[jcifs] Basic windows Authentication

[eglass1 at comcast.net]

> I am struggling for this since one week. Yesterday i downloaded jcifs and
> configured. While i am testing, only first time i prompted for userid,
> password and domain , from there onwards i did not get popup. My requirement
> is  users should authenticate everytime they logged out or open the new
> session(browser). Could you please tell me how can i implement this one.

There are a couple of questions here:

Are you using Basic authentication?  Or NTLM?  NTLM will often not prompt you
at all, instead using established Windows credentials.  If you do get a
prompt, it will typically be domain/user/password; basic would just have
user/password.

The jCIFS filter stores the authenticated identity in the session.  So if you
open a new browser window (within the same instance of Internet Explorer), you
won't get prompted again (if you were prompted at all).  You could disable
this behavior by removing the lines in the filter code that store the identity
in the session; however, you would then get prompted for every request (i.e.,
each time you hit the webserver).

Basic credentials are typically cached by the browser and presented with every
request (to avoid prompting for each request).

If you want to provide a "logout" page, the page should probably:

1) remove the filter variables from the session.

2) return a 403 or 401 status to clear any authentication information held by
the browser.

That last one is a bit iffy, and would depend on how your browser treats this
circumstance.  Also, note again that users may not be prompted at all with
NTLM, depending on how their browser is configured.


Eric