[jcifs] RFE's for NTLM HTTP Authentication
Allen, Michael B (RSCH)
Michael_B_Allen at ml.com
Mon Feb 17 09:03:58 EST 2003
> -----Original Message-----
> From: Karl [SMTP:karlduesentrieb at compuserve.de]
> Sent: Sunday, February 16, 2003 12:57 PM
> To: jcifs at lists.samba.org
> Subject: [jcifs] RFE's for NTLM HTTP Authentication
>
> Hello,
>
> I have RFE's for NTLM HTTP Authentication in jCIFS.
> I don't know where I should send so I send this to this list.
>
> 1. RFE
> when SmbSession.logon throws an Exception because of invalid credentials,
> this exception is not catched and an Authentication fails without giving the
> Browser/user giving a chance to provide other credentials.
> Better would be in such case to catch the exception and to send another
> "WWW-Authenticate", "NTLM" header.
>
This was done in 0.7.3.
> Also useful would be an interface which gives the application the
> possibility
> to reject the credentials and to demand others even if they are valid for
> the DC.
> For example they maybe not valid for the application.
>
This is very application specific behavior that I don't quite understand and sould
be done by writing your own Filter with the NtlmSsp class.
> 2. RFE
> sometimes NTLM HTTP Authentication is failing or is suppressed for some
> reason.
> (for example some proxys are disrupting NTLM HTTP Authentication)
> this would leave a blank page in the IE window, because the jCIFS
> WWW-Authenticate
> response sends an empty body.
> Better would be an possibility/interface/responsebuffer for the application
> to provide
> a html body and/or additional response headers which could deal with such an
> incident.
> (For example a timed redirect to a fallback url or webpage which gives the
> user a hint)
>
The bodies aren't empty but they are sent in a different packet. It's not clear to
me why this should be a real problem because they just contain error message
junk. I don't recall exactly why the body is in a separate packet. I believe it was
necessary to keep the connection open during the 3 message dialog. This NTLM
over HTTP thing is non standard so maintaining state accross the negotiate
presented some problems. To pursue this further we would need to see a packet
trace of the errant dialog.
> Hope this is also useful for others.
>
>
> Charly
>
>
> appended class NtlmServlet
>
What is this supposed to show us?
More information about the jcifs
mailing list