[jcifs] NTLM authentication performance

Mark Orciuch mark_orciuch at ngsltd.com
Sat May 17 07:46:30 EST 2003 

Hi Eric,

I appreciate your response. I tried what you're suggesting but the end
result seems to be the same: my posts quit working (posting results in the
same page being redisplayed, no error). I'm attaching my web.xml. Also,
here's the content of my index.jsp:

<%@ page extends="jcifs.http.NtlmJspBase" %>

<jsp:forward page="portal/"/>

I also get DC not available error if I use my production domain controller.
It works with local domain controller. But that is probably minor compared
to the other problem I'm facing. I'm starting to think that this is a
Turbine quirk because I noticed that there's some redirection going during
my posts.

BTW: I noticed in your example
(http://jcifs.samba.org/src/docs/ntlmhttpauth.html) that domain controller
is specified using "jcifs.http.domainController" property for testing but
for production it's "jcifs.smb.client.domain" and "jcifs.netbios.wins". What
is the significance of the wins property? Could this be impacting my
performance?

Best regards,

Mark Orciuch - morciuch at apache.org
Jakarta Jetspeed - Enterprise Portal in Java
http://jakarta.apache.org/jetspeed/

> -----Original Message-----
> From: eglass1 at attbi.com [mailto:eglass1 at attbi.com]
> Sent: Friday, May 16, 2003 3:18 PM
> To: Mark Orciuch
> Cc: jcifs at lists.samba.org; Nathan Zentner
> Subject: RE: [jcifs] NTLM authentication performance
>
>
> You can extend jcifs.http.NtlmServlet for this; this is intended
> to provide
> NTLM services to pre-2.3 containers.  It looks like you are using JSPs --
> attached is an extension to NtlmServlet which can act as a JSP
> base (this might
> be useful to others as well).  At the top of your JSP, you would put:
>
> <%@ page extends="jcifs.http.NtlmJspBase" %>
>
> It will do the authentication before dispatching to the page
> body.  In your
> web.xml, you would have something like:
>
> <servlet>
>     <servlet-name>FrontPage</servlet-name>
>     <jsp-file>/portal/index.jsp</jsp-file>
>     <init-param>
>         <param-name>jcifs.http.domainController</param-name>
>         <param-value>10.10.2.20</param-value>
>     </init-param>
> </servlet>
> <servlet-mapping>
>     <servlet-name>FrontPage</servlet-name>
>     <url-pattern>/portal/index.jsp</url-pattern>
> </servlet-mapping>
>
>
> The authenticated username would automatically be available in
> the session as
> the "ntlmuser" attribute (domain is "ntlmdomain", and the
> NtlmPasswordAuthentication object is "NtlmHttpAuth").
>
> Also, note that if you need to present Basic (i.e., to
> authenticate Netscape
> and other non-IE clients), the NtlmHttpFilter/NtlmServlet already provide
> this;  you just have to set the jcifs.http.enableBasic and
> jcifs.http.insecureBasic init-params to "true".  This will offer
> both NTLM and
> Basic in the WWW-Authenticate headers, which will allow IE to use
> NTLM and
> Netscape to use Basic.  Be aware, however, that there are large
> security issues
> surrounding Basic auth.
>
> Eric
>
> > RE: [jcifs] NTLM authentication performanceNathan,
> >
> > Thanks for your reply. It's an idea worth trying. If I understand this
> > correctly, you suggest that I create a servlet mapping:
> >
> >     <servlet>
> >         <servlet-name>
> >            ntlmservlet
> >         </servlet-name>
> >         <servlet-class>
> >             org.apache.jetspeed.servlets.NTLMServlet
> >         </servlet-class>
> >     </servlet>
> >
> >     <servlet-mapping>
> >        <servlet-name>
> >           ntlmservlet
> >        </servlet-name>
> >        <url-pattern>
> >          /portal/index.jsp
> >        </url-pattern>
> >     </servlet-mapping>
> >
> > I guess the NTLMServlet would have to store authenticated
> username in the
> > session so the Turbine servlet could retrieve it and do its own internal
