[jcifs] The SmbTransport for getChallenge() and logon() must be the same? why?

[Xaver Fischer]

Hi,

at first I have to admit that I'm quite new to the JCIFS and SMB stuff.
I would like to use it to achieve SSO in an HTTP environment to my
application. To our current system topology it would best fit to do the HTTP
challenge and negotiation stuff in my servlet engine, but do the check of
the credential in my own Login service, which then creates a accessToken
specific for my application. This would imply that the
SmbSession.getChallenge() would be done by another process as the
SmbSession.logon() and thus by two different SmbTransports and SmbSessions.
Both going to the same domain controller.

What I learned by trying this "greenly" is that the same
SmbTransport/SmbSession must be used for these two actions. It seems to me
as if the domain controller creates the challenge, stores it for this
client's session internally and uses it for verifying the password hash
later. 

Am I right? Can someone confirm or correct me?

Is there some workaround, so that I can separate the HTTP handshake stuff
from the real password hash check into two processes? 

I neither like the idea to do the SmbSession.logon() in the servlet engine
and as a consequence have to ensure that the instance creating my internal
accesstoken can trust this servlet (maybe by some digital signature) nor do
I like the idea to do the whole handshake at my Login service.

Thanks for any help!

Xaver

-- 
--------------------------------------------------------------------
Xaver Fischer, Wimpes 27, 82389 Böbing
Tel.: 08867/921980, mailto:Xaver.Fischer at gmx.de
--------------------------------------------------------------------

+++ Neu: Echte DSL-Flatrates von GMX - Surfen ohne Limits +++
Always online ab 4,99 Euro/Monat: http://www.gmx.net/de/go/dsl