[jcifs] NTLM authentication performance

eglass1 at attbi.com eglass1 at attbi.com
Sat May 17 06:14:30 EST 2003 

Mark,

I think I replied to your message already, but I either forgot to copy the list 
or messed up otherwise.  To summarize:

Internet Explorer won't submit data as part of a POST over an NTLM connection 
without first re-negotiating authentication.  Essentially, it submits an empty 
POST body with a Type 1 message in the Authorization header; it then responds 
to the Type 2 challenge with another POST containing the data (and the Type 3 
reply in the Authorization header).  This is probably where the overhead is 
coming from; there is an additional round-trip for each POST (and SMB traffic 
for the authentication).  Although I wouldn't think it would be terribly 
expensive; I am doing some similar stuff, and I never really noticed a delay.

The reason you weren't seeing this when connecting to the localhost is that IE 
relaxes this restriction when client and server are the same machine; the data 
is included in the initial POST, and the additional round-trip isn't incurred.

Eric

> I am trying to use the NTLM authentication using jcifs in Jetspeed portal.
> The portal performs well when domain controller is set to a local machine
> (same one running the portal). Local machine runs Tomcat 3.3.1a (servlet API
> 2.2). However, when deployed in the production-like environment, there's
> substantial performance degradation.
> 
> Production environment uses IBM WebSphere 3.5.6 (servlet API 2.2) and
> therefore I cannot use the NtlmHttpFilter. One thing that I noticed is that
> the authentication takes place more than once per session. I'm not sure if
> it's the Turbine architecture (Jetspeed is built on top of Turbine) that's
> causing this. I think that this happens when I do a POST and Turbine does
> some redirection. At that point, I have to logon again. I hope this makes
> sense.
> 
> Are there any tips to speed things up? Perhaps some properties to set. Thank
> you in advance for any help.
> 
> Best regards,
> 
> Mark Orciuch - morciuch at apache.org
> Jakarta Jetspeed - Enterprise Portal in Java
> http://jakarta.apache.org/jetspeed/
> 
>

More information about the jcifs mailing list