[jcifs] Timeout problem with jcifs NTLM HTTP authentication
Paul.Holaj at dekabank.de
Paul.Holaj at dekabank.de
Thu Nov 18 16:43:17 GMT 2004
Hi,
we use a struts based web application with IE 5.5 and jcifs 1.1.2 NTLM HTTP authentication.
The newer jcifs versions use a Netbios "1c" call to get a list of available domain controllers from the the WINS server.
In the last few days, one of our domain controllers was offline.
Since our WINS Server manages its list of domain controllers in a static way, it still contained the address of the offline DC.
In our web application, we noticed that during this period of time sometimes
our applications' pages didn't respond and returned a timeout error after several minutes:
Servlet failed with IOException
jcifs.smb.SmbException: An error occured sending the request.
java.net.ConnectException: Connection timed out
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.PlainSocketImpl.doConnect(PlainSocketImpl.java:305)
at java.net.PlainSocketImpl.connectToAddress(PlainSocketImpl.java:171)
at java.net.PlainSocketImpl.connect(PlainSocketImpl.java:158)
at java.net.Socket.connect(Socket.java:452)
at java.net.Socket.connect(Socket.java:402)
at java.net.Socket.<init>(Socket.java:309)
at java.net.Socket.<init>(Socket.java:211)
at jcifs.netbios.NbtSocket.<init>(NbtSocket.java:59)
at jcifs.smb.SmbTransport.ensureOpen(SmbTransport.java:275)
at jcifs.smb.SmbTransport.send(SmbTransport.java:602)
at jcifs.smb.SmbTransport.negotiate(SmbTransport.java:847)
at jcifs.smb.SmbSession.getChallenge(SmbSession.java:59)
at jcifs.http.NtlmHttpFilter.doFilter(NtlmHttpFilter.java:109)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:27)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:6356)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:118)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3635)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2585)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
at jcifs.smb.SmbTransport.send(SmbTransport.java:633)
at jcifs.smb.SmbTransport.negotiate(SmbTransport.java:847)
at jcifs.smb.SmbSession.getChallenge(SmbSession.java:59)
at jcifs.http.NtlmHttpFilter.doFilter(NtlmHttpFilter.java:109)
at weblogic.servlet.internal.FilterChainImpl.doFilter(FilterChainImpl.java:27)
at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:6356)
at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321)
at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:118)
at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3635)
at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2585)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:197)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:170)
Our web.xml looks as follows:
...
<web-app>
<filter>
<filter-name>NTLM HTTP Authentication Filter</filter-name>
<filter-class>jcifs.http.NtlmHttpFilter</filter-class>
<init-param>
<param-name>jcifs.netbios.wins</param-name>
<param-value>10.9.99.8</param-value>
</init-param>
<init-param>
<param-name>jcifs.smb.client.domain</param-name>
<param-value>DGZDEKA</param-value>
</init-param>
</filter>
<!-- NTLM HTTP Authentication only works with MSIE -->
<filter-mapping>
<filter-name>NTLM HTTP Authentication Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
...
With a network trace we found out, that the timeout occured every time when jcifs choose
the offline DC from the list.
Isn't jcifs supposed to switch through the list of DC's until it finds a responding DC ?
Or do I have to set a jcifs timeout configuration parameter ?
Thanks in advance.
Best Regards,
Paul Holaj
-------------- next part --------------
HTML attachment scrubbed and removed
More information about the jcifs
mailing list