[jcifs] Implementing a weblogic identity asserter with jCifs and NTLM Http authentication

eglass1 at comcast.net eglass1 at comcast.net
Wed Feb 25 17:13:16 GMT 2004

> - What if I don't use this line in the previous code : resp.setHeader(
> "WWW-Authenticate", "NTLM " + msg );

Not familiar with how the identity assertion mechanism for Weblogic works,
but this header will have to be sent somehow (this is how the NTLM tokens
are passed between the client and server).

> - Do I need to use SmbSession.logon(dc, ntlm); as the aim of identity
> asserter is only to say who is the user corresponding to the NTLM token ?
> (underlying question : is the previous code sufficient to check the user
> against the nt domain ?)

SmbSession.logon is what actually checks the credentials against the domain;
without this, there isn't really any authentication.


More information about the jcifs mailing list