[jcifs] RE: Older versions of JCIFS

[Michael B Allen]

On Wed, 3 Aug 2005 12:05:33 -0400
"Aaron J Weber" <aweber at comcast.net> wrote:

> The other possible problem is that the 1.1.x versions do not support the default serialization WDK 5.3 uses for session failover when running in Weblogic or Websphere clusters...I have not checked whether the later versions of the jar allow for serialization, maybe Michael can comment on that.

Serialization of credentials w/ jCIFS does not work. The NtlmPasswordAuthentication class is Serializable but in practice when an NPA is deserialized it's attrs have default values (ie "GUEST") which of course almost invariably fails.

The correct way to fix this would be to flag an NPA as "resolved" but make the default value false so that when it's deserialized the Filter knows to re-resolve it (by reinitiating the NTLM HTTP exchange).

But I'm not going to fix this bacause I think the call stack changes would be too awkward. Instead I'm going to push forward with the new WindowsLoginModule JAAS integration and try to anticipate support for the said behavior in the new code [1].

Mike

[1] There are no plans to include any kind of HTTP authentication filter in JCIFS 2.0 (or HTTP anything) because it is expected that w/ JAAS as the object model of the new code it will be more extensible and that process cannot be fully anticipated at this time (e.g. by the time 2.0 is stable, creating an HTTP authentication filter using JCIFS could be a trival exercise).