[jcifs] NTLM HTTP authentication with multiple domains

Michael B Allen mba2000 at ioplex.com
Thu Mar 11 23:19:56 GMT 2004

Charly said:
>> True. But the domain used is established and used within
>> NtlmHttpFilter.doFilter() so you could very easily modify it to permit
>> the
>> domain to be specified within the HTTP request.
> ...seems to me that this is not thread safe at least without
> synchronization.

Why? Reading a cookie isn't thread-safe?

>> Note there is no way to
>> "negotiate" which domain a user is in so you'll have to use a cookie or
>> similar to determine that the first time the user visits the site.
> this seems not true for me because as shown on
> http://www.innovation.ch/java/ntlm.html
> ..
> Type-1 Message
> This message contains the host name and the NT domain name of the client.
> ..
> So I could switch to the proper configuration/instance/domain controller
> if I would know that.

No. That document is not very good. The type-1-message has the NetBIOS
*workgroup* which is frequently different from the NT domain.

See this document for a much better description:



More information about the jcifs mailing list