[jcifs] Implementing a weblogic identity asserter with jCifs andNTLM Http authentication

[Damian Penney]

Dom, one thing you should be aware of is that if you go this route you
may encounter problems with subsequent form posts. I ran into the issue
whereby once the WWW-Authenticate header had been passed and IE had
added the NTLM: msg, FORM posts would no longer work, the NTLM HTTP
Filter gets around this by reauthing on posts. 

One suggestion had been to send an SC_UNAUTHORIZED message after the
username had been determined but in my case it didn't do the trick. 

Just something to be aware of.

Damian

 

-----Original Message-----
From: jcifs-bounces+jcifs=penney.org at lists.samba.org
[mailto:jcifs-bounces+jcifs=penney.org at lists.samba.org] On Behalf Of
eglass1 at comcast.net
Sent: Wednesday, February 25, 2004 9:13 AM
To: DJP JEAN-PROST Dominique
Cc: jcifs at lists.samba.org
Subject: Re: [jcifs] Implementing a weblogic identity asserter with
jCifs andNTLM Http authentication



> - What if I don't use this line in the previous code : resp.setHeader(
> "WWW-Authenticate", "NTLM " + msg );

Not familiar with how the identity assertion mechanism for Weblogic
works,
but this header will have to be sent somehow (this is how the NTLM
tokens
are passed between the client and server).

> - Do I need to use SmbSession.logon(dc, ntlm); as the aim of identity
> asserter is only to say who is the user corresponding to the NTLM
token ?
> (underlying question : is the previous code sufficient to check the
user
> against the nt domain ?)

SmbSession.logon is what actually checks the credentials against the
domain;
without this, there isn't really any authentication.

Eric