[jcifs] NTLM HTTP authentication with multiple domains
Michael B Allen
mba2000 at ioplex.com
Thu Mar 11 23:19:56 GMT 2004
>> True. But the domain used is established and used within
>> NtlmHttpFilter.doFilter() so you could very easily modify it to permit
>> domain to be specified within the HTTP request.
> ...seems to me that this is not thread safe at least without
Why? Reading a cookie isn't thread-safe?
>> Note there is no way to
>> "negotiate" which domain a user is in so you'll have to use a cookie or
>> similar to determine that the first time the user visits the site.
> this seems not true for me because as shown on
> Type-1 Message
> This message contains the host name and the NT domain name of the client.
> So I could switch to the proper configuration/instance/domain controller
> if I would know that.
No. That document is not very good. The type-1-message has the NetBIOS
*workgroup* which is frequently different from the NT domain.
See this document for a much better description:
More information about the jcifs