[jcifs] jcifs-0.7.0b4 released

Allen, Michael B (RSCH) Michael_B_Allen at ml.com
Mon Oct 21 19:29:34 EST 2002 

> -----Original Message-----
> From:	Glass, Eric [SMTP:eric.glass at capitalone.com]
> Sent:	Monday, October 21, 2002 4:51 AM
> To:	'jcifs at lists.samba.org'
> Subject:	RE: [jcifs] jcifs-0.7.0b4 released
> 
> I am using IE 5.0 with tomcat.  With the first item ("closed" vs. "close"),
> I never get the type 1 message; basically, after the initial request I get
> the response headers:
> 
> HTTP/1.1 401 Unauthorized
> Connection: closed
> Date: Mon, 21 Oct 2002 07:46:37 GMT
> WWW-Authenticate: NTLM
> Server: Apache Tomcat/4.1.12-LE-jdk14 (HTTP/1.1 Connector)
> Set-Cookie: JSESSIONID=150CF49148E310EFF7314ED14D58D6E0;Path=/
> 
> and then it just hangs.  If I change "closed" to "close" in NtlmHttpFilter,
> the initial connection is closed and IE sends the request with the type 1
> message.
> 
	Ok. So it's probably not being igored. I'll roll out 0.7.0b5 packages in the
	next day or two

>   With the second item in place ("close" instead of "Keep-Alive"),
> however, the server responds to the type 1 with:
> 
> HTTP/1.1 401 Unauthorized
> Connection: close
> Date: Mon, 21 Oct 2002 08:08:35 GMT
> WWW-Authenticate: NTLM XXXXXXXXXXXXXXXXXXXXXXXXXXX
> Server: Apache Tomcat/4.1.12-LE-jdk14 (HTTP/1.1 Connector)
> 
> and the connection gets closed.  I get a "Page cannot be displayed" error on
> the client.  IIS doesn't appear to explicitly include any "Connection:"
> header, which I'm guessing is because it assumes the client will know that
> it needs to keep the connection alive in order to successfully negotiate
> authentication (actually, I just tested removing the "Keep-Alive" below, and
> it does work properly).  Your message seemed to indicate that in your
> scenario the connection was being closed at this point (but negotiation
> still worked).  Could this be an IE version difference?  It may be that IIS
> 
	You're right. I looked at my trace again and there is no Connection header at
	all when returning the type-2-message.

> doesn't care whether the client keeps the connection or not.  However, if I
> explicitly ask IE to close the connection at this point I get an error.
> 
> The third item (setting the content length) also appears to be necessary in
> my environment; without it, I get the response
> 
> HTTP/1.1 401 Unauthorized
> Date: Mon, 21 Oct 2002 08:13:40 GMT
> WWW-Authenticate: NTLM XXXXXXXXXXXXXXXXXXXXXXXXXXX
> Server: Apache Tomcat/4.1.12-LE-jdk14 (HTTP/1.1 Connector)
> 
> and IE just hangs around (I'm guessing expecting some sort of content).
> Adding the content length header, I get:
> 
> HTTP/1.1 401 Unauthorized
> Content-Length: 0
> Date: Mon, 21 Oct 2002 08:20:51 GMT
> WWW-Authenticate: NTLM XXXXXXXXXXXXXXXXXXXXXXXXXXX
> Server: Apache Tomcat/4.1.12-LE-jdk14 (HTTP/1.1 Connector)
> 
> and IE sends the type 3 response properly.  This is probably
> version-specific as well; if I don't set the content-length, but do a
> "resp.getWriter().println()" it also works.  I'm guessing that IE 5 simply
> requires a content-length header of 0 if no content is going to be sent.
> 
	I've been using Resin to test this stuff. Whenever you send back the 401
	Unauthorized Resin appends this:

	<!--
	   - Unfortunately, Microsoft has added a clever new
	   - "feature" to Internet Explorer.  If the text in
	   - an error's message is "too small", specifically
	   - less than 512 bytes, Internet Explorer returns
	   - its own error message.  Yes, you can turn that
	   - off, but *surprise* it's pretty tricky to find
	   - buried as a switch called "smart error
	   - messages"  That means, of course, that many of
	   - Resin's error messages are censored by default.
	   - And, of course, you'll be shocked to learn that
	   - IIS always returns error messages that are long
	   - enough to make Internet Explorer happy.  The
	   - workaround is pretty simple: pad the error
	   - message with a big comment to push it over the
	   - five hundred and twelve byte minimum.  Of course,
	   - that's exactly what you're reading right now.
	   -->

	I'll just set the content-length header to 0 and we'll see how that goes for a
	while. That's what I was doing before and I didn't hear any complaints (at
	least not with that).

