[jcifs] NTLM HTTP authentication with multiple domains
Michael B Allen
mba2000 at ioplex.com
Thu Mar 11 23:19:56 GMT 2004
Charly said:
>> True. But the domain used is established and used within
>> NtlmHttpFilter.doFilter() so you could very easily modify it to permit
>> the
>> domain to be specified within the HTTP request.
> ...seems to me that this is not thread safe at least without
> synchronization.
Why? Reading a cookie isn't thread-safe?
>> Note there is no way to
>> "negotiate" which domain a user is in so you'll have to use a cookie or
>> similar to determine that the first time the user visits the site.
> this seems not true for me because as shown on
> http://www.innovation.ch/java/ntlm.html
> ..
> Type-1 Message
> This message contains the host name and the NT domain name of the client.
> ..
> So I could switch to the proper configuration/instance/domain controller
> if I would know that.
No. That document is not very good. The type-1-message has the NetBIOS
*workgroup* which is frequently different from the NT domain.
See this document for a much better description:
http://davenport.sourceforge.net/ntlm.html
Mike
More information about the jcifs
mailing list