using either JRun on it's own or with IIS as a lot of
our clients have that combination currently.

If I need to provide any traces or debug output please let me know what and
how, any help would be much appreciated.

Regards,
------------------------------------------
Jason Bainbridge
Technical Support Consultant
BMS Solutions Pty Ltd
------------------------------------------
Tel: +61 8 9444 2777
Fax: +61 8 9444 2477
Mobile: +61 402 786 508
------------------------------------------







> -----Original Message-----
> From: jcifs-bounces+jason.bainbridge=bmssolutions.com at lists.samba.org
> [mailto:jcifs-bounces+jason.bainbridge=bmssolutions.com at lists.samba.org]
> On Behalf Of Jason Bainbridge
> Sent: Thursday, 27 March 2003 7:17 PM
> To: eglass1 at attbi.com; jcifs at lists.samba.org
> Subject: Re: [jcifs] Using JCIFS with JRun 4
>
>
> Thanks for the quick response. :-)
>
> I was suspecting something along the lines as what you suggested, so I
> have already tried using an external web server (IIS 5.0). This gave me a
> little more joy but I think the plugin wasn't passing through the
> authentication details as it would always prompt for the Login information
> even after entering correct details.
>
> I read a post on Google that confirmed this and someone had written their
> own plugin that did pass the authentication information through but
> unfortunately they were looking at whether there was a commercial market
> for such a product and unfortunately developing such a plugin probably
> goes beyond my expertise.
>
> Tomorrow I might try the Apache plugin and see if I can have any luck with
> that, I'll also have a bit of a look around the web to see if I can find
> any information about getting JRun to accept persistent connections.
>
> Thanks again for your help, it has atleast given me a few pointers. :)
>
> Regards,
> Jason
>
> -----Original Message-----
> From: eglass1 at attbi.com
> To: jason.bainbridge at bmssolutions.com
> Date: Thu, 27 Mar 2003 11:01:59 +0000
> Subject: Re: [jcifs] Using JCIFS with JRun 4
>
> > I went ahead and downloaded the trial version of JRun 4.  Looking at
> > the
> > conversation between the client and the server, it appears that the
> > JRun server
> > is closing the connection after sending the Type 2 challenge message.
> > Note
> > that the headers sent are:
> >
> > HTTP/1.0 401 Unauthorized
> > WWW-Authenticate: NTLM TlRMTVNTUAACAAAAAAAAAAAAAAABAgAA0HaFjIfw90Q=
> > Date: Thu, 27 Mar 2003 10:16:10 GMT
> > Content-Length: 0
> > Server: JRun Web Server
> >
> > Which indicate that the JRun web server is an HTTP 1.0 server.  HTTP
> > 1.0 uses
> > transient connections by default; NTLM requires a persistent connection
> > while
> > negotiating authentication.
> >
> > In HTTP 1.1, connections are persistent by default, unless the client
> > or server
> > sends a "Connection: close" header.  In 1.0, persistent connections are
> > negotiated by the client sending a "Connection: Keep-Alive", and the
> > server
> > responding in kind to indicate that persistent connections are
> > supported.
> >
> > Just as a lark, I modified the NtlmSsp to send back an explicit
> > "Connection:
> > Keep-Alive" (to see if the JRun web server would pick up that the
> > servlet wants
> > to provide a persistent connection).  I got:
> >
> > HTTP/1.0 401 Unauthorized
> > WWW-Authenticate: NTLM TlRMTVNTUAACAAAAAAAAAAAAAAABAgAAw////02uV7g=
> > Connection: close
> > Date: Thu, 27 Mar 2003 10:30:16 GMT
> > Content-Length: 0
> > Server: JRun Web Server
> >
> > Which seems to indicate that the server sees the connection header and
> > doesn't
> > support persistent connections (but is smart enough to change the
> > connection
> > header so the client doesn't get confused).
> >
> > You could try running JRun as an extension under an external HTTP 1.1
> > web
> > server (such as Apache or IIS).  I don't have experience configuring
> > JRun in
> > this fashion, but I believe the web server should manage the connection
> > and
> > just pass the requests and responses between the client and container.
> >
> > Eric
> >
> > > Hi all,
> > >
> > > We've just successfully made modifications to our Java Servlet
> > application to
> > > grab the domain and user information via NTLM using JCIFS with Tomcat
> > 4.x, but
> > > we also have clients that use JRun 4 and are having problems with
> > getting it
> > > working.
> > >
> > > Everything loads okay, the server will start and when the server is
> > in debug
> > > mode you get the below message in the log:
> > >
> > > 27/03 14:37:51 debug Created filter [FilterObject name=NTLM HTTP
> > > Authentication Filter class=jcifs.http.NtlmHttpFilter] mapped to /*
> > >
> > > But when you try to access one of the servlets you get the standard
> > "Cannot
> > > find server or DNS error", I have tried changing the filter to a
> > single
> > > servlet and then the other servlets work fine but the one using the
> > NTLM
> > > filter still shows the error.
> > >
> > > I am using Macromedia JRun 4 SP1 with Sun JRE 1.4.0 on Windows 2000
> > Server, is
> > > there any diagnostics I can perform to try to debug this or can
> > anyone offer
> > > any advice? It's becoming quite urgent as we had assumed that as it
> > worked
> > > fine under the open source Tomcat that it would work under the
> > commercial JRun
> > > so quick responses would be much appreciated. :)
> > >
> > > Regards,
> > > --
> > > Jason Bainbridge			|   Tel:        +61 8 9444 2777
> > > Technical Support Consultant	|   Fax:        +61 8 9444 2477
> > > BMS Solutions Pty Ltd		|   Mobile:     +61 402 786 508
> > > --
> > > KDE Web Team - http://kde.org
> > > webmaster at kde.org
> > >
> > >
>
>