[jcifs] jcifs-0.7.0b4 released
Allen, Michael B (RSCH)
Michael_B_Allen at ml.com
Mon Oct 21 19:29:34 EST 2002
> -----Original Message-----
> From: Glass, Eric [SMTP:eric.glass at capitalone.com]
> Sent: Monday, October 21, 2002 4:51 AM
> To: 'jcifs at lists.samba.org'
> Subject: RE: [jcifs] jcifs-0.7.0b4 released
>
> I am using IE 5.0 with tomcat. With the first item ("closed" vs. "close"),
> I never get the type 1 message; basically, after the initial request I get
> the response headers:
>
> HTTP/1.1 401 Unauthorized
> Connection: closed
> Date: Mon, 21 Oct 2002 07:46:37 GMT
> WWW-Authenticate: NTLM
> Server: Apache Tomcat/4.1.12-LE-jdk14 (HTTP/1.1 Connector)
> Set-Cookie: JSESSIONID=150CF49148E310EFF7314ED14D58D6E0;Path=/
>
> and then it just hangs. If I change "closed" to "close" in NtlmHttpFilter,
> the initial connection is closed and IE sends the request with the type 1
> message.
>
Ok. So it's probably not being igored. I'll roll out 0.7.0b5 packages in the
next day or two
> With the second item in place ("close" instead of "Keep-Alive"),
> however, the server responds to the type 1 with:
>
> HTTP/1.1 401 Unauthorized
> Connection: close
> Date: Mon, 21 Oct 2002 08:08:35 GMT
> WWW-Authenticate: NTLM XXXXXXXXXXXXXXXXXXXXXXXXXXX
> Server: Apache Tomcat/4.1.12-LE-jdk14 (HTTP/1.1 Connector)
>
> and the connection gets closed. I get a "Page cannot be displayed" error on
> the client. IIS doesn't appear to explicitly include any "Connection:"
> header, which I'm guessing is because it assumes the client will know that
> it needs to keep the connection alive in order to successfully negotiate
> authentication (actually, I just tested removing the "Keep-Alive" below, and
> it does work properly). Your message seemed to indicate that in your
> scenario the connection was being closed at this point (but negotiation
> still worked). Could this be an IE version difference? It may be that IIS
>
You're right. I looked at my trace again and there is no Connection header at
all when returning the type-2-message.
> doesn't care whether the client keeps the connection or not. However, if I
> explicitly ask IE to close the connection at this point I get an error.
>
> The third item (setting the content length) also appears to be necessary in
> my environment; without it, I get the response
>
> HTTP/1.1 401 Unauthorized
> Date: Mon, 21 Oct 2002 08:13:40 GMT
> WWW-Authenticate: NTLM XXXXXXXXXXXXXXXXXXXXXXXXXXX
> Server: Apache Tomcat/4.1.12-LE-jdk14 (HTTP/1.1 Connector)
>
> and IE just hangs around (I'm guessing expecting some sort of content).
> Adding the content length header, I get:
>
> HTTP/1.1 401 Unauthorized
> Content-Length: 0
> Date: Mon, 21 Oct 2002 08:20:51 GMT
> WWW-Authenticate: NTLM XXXXXXXXXXXXXXXXXXXXXXXXXXX
> Server: Apache Tomcat/4.1.12-LE-jdk14 (HTTP/1.1 Connector)
>
> and IE sends the type 3 response properly. This is probably
> version-specific as well; if I don't set the content-length, but do a
> "resp.getWriter().println()" it also works. I'm guessing that IE 5 simply
> requires a content-length header of 0 if no content is going to be sent.
>
I've been using Resin to test this stuff. Whenever you send back the 401
Unauthorized Resin appends this:
<!--
- Unfortunately, Microsoft has added a clever new
- "feature" to Internet Explorer. If the text in
- an error's message is "too small", specifically
- less than 512 bytes, Internet Explorer returns
- its own error message. Yes, you can turn that
- off, but *surprise* it's pretty tricky to find
- buried as a switch called "smart error
- messages" That means, of course, that many of
- Resin's error messages are censored by default.
