[jcifs] Should I map all requests to the NTLM filter servlet??

[eglass1 at comcast.net]

> The point is, I realised that there may be a performance hit running all
> requests through the filter. Does every request if mapped to the filter get
> routed for authentication with the domain controller? 

After successful authentication, the identity is stored in the session;
ideally, there should be one handshake with the domain controller for each
user session.  If the user has cookies disabled or other things which might
interfere with session tracking, further handshaking may be required.
Internet Explorer will initiate a handshake on POST requests, so that will
also generate traffic.

> And if so, does anyone here think a good idea would be just to have a login
> servlet that the filter is mapped to so that I can create our user session
> object. All other requests would then not need to route through the filter.

If you don't map the filter to all POST targets, you'll likely see issues;
Internet Explorer will send an empty POST body, and only send the actual
post parameter values once authentication has been renegotiated.


Eric