[jcifs] Problem with NTLM HTTP Auth Filter
Eric
eglass1 at comcast.net
Wed Aug 6 09:22:15 EST 2003
Eric Jesus wrote:
> Hi,
>
> We are using Apache Tomcat 4.1.12, Java Servlets written for J2RE
> 1.4.1.2 and JCFIS 0.7.11.
>
> We have been experimenting with the JCIFS NTLM HTTP Auth Filter to
> validate users that go to our web application, the problem is when we
> try to filter in only a few of the Servlet's for use with JCIFS NTLM
> HTTP, if we do so the rest fail but the one's that are using the
> filter are ok, if we then remove the JCIFS filter-mapping in web.xml
> things return to normal.
>
> We really only need and want one of the pages to use NTLM HTTP, the
> rest don't need it and some can't be treated that way for other
> reasons.
>
If you are using HTTP POST requests, this will cause issues; once a
client has negotiated NTLM authentication with a server, it will
renegotiate before sending the POST data. This means that the servlet
which doesn't use NTLM will get an empty request. Is this what you are
seeing?
> What we have come up with as the problem is when a servlet is
> filter-mapped to use JCIFS the request object contains the details
> passed to the servlet, if we remove the servlet from the
> filter-mapping while another servlet is still mapped those same
> values become null, if we remove the filter mappings all together all
> pages work properly again. It only happens when we filter-map less
> than all servlets, the ones that aren't included will fail to work
> properly, if when then include one that has failed, that page will
> then start to work.
>
> Any ideas of what can be done to work around this? Or maybe some
> ideas of what I can check?
The only work around I have been able to find is to send a 401 status
with a response. This will "trick" the client into forgetting about
NTLM, but is really kludgy.
Eric
More information about the jcifs
mailing list