[jcifs] NTLM HTTP authentication

[Pugsley, Jason]

One of the reasons for using NTLM authentication is that it is "more secure"
than BASIC authentication. Unless you fully trust all the users on your
intranet, BASIC authentication should only be used inside a secure http
connection - ie. https:// otherwise the base 64 encoding of the username and
password is easily exposed.

Regards,

Jason

-----Original Message-----
From: Glass, Eric [mailto:eric.glass at capitalone.com]
Sent: Wednesday, 28 August 2002 7:13 PM
To: 'jcifs at lists.samba.org'
Subject: [jcifs] NTLM HTTP authentication


Hello,

I made the attached changes to the NTLM HTTP authentication filter -- I
wasn't sure where to submit these, so I just decided to post them here.
This adds the following functionality:

1.  Permits "fallback" basic authentication; if a client is not capable of
performing NTLM authentication (i.e., Netscape), this will allow them to
authenticate against the domain using basic authentication.

2.  The filter wraps the servlet request so getRemoteUser() and
getUserPrincipal() work properly.
 
**************************************************************************
The information transmitted herewith is sensitive information intended only
for use by the individual or entity to which it is addressed. If the reader
of this message is not the intended recipient, you are hereby notified that
any review, retransmission, dissemination, distribution, copying or other
use of, or taking of any action in reliance upon this information is
strictly prohibited. If you have received this communication in error,
please contact the sender and delete the material from your computer.