[jcifs] NTLM HTTP authentication failure forward vs. Network
dtrapp at yahoo.com
Wed Aug 11 22:23:00 GMT 2004
> > > Not sure if you want to include this, but I
> > > support for forwards to a guest URL when unable
> > > transparently authenticate using NtlmHttpFilter.
> Note that sending a redirect will screw up POSTs to
> any non-NTLM pages
> on the same server. Unless the Type 3 request
> receives a 401 HTTP
> status (Unauthorized) in the response, it will
> assume NTLM
> authentication was successful. The browser will
> preemptively initiate
> a NTLM handshake before subsequently POSTing to that
> server. So if
> the target of the POST doesn't complete the
> handshake, it will get an
> empty POST body.
Ahh, this explains why I could only get my proposed
solution to work when forwarding to a different
> You might be better off doing:
> resp.setHeader("Refresh", "0;URL=" +
Good suggestion, I'll give this a try.
> This will signal to the client that the NTLM
> handshake did not
> succeed; it will then refresh them to the "manual
> login" target. Or,
> better still, just change lines ~146 in the filter
> Then, define an error page in web.xml:
> If the initial authentication fails, they will be
> presented with
> /loginform.jsp rather than being rechallenged. If
> you remove the
> error-page definition, you should get the default
Currently, our application is load balanced on three
servers and one is targeted for Form-based auth,
which as mentioned, really needs SSL active. Our
plans are to forward all guests to this server. In
any case, I'll look into this too.
Thanks so much
Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
More information about the jcifs