[jcifs] A bunch of NTLM stuff

Glass, Eric eric.glass at capitalone.com
Wed Oct 2 02:48:51 EST 2002

I was having issues with the NtlmHttpSession (specifically, the
NullPointerException people were reporting yesterday).  I started to rework
some stuff, and basically ended up reimplementing much of the filter/network
explorer so it works statelessly.  I changed the names of the classes so
they can coexist with the existing stuff, but basically these are:

NtPrincipal -- an implementation of java.security.Principal representing an
authenticated domain user.

NtlmProtocol -- an abstraction of the NTLM protocol itself, basically
	a) producing a type 2 byte[] challenge from a type 1 byte[] request;
	b) processing a type 3 byte[] response to produce an
NtlmPasswordAuthentication object; and 
	c) logging on to a server with the NtlmPasswordAuthentication object
to produce an NtPrincipal.  By default the server used to generate the
challenge and evaluate the SmbSession.logon is obtained either via the
"jcifs.http.domainController" property, or by NbtAddress.getByName(domain,
0x1c, null), etc.  See below for more notes.

NtlmProtocolHandler -- a driver for managing HTTP interaction with the NTLM
authentication protocol.

NtlmAuthFilter -- a Filter which uses the NtlmProtocolHandler to
authenticate against the domain.  This is more or less a reworking of
NtlmHttpFilter.  After filtering, the request's getUserPrincipal and
getRemoteUser will reflect the information in NtPrincipal.  This uses the
default NtlmProtocol implementation to generate the challenge and logon.

SmbBrowser -- This is similar to a very stripped down NetworkExplorer.  This
DOES NOT use the NtlmAuthFilter (in fact, it probably won't work in
conjunction with it).  It is basically installed with a servlet-mapping of
something like "/SMB/*", so pointing your browser at:


will retrieve


The type 2 challenge and logon are done against the server on which the file
resides ("smbserver" in the above example) by subclassing NtlmProtocol.
Directory listing is fairly spartan (not nearly as pretty as
NetworkExplorer).  You can also specify a default server if you want to
force an authentication to "smb://", otherwise it will basically just do new

I haven't tested any of this thoroughly, but it appears to work for me.
Hopefully at least some of this is helpful to someone.


The information transmitted herewith is sensitive information intended only
for use by the individual or entity to which it is addressed. If the reader
of this message is not the intended recipient, you are hereby notified that
any review, retransmission, dissemination, distribution, copying or other
use of, or taking of any action in reliance upon this information is
strictly prohibited. If you have received this communication in error,
please contact the sender and delete the material from your computer.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: NtlmAuthFilter.java
Type: application/octet-stream
Size: 2817 bytes
Desc: not available
Url : http://lists.samba.org/archive/jcifs/attachments/20021001/3fbf1578/NtlmAuthFilter.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: NtlmProtocol.java
Type: application/octet-stream
Size: 3318 bytes
Desc: not available
Url : http://lists.samba.org/archive/jcifs/attachments/20021001/3fbf1578/NtlmProtocol.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: NtlmProtocolHandler.java
Type: application/octet-stream
Size: 3531 bytes
Desc: not available
Url : http://lists.samba.org/archive/jcifs/attachments/20021001/3fbf1578/NtlmProtocolHandler.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: NtPrincipal.java
Type: application/octet-stream
Size: 979 bytes
Desc: not available
Url : http://lists.samba.org/archive/jcifs/attachments/20021001/3fbf1578/NtPrincipal.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: SmbBrowser.java
Type: application/octet-stream
Size: 5789 bytes
Desc: not available
Url : http://lists.samba.org/archive/jcifs/attachments/20021001/3fbf1578/SmbBrowser.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: web.xml
Type: application/octet-stream
Size: 656 bytes
Desc: not available
Url : http://lists.samba.org/archive/jcifs/attachments/20021001/3fbf1578/web.obj

More information about the jcifs mailing list