> > -----Original Message-----
> > From: Allen, Michael B (RSCH) [mailto:Michael_B_Allen at ml.com]
> > Sent: Monday, October 21, 2002 3:34 AM
> > To: Glass, Eric; 'jcifs at lists.samba.org'
> > Subject: RE: [jcifs] jcifs-0.7.0b4 released
> > 
> > 
> > Actually this should work just fine. What type of error are 
> > you seeing? The
> > misspelled header should be ignored (fix for the next rev 
> > though) and from
> > looking at an IIS trace it closes the connection for the 
> > type-1-message. I
> > thought it would be safest to mimic IIS as closely as possible.
> > 
> > > -----Original Message-----
> > > From:	Glass, Eric [SMTP:eric.glass at capitalone.com]
> > > Sent:	Thursday, October 17, 2002 4:48 AM
> > > To:	'jcifs at lists.samba.org'
> > > Cc:	'Allen, Michael B (RSCH)'
> > > Subject:	RE: [jcifs] jcifs-0.7.0b4 released
> > > 
> > > The NTLM filter in the below doesn't work; the following 
> > changes will fix
> > > it:
> > > 
> > > a) In "NtlmHttpFilter.java", line 90:
> > > 
> > >       resp.setHeader( "Connection", "closed" );
> > > 
> > >    should be
> > > 
> > >       resp.setHeader( "Connection", "close" );
> > > 
> > > b) In "NtlmSsp.java", line 108:
> > > 
> > >       resp.setHeader( "Connection", "close" );
> > > 
> > >    should be
> > > 
> > >       resp.setHeader( "Connection", "Keep-Alive" );
> > >       resp.setContentLength(0);
> > > 
> > > 
> > > That being said, I haven't seen any issues with the new stuff.
> > > 
> > > > -----Original Message-----
> > > > From: Allen, Michael B (RSCH) [mailto:Michael_B_Allen at ml.com]
> > > > Sent: Thursday, October 17, 2002 1:11 AM
> > > > To: 'jcifs at samba.org'
> > > > Subject: [jcifs] jcifs-0.7.0b4 released
> > > > 
> > > > 
> > > > Packages can be had here:
> > > > 
> > > >   http://www.eskimo.com/~miallen/jcifs/CHANGES.txt
> > > >   http://www.eskimo.com/~miallen/jcifs/jcifs-0.7.0b4.jar
> > > >   http://www.eskimo.com/~miallen/jcifs/jcifs-0.7.0b4.tgz
> > > >   http://www.eskimo.com/~miallen/jcifs/jcifs-0.7.0b4.zip
> > > > 
> > > > I'm on the run so I will not have time to prepare the 
> > > > distribution per normal until ~Tuesday. 
> > > > Please give it a whirl while I'm gone.
> > > > 
> > >  
> > > 
> > **************************************************************
> > ************
> > > The information transmitted herewith is sensitive 
> > information intended only
> > > for use by the individual or entity to which it is 
> > addressed. If the reader
> > > of this message is not the intended recipient, you are 
> > hereby notified that
> > > any review, retransmission, dissemination, distribution, 
> > copying or other
> > > use of, or taking of any action in reliance upon this information is
> > > strictly prohibited. If you have received this 
> > communication in error,
> > > please contact the sender and delete the material from your 
> > computer.
> > 
>  
> **************************************************************************
> The information transmitted herewith is sensitive information intended only
> for use by the individual or entity to which it is addressed. If the reader
> of this message is not the intended recipient, you are hereby notified that
> any review, retransmission, dissemination, distribution, copying or other
> use of, or taking of any action in reliance upon this information is
> strictly prohibited. If you have received this communication in error,
> please contact the sender and delete the material from your computer.

More information about the jcifs mailing list