[jcifs] Problem with NTLM HTTP Auth Filter
Eric Jesus
eric.jesus at billback.com
Wed Aug 6 09:53:23 EST 2003
Eric wrote:
> Eric Jesus wrote:
> > Hi,
> >
> > We are using Apache Tomcat 4.1.12, Java Servlets written for J2RE
> > 1.4.1.2 and JCFIS 0.7.11.
> >
> > We have been experimenting with the JCIFS NTLM HTTP Auth Filter to
> > validate users that go to our web application, the problem
> > is when we
> > try to filter in only a few of the Servlet's for use with JCIFS NTLM
> > HTTP, if we do so the rest fail but the one's that are using the
> > filter are ok, if we then remove the JCIFS filter-mapping in web.xml
> > things return to normal.
> >
> > We really only need and want one of the pages to use NTLM HTTP, the
> > rest don't need it and some can't be treated that way for other
> > reasons.
>
> If you are using HTTP POST requests, this will cause issues; once a
> client has negotiated NTLM authentication with a server, it will
> renegotiate before sending the POST data. This means that
> the servlet
> which doesn't use NTLM will get an empty request. Is this
> what you are
> seeing?
Yes that is exactly what is happening.
> > What we have come up with as the problem is when a servlet is
> > filter-mapped to use JCIFS the request object contains the details
> > passed to the servlet, if we remove the servlet from the
> > filter-mapping while another servlet is still mapped those same
> > values become null, if we remove the filter mappings all
> > together all
> > pages work properly again. It only happens when we filter-map less
> > than all servlets, the ones that aren't included will fail to work
> > properly, if when then include one that has failed, that page will
> > then start to work.
> >
> > Any ideas of what can be done to work around this? Or maybe some
> > ideas of what I can check?
>
> The only work around I have been able to find is to send a 401 status
> with a response. This will "trick" the client into forgetting about
> NTLM, but is really kludgy.
>
> Eric
Thanks for that I will give it a go, would be nice if the client didn't do that...
Eric J
More information about the jcifs
mailing list