- And, of course, you'll be shocked to learn that
- IIS always returns error messages that are long
- enough to make Internet Explorer happy. The
- workaround is pretty simple: pad the error
- message with a big comment to push it over the
- five hundred and twelve byte minimum. Of course,
- that's exactly what you're reading right now.
-->
I'll just set the content-length header to 0 and we'll see how that goes for a
while. That's what I was doing before and I didn't hear any complaints (at
least not with that).
> > -----Original Message-----
> > From: Allen, Michael B (RSCH) [mailto:Michael_B_Allen at ml.com]
> > Sent: Monday, October 21, 2002 3:34 AM
> > To: Glass, Eric; 'jcifs at lists.samba.org'
> > Subject: RE: [jcifs] jcifs-0.7.0b4 released
> >
> >
> > Actually this should work just fine. What type of error are
> > you seeing? The
> > misspelled header should be ignored (fix for the next rev
> > though) and from
> > looking at an IIS trace it closes the connection for the
> > type-1-message. I
> > thought it would be safest to mimic IIS as closely as possible.
> >
> > > -----Original Message-----
> > > From: Glass, Eric [SMTP:eric.glass at capitalone.com]
> > > Sent: Thursday, October 17, 2002 4:48 AM
> > > To: 'jcifs at lists.samba.org'
> > > Cc: 'Allen, Michael B (RSCH)'
> > > Subject: RE: [jcifs] jcifs-0.7.0b4 released
> > >
> > > The NTLM filter in the below doesn't work; the following
> > changes will fix
> > > it:
> > >
> > > a) In "NtlmHttpFilter.java", line 90:
> > >
> > > resp.setHeader( "Connection", "closed" );
> > >
> > > should be
> > >
> > > resp.setHeader( "Connection", "close" );
> > >
> > > b) In "NtlmSsp.java", line 108:
> > >
> > > resp.setHeader( "Connection", "close" );
> > >
> > > should be
> > >
> > > resp.setHeader( "Connection", "Keep-Alive" );
> > > resp.setContentLength(0);
> > >
> > >
> > > That being said, I haven't seen any issues with the new stuff.
> > >
> > > > -----Original Message-----
> > > > From: Allen, Michael B (RSCH) [mailto:Michael_B_Allen at ml.com]
> > > > Sent: Thursday, October 17, 2002 1:11 AM
> > > > To: 'jcifs at samba.org'
> > > > Subject: [jcifs] jcifs-0.7.0b4 released
> > > >
> > > >
> > > > Packages can be had here:
> > > >
> > > > http://www.eskimo.com/~miallen/jcifs/CHANGES.txt
> > > > http://www.eskimo.com/~miallen/jcifs/jcifs-0.7.0b4.jar
> > > > http://www.eskimo.com/~miallen/jcifs/jcifs-0.7.0b4.tgz
> > > > http://www.eskimo.com/~miallen/jcifs/jcifs-0.7.0b4.zip
> > > >
> > > > I'm on the run so I will not have time to prepare the
> > > > distribution per normal until ~Tuesday.
> > > > Please give it a whirl while I'm gone.
> > > >
> > >
> > >
> > **************************************************************
> > ************
> > > The information transmitted herewith is sensitive
> > information intended only
> > > for use by the individual or entity to which it is
> > addressed. If the reader
> > > of this message is not the intended recipient, you are
> > hereby notified that
> > > any review, retransmission, dissemination, distribution,
> > copying or other
> > > use of, or taking of any action in reliance upon this information is
> > > strictly prohibited. If you have received this
> > communication in error,
> > > please contact the sender and delete the material from your
> > computer.
> >
>
> **************************************************************************
> The information transmitted herewith is sensitive information intended only
> for use by the individual or entity to which it is addressed. If the reader
> of this message is not the intended recipient, you are hereby notified that
> any review, retransmission, dissemination, distribution, copying or other
> use of, or taking of any action in reliance upon this information is
> strictly prohibited. If you have received this communication in error,
> please contact the sender and delete the material from your computer.
More information about the jcifs
mailing list