[jcifs] Implementing a weblogic identity asserter with jCifsandNTLM Http authentication

Michael B Allen mba2000 at ioplex.com
Thu Feb 26 02:18:17 GMT 2004

Damian Penney said:
> Dom, one thing you should be aware of is that if you go this route you
> may encounter problems with subsequent form posts. I ran into the issue
> whereby once the WWW-Authenticate header had been passed and IE had
> added the NTLM: msg, FORM posts would no longer work, the NTLM HTTP
> Filter gets around this by reauthing on posts.

POST works provided you do the NTLM authentication each time. That's not
really a work-around. That's just how the protocol works. I don't recall
if the idea is that NTLM should be performed with the form data for
security reasons or if it's to relieve the browser from potentially being
required to POST the form data twice or whatever. But IE initiates the
negotiation, not the filter. The thing that causes problems with certain
containers is the three message handshake over the same HTTP session.
That's not perfectly legit in HTTP speak.


More information about the jcifs mailing list