[jcifs] Implementing a weblogic identity asserter with jCifsandNTLM Http authentication

Damian Penney jcifs at penney.org
Thu Feb 26 02:50:44 GMT 2004


Didn't mean to imply that the filter wasn't working per the spec, just
that the spec gets in the way of what I, and I think Dom, were trying to
do, which is a one time handshake to figure out the username at which
point the container can take over.

Damian
http://www.textads.biz
 

-----Original Message-----
From: Michael B Allen [mailto:mba2000 at ioplex.com] 
Sent: Wednesday, February 25, 2004 6:18 PM
To: Damian Penney
Cc: jcifs at lists.samba.org
Subject: RE: [jcifs] Implementing a weblogic identity asserter with
jCifsandNTLM Http authentication

Damian Penney said:
> Dom, one thing you should be aware of is that if you go this route you
> may encounter problems with subsequent form posts. I ran into the
issue
> whereby once the WWW-Authenticate header had been passed and IE had
> added the NTLM: msg, FORM posts would no longer work, the NTLM HTTP
> Filter gets around this by reauthing on posts.

POST works provided you do the NTLM authentication each time. That's not
really a work-around. That's just how the protocol works. I don't recall
if the idea is that NTLM should be performed with the form data for
security reasons or if it's to relieve the browser from potentially
being
required to POST the form data twice or whatever. But IE initiates the
negotiation, not the filter. The thing that causes problems with certain
containers is the three message handshake over the same HTTP session.
That's not perfectly legit in HTTP speak.

Mike



More information about the jcifs mailing list