[jcifs] Why would auth work on one server and not on another?

Dave Mobley scprotz at hotmail.com
Fri Jul 11 03:35:40 EST 2003

Here is my NtlmSsp.  Except for the commented out 'flushbuffer()', it is the
same as in 0.7.8

Any suggestions why it might a connection under 1 server and work fine on
another?  If a packet capture of a working server is needed, I can provide
that as well.

/* jcifs smb client library in Java

* Copyright (C) 2002 "Michael B. Allen" <jcifs at samba dot org>

* "Eric Glass" <jcifs at samba dot org>

* "Jason Pugsley" <jcifs at samba dot org>

* "skeetz" <jcifs at samba dot org>


* This library is free software; you can redistribute it and/or

* modify it under the terms of the GNU Lesser General Public

* License as published by the Free Software Foundation; either

* version 2.1 of the License, or (at your option) any later version.


* This library is distributed in the hope that it will be useful,

* but WITHOUT ANY WARRANTY; without even the implied warranty of


* Lesser General Public License for more details.


* You should have received a copy of the GNU Lesser General Public

* License along with this library; if not, write to the Free Software

* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA


package jcifs.http;

import java.io.IOException;

import javax.servlet.ServletException;

import javax.servlet.http.HttpServletRequest;

import javax.servlet.http.HttpServletResponse;

import jcifs.smb.NtlmPasswordAuthentication;

import jcifs.util.Base64;

import jcifs.ntlmssp.NtlmFlags;

import jcifs.ntlmssp.Type1Message;

import jcifs.ntlmssp.Type2Message;

import jcifs.ntlmssp.Type3Message;


* This class is used internally by <tt>NtlmHttpFilter</tt>,

* <tt>NtlmServlet</tt>, and <tt>NetworkExplorer</tt> to negiotiate password

* hashes via NTLM SSP with MSIE. It might also be used directly by servlet

* containers to incorporate similar functionality.

* <p>

* How NTLMSSP is used in conjunction with HTTP and MSIE clients is

* described in an <A HREF="http://www.innovation.ch/java/ntlm.html">NTLM

* Authentication Scheme for HTTP</A>. <p> Also, read <a

* href="../../../ntlmhttpauth.html">jCIFS NTLM HTTP Authentication and

* the Network Explorer Servlet</a> related information.


public class NtlmSsp implements NtlmFlags {


* Performs NTLM authentication for the servlet request.


* @param req The request being serviced.

* @param resp The response.

* @param challenge The domain controller challenge.

* @throws IOException If an IO error occurs.

* @throws ServletException If an error occurs.


public NtlmPasswordAuthentication doAuthentication(HttpServletRequest req,

HttpServletResponse resp, byte[] challenge)

throws IOException, ServletException {

String msg = req.getHeader("Authorization");

if (msg != null && msg.startsWith("NTLM ")) {

byte[] src = Base64.decode(msg.substring(5));

if (src[8] == 1) {

System.out.println("Type 1 message");

Type1Message type1 = new Type1Message(src);

Type2Message type2 = new Type2Message(type1, challenge,


msg = Base64.encodeBytes(type2.toByteArray());

System.out.println("type 1 message = " + msg);

resp.setHeader( "WWW-Authenticate", "NTLM " + msg );

resp.setContentLength( 0 );

} else if (src[8] == 3) {

System.out.println("type 3 message");

Type3Message type3 = new Type3Message(src);

byte[] lmResponse = type3.getLMResponse();

if (lmResponse == null) lmResponse = new byte[0];

byte[] ntResponse = type3.getNTResponse();

if (ntResponse == null) ntResponse = new byte[0];

return new NtlmPasswordAuthentication(type3.getDomain(),

type3.getUser(), lmResponse, ntResponse);


} else {

resp.setHeader("WWW-Authenticate", "NTLM");

resp.setHeader("Connection", "close");



// resp.flushBuffer();

return null;




Dave Mobley

scprotz at hotmail.com

----- Original Message ----- 
From: <eglass1 at comcast.net>
To: "Dave Mobley" <scprotz at hotmail.com>
Cc: <jcifs at lists.samba.org>; <Michael_B_Allen at ml.com>
Sent: Thursday, July 10, 2003 11:06 AM
Subject: Re: [jcifs] Why would auth work on one server and not on another?

> > Here is a copy of my sevlet.  It is very simple (and the
> > jcifs.http.NtlmServlet grafted from 0.7.8 with the slight modifications
> > make it jdk1.1 and jsdk2.0 compliant).  Also, I did rename my servlet
> > strip out the cookie handling just to make it simpler.
> >
> Actually, the relevant code would be in jcifs.http.NtlmSsp; that is where
> Type 2 message is created and sent.
> Eric

More information about the jcifs mailing list