[jcifs] Problem with JCIFS NTLM Authentication for HTTP Connections

Doan, Thi-My-Chi thi-my-chi.doan at hp.com
Fri Jan 14 12:47:48 GMT 2005 

> Mmm, it looks like NtlmHttpURLConnection expects request properties 
> to be 'List's. Are you certain that is the correct way to set the 
> cookie? Are request properties not supposed to be List objects?

Thanks for the hint! I put the cookie's values into a list and it works
fine now.

> Huh? So you're using NtlmHttpURLConnection with the NtlmHttpFilter? 
> You do realize that the two features are separate? The NtlmHttpFilter
is 
> for authenticating clients whereas the NtlmHttpURLConnection is the
http client.

It's a web application, which can be accessed from :
1) a web browser: user is automatically authenticated using NTLM
authentication
2) from a standalone Java application via servlet. User must enter their
NT 
username and password, which will be sent to the web application.

Is it the correct way? Thanks!

My Chi


-----Original Message-----
From: Michael B Allen [mailto:mba2000 at ioplex.com] 
Sent: Mittwoch, 12. Januar 2005 23:24
To: Doan, Thi-My-Chi
Cc: jcifs at lists.samba.org
Subject: Re: [jcifs] Problem with JCIFS NTLM Authentication for HTTP
Connections


Doan, Thi-My-Chi said:
> Hi,
>
> I'm facing 2 problems using the JCIFS NTLM Authentication for HTTP 
> Connections.
>
> 1) The authentication is only successful when login and password are 
> sent in the url. Setting domain, username and password
>    as
>         Config.setProperty("jcifs.smb.client.domain", domain);
>         Config.setProperty("jcifs.smb.client.username", user);
>         Config.setProperty("jcifs.smb.client.password", password);
>    has not worked.  What is the different between the two ways?

That should work provided you set the creds before any jcifs classes are
accessed. These are the default credentials so once you set them they
cannot be changed.

See the "Setting Client Properties" documentation for other methods to
set jcifs properties.

> 2) The authentication and authorization seem to work fine if user is 
> authorized to access the servlet.
>    As login.jsp is defined to be the login config form, I would expect

> that login.jsp would be returned
>    in case user is not authorized (This has worked without 
> NtlmHttpFilter). Instead, I got an exception.
>    The code looks as followed:

Huh? So you're using NtlmHttpURLConnection with the NtlmHttpFilter? You
do realize that the two features are separate? The NtlmHttpFilter is for
authenticating clients whereas the NtlmHttpURLConnection is the http
client.

>    HttpURLConnection connection =
(HttpURLConnection)u.openConnection();
>    connection.setDoOutput(true);
>    connection.setRequestProperty("Cookie", cookie);
>    connection.setRequestProperty("COOKIE", cookie);
>    OutputStream out = connection.getOutputStream();
>    out.write(webToolRequest.toXml().getBytes());
>    int i;
>    InputStream in = connection.getInputStream();
>
>    The last statement throw the exception:
>
>    java.lang.ClassCastException at 
> jcifs.http.NtlmHttpURLConnection.reconnect(NtlmHttpURLConnection.java:
> 58
> 1)

Mmm, it looks like NtlmHttpURLConnection expects request properties to
be 'List's. Are you certain that is the correct way to set the cookie?
Are request properties not supposed to be List objects?

Mike

More information about the jcifs mailing list