[jcifs] Why would auth work on one server and not on another?

Dave Mobley scprotz at hotmail.com
Fri Jul 11 15:16:17 EST 2003 

OK,  after doing a considerable amount of testing, here is what I've come up
with:

1.  Mozilla's NTLM apparently does not work automatically (guess i'll have
to wait for Moz1.5)
2.  IE has a problem about dropping connections based on certain http events
from Domino (still haven't figured this one out)
3.  (THIS IS A BIG ONE) Mozilla REALLY REALLY wants to try to authenticate
with my servlet (even though it isn't the nice automatic NTLM - it requires
me to enter my credentials) on Domino (and even does the full handshake, but
jcifs uses the "UnicodeLittleUnmarked" encoding, which Domino's JDK (its an
old 1.1)  doesn't understand.

Any suggestions on a 1.1 substitute for "UnicodeLittleUnmarked"? (Or will I
have to write some sort of byte converter, and then convert it to a String
with another encoder that is much more jdk1.1. friendly)?

If I can get 1 browser to work on this server, I'm sure with a bit of
effort, I can eventually get the other to work.

Thanks all for the help so far :)

Dave Mobley
scprotz at hotmail.com

----- Original Message ----- 
From: <eglass1 at comcast.net>
To: "Dave Mobley" <scprotz at hotmail.com>
Cc: <jcifs at lists.samba.org>; <Michael_B_Allen at ml.com>
Sent: Thursday, July 10, 2003 2:20 PM
Subject: Re: [jcifs] Why would auth work on one server and not on another?


>
> >
> > Any suggestions why it might a connection under 1 server and work fine
on
> > another?  If a packet capture of a working server is needed, I can
provide
> > that as well.
> >
>
> I actually should have picked up on this earlier (given that it worked
under
> Tomcat, and the packet trace indicates an HTML body in the error
response).
> The container is treating the setStatus(401) as an error (the same as
> a sendError); it closes the connection and sends a default error page.
What
> *should* be happening is that you set the status to 401, set the content
> length to 0, and the user gets a blank page with a 401 status and a
persistent
> connection.
>
> Your last-ditch attempt would maybe be to explicitly do:
>
>     resp.setHeader("Connection", "Keep-Alive");
>
> Try putting it right before the resp.setContentLength(0), or maybe right
after
> the resp.setStatus(HttpServletResponse.SC_UNAUTHORIZED).
>
> Chances are, however, that the container will ignore it and close the
> connection, in which case you don't have too many options. :(
>
> You could always take out the NTLM authentication offers and just use
basic,
> but that's probably not the answer you were looking for.
>
> Eric
>

More information about the jcifs mailing list