> > login. I'm a little concerned about the url-pattern to specify for my
> > filter. If I don't want to execute this filter every time, then
> I would have
> > to set it to something like "/portal/index.jsp". But if that is
> the case,
>
> > bookmarking of other links within the portal may quit working.
> I guess I'll
> > have to try it.
> >
> > Thanks again for your suggestion.
> >
> >
> > Best regards,
> >
> > Mark Orciuch - morciuch at apache.org
> > Jakarta Jetspeed - Enterprise Portal in Java
> > http://jakarta.apache.org/jetspeed/
> >
> >   -----Original Message-----
> >   From: Nathan Zentner [mailto:Nathan.Zentner at paccoast.com]
> >   Sent: Friday, May 16, 2003 12:03 PM
> >   To: 'Mark Orciuch'
> >   Subject: RE: [jcifs] NTLM authentication performance
> >
> >
> >   Mark,
> >
> >           You can copy the code that is in the filter and add it to a
> > Servlet of you choice, maybe the landing page.  This should keep the
> > authitication from happening everytime a browser connects to the server.
> > The filter gives a config that you setup so that it only checks on the
> > <url-patten>.  If this has * in it then it will check for each
> page.  I have
> > copied the code to a servlet, because I also support netscape
> and don't want
> > it to throw a 401 error.  I then created a login page for those netscape
>
> > users so that they can use the domain username and password to login.
> >
> >   Hope this helps at least a little.
> >
> >   Nathan Zentner.
> >
> >   -----Original Message-----
> >   From: Mark Orciuch [mailto:mark_orciuch at ngsltd.com]
> >   Sent: Friday, May 16, 2003 9:48 AM
> >   To: jcifs at lists.samba.org
> >   Subject: [jcifs] NTLM authentication performance
> >
> >
> >
> >   I am trying to use the NTLM authentication using jcifs in
> Jetspeed portal.
> >   The portal performs well when domain controller is set to a
> local machine
> >   (same one running the portal). Local machine runs Tomcat
> 3.3.1a (servlet
> > API
> >   2.2). However, when deployed in the production-like
> environment, there's
> >   substantial performance degradation.
> >
> >   Production environment uses IBM WebSphere 3.5.6 (servlet API 2.2) and
> >   therefore I cannot use the NtlmHttpFilter. One thing that I noticed is
> > that
> >   the authentication takes place more than once per session.
> I'm not sure if
> >   it's the Turbine architecture (Jetspeed is built on top of
> Turbine) that's
>
> >   causing this. I think that this happens when I do a POST and
> Turbine does
> >   some redirection. At that point, I have to logon again. I
> hope this makes
> >   sense.
> >
> >   Are there any tips to speed things up? Perhaps some properties to set.
> > Thank
> >   you in advance for any help.
> >
> >   Best regards,
> >
> >   Mark Orciuch - morciuch at apache.org
> >   Jakarta Jetspeed - Enterprise Portal in Java
> >   http://jakarta.apache.org/jetspeed/
> >
> >
> >
> >
> >
> >   DISCLAIMER: This communication and any files or attachments
> transmitted
> > with it may contain information that is copyrighted or confidential and
> > exempt from disclosure under applicable law.  It is intended
> solely for the
> > use of the individual or the entity to which it is addressed.
> If you are
> > not the intended recipient, you are herby notified that any use,
> > dissemination, or copying of this communication is strictly
> prohibited.  If
> > you have received this communication in error, please notify us
> at once so
>
> > that we may take the appropriate action and avoid troubling you further.
> > Thank you for your cooperation. Contact information: Pacific
> Coast Company
> > Inc. 1-916-971-2330 and ask for the e-mail administrator.
> >
> >
> >
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: web.xml
Type: text/xml
Size: 2355 bytes
Desc: not available
Url : http://lists.samba.org/archive/jcifs/attachments/20030516/76088846/web.xml

More information about the jcifs mailing list