[jcifs] jcifs-1.1.0 released / NTLM HTTP Authentication Improvements

Michael B Allen mba2000 at ioplex.com
Fri Oct 1 04:25:44 GMT 2004

There have been significant changes that should improve the
reliability and overall behavior of JCIFS particularly for users of
the NtlmHttpFilter.

    * NbtAddress.getAllByName - The NbtAddress.getAllByName() method has
    been implemented that will return all RDATA records for a NetBIOS
    name. Thus, you can now retrieve the full list of domain controllers
    with NbtAddress.getByName( "MYDOM", 0x1C, null, null ). The old
    behavior of returning a random entry from the getByName method has
    been eliminated.

    * SYN Timeout - The socket code has been modified to employ the
    transport thread when opening a new connection. This eliminates the
    annoying 1min+ hang that occurs trying to connect to a non-existant
    but routable addresss (i.e. the single threaded SmbCrawler example
    is relatively fast now).

    * SmbSession.getChallengeForDomain - A new method has been added
    to retrieve an object that encapsulates both the server session key
    (a.k.a. challenge) and the UniAddress from which it came. This method
    is used solely by the NTLM HTTP Authentication Filter to eliminate
    the possibility for a different domain controller to be queried in
    the middle of client nogotiation. Prior to this release this could
    result in temporary authentication failures. This code uses the new
    getAllByName method to build a list of domain controllers suitable
    for authenticating web clients. The clent will rotate evenly through
    the list and remove entries that are unresponsive. This makes the
    filter very resilent to domain controller failures.

    * Session Expiration - because of the above changes the client will
    now proactively close idle sessions. This is particularly pertainent
    to the NTLM HTTP Filter which really only touches the session when
    it is first created as the resulting credentials are cached in the
    user's HTTP session.

    * Read Bug - A read bug in JCIFS that affected EMC Celera servers
    has been fixed.

    * NetBIOS CalledName - The firstCalledName/nextCalledName methods
    have been modified to try SMBSERVER* first and fall back to other
    names. This should eliminate a round trip during session establishment
    in newer environments.

Finally, I have updated the sample web.xml. It should be used as a
stationary in all production environments.

Greedo shoots first? Not in my Star Wars.

More information about the jcifs mailing list