[jcifs] Implementing a weblogic identity asserter with jCifs
andNTLM Http authentication
jcifs at penney.org
Wed Feb 25 17:42:44 GMT 2004
Dom, one thing you should be aware of is that if you go this route you
may encounter problems with subsequent form posts. I ran into the issue
whereby once the WWW-Authenticate header had been passed and IE had
added the NTLM: msg, FORM posts would no longer work, the NTLM HTTP
Filter gets around this by reauthing on posts.
One suggestion had been to send an SC_UNAUTHORIZED message after the
username had been determined but in my case it didn't do the trick.
Just something to be aware of.
From: jcifs-bounces+jcifs=penney.org at lists.samba.org
[mailto:jcifs-bounces+jcifs=penney.org at lists.samba.org] On Behalf Of
eglass1 at comcast.net
Sent: Wednesday, February 25, 2004 9:13 AM
To: DJP JEAN-PROST Dominique
Cc: jcifs at lists.samba.org
Subject: Re: [jcifs] Implementing a weblogic identity asserter with
jCifs andNTLM Http authentication
> - What if I don't use this line in the previous code : resp.setHeader(
> "WWW-Authenticate", "NTLM " + msg );
Not familiar with how the identity assertion mechanism for Weblogic
but this header will have to be sent somehow (this is how the NTLM
are passed between the client and server).
> - Do I need to use SmbSession.logon(dc, ntlm); as the aim of identity
> asserter is only to say who is the user corresponding to the NTLM
> (underlying question : is the previous code sufficient to check the
> against the nt domain ?)
SmbSession.logon is what actually checks the credentials against the
without this, there isn't really any authentication.
More information about the jcifs