[jcifs] jcifs-1.1.0 released / NTLM HTTP Authentication Improvements
Michael B Allen
mba2000 at ioplex.com
Fri Oct 1 04:25:44 GMT 2004
There have been significant changes that should improve the
reliability and overall behavior of JCIFS particularly for users of
the NtlmHttpFilter.
* NbtAddress.getAllByName - The NbtAddress.getAllByName() method has
been implemented that will return all RDATA records for a NetBIOS
name. Thus, you can now retrieve the full list of domain controllers
with NbtAddress.getByName( "MYDOM", 0x1C, null, null ). The old
behavior of returning a random entry from the getByName method has
been eliminated.
* SYN Timeout - The socket code has been modified to employ the
transport thread when opening a new connection. This eliminates the
annoying 1min+ hang that occurs trying to connect to a non-existant
but routable addresss (i.e. the single threaded SmbCrawler example
is relatively fast now).
* SmbSession.getChallengeForDomain - A new method has been added
to retrieve an object that encapsulates both the server session key
(a.k.a. challenge) and the UniAddress from which it came. This method
is used solely by the NTLM HTTP Authentication Filter to eliminate
the possibility for a different domain controller to be queried in
the middle of client nogotiation. Prior to this release this could
result in temporary authentication failures. This code uses the new
getAllByName method to build a list of domain controllers suitable
for authenticating web clients. The clent will rotate evenly through
the list and remove entries that are unresponsive. This makes the
filter very resilent to domain controller failures.
* Session Expiration - because of the above changes the client will
now proactively close idle sessions. This is particularly pertainent
to the NTLM HTTP Filter which really only touches the session when
it is first created as the resulting credentials are cached in the
user's HTTP session.
* Read Bug - A read bug in JCIFS that affected EMC Celera servers
has been fixed.
* NetBIOS CalledName - The firstCalledName/nextCalledName methods
have been modified to try SMBSERVER* first and fall back to other
names. This should eliminate a round trip during session establishment
in newer environments.
Finally, I have updated the sample web.xml. It should be used as a
stationary in all production environments.
--
Greedo shoots first? Not in my Star Wars.
More information about the jcifs
mailing list