[jcifs] RFE's for NTLM HTTP Authentication

Karl karlduesentrieb at compuserve.de
Mon Feb 17 04:57:27 EST 2003


I have RFE's for NTLM HTTP Authentication in jCIFS.
I don't know where I should send so I send this to this list.

1. RFE
when SmbSession.logon throws an Exception because of invalid credentials,
this exception is not catched and an Authentication fails without giving the
Browser/user giving a chance to provide other credentials.
Better would be in such case to catch the exception and to send another
"WWW-Authenticate", "NTLM"  header.
Also useful would be an interface which gives the application the
to reject the credentials and to demand others even if they are valid for
the DC.
For example they maybe  not valid for the application.

2. RFE
sometimes NTLM HTTP Authentication is failing or is suppressed for some
(for example some proxys are disrupting NTLM HTTP Authentication)
this would leave a blank page in the IE window, because the jCIFS
response sends an empty body.
Better would be an possibility/interface/responsebuffer for the application
to provide
a html body and/or additional response headers which could deal with such an
(For example a timed redirect to a fallback url or webpage which gives the
user a hint)

Hope this is also useful for others.


appended class NtlmServlet

public abstract class NtlmServlet extends HttpServlet {
    protected void service(HttpServletRequest request,
            HttpServletResponse response) throws ServletException,
IOException {
        String msg = request.getHeader("Authorization");
        if (msg != null && msg.startsWith("NTLM")) {
            HttpSession ssn;
            byte[] challenge = SmbSession.getChallenge(domainController);
            NtlmPasswordAuthentication ntlm = AUTH.doAuthentication(request,
                    response, challenge);
            if (ntlm == null) return;
            SmbSession.logon(domainController, ntlm);
            ssn = request.getSession();
            ssn.setAttribute("NtlmHttpAuth", ntlm);
            ssn.setAttribute( "ntlmdomain", ntlm.getDomain() );
            ssn.setAttribute( "ntlmuser", ntlm.getUsername() );
        } else if (request.getSession().getAttribute("NtlmHttpAuth") ==
null) {
            response.setHeader("WWW-Authenticate", "NTLM");
            response.setHeader("Connection", "close");
        super.service(request, response);

More information about the jcifs mailing list