[jcifs] how to bypass authentication in ntlmhttpfilter?
Thomas Bley
thomas.bley at simple-groupware.de
Tue Nov 15 18:39:16 GMT 2005
Hi Jim,
the webdisk uses this:
(from Presentation.java)
...
String userAgent = request.getHeader("User-Agent").toLowerCase();
if (userAgent.indexOf("opera")!=-1 ||
userAgent.indexOf("konqueror")!=-1 || userAgent.indexOf("safari")!=-1) {
showLogin("<br><center><b>NTLM is disabled for Opera /
Konqueror / Safari.</b></center>");
return;
}
response.setHeader("WWW-Authenticate", "NTLM");
response.setHeader("Connection", "close");
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
// dirty hack if ntlm is disabled or user cancels the form
showLogin("<br><center><b>NTLM seems to be disabled</b></center>");
...
showLogin shows a normal html-form for logging in and the user stays
anonymous.
The webdisk uses jCIFS, but not ntlmhttpfilter (only some parts of it).
http://sourceforge.net/projects/webdisk/
bye
Tom
Smyth, Jim wrote:
> Hi,
>
> I have got automatic logon to a web application using NT credentials. I allow users to logoff the webapp by setting a session attribute when a particular request header is sent, so that the NTLM filter is not executed (and thus the user can browse the site anonymously).
>
> I would also like to implement the following:
>
> If a user cannot automatically authenticate against the domain, do NOT show the network dialog. (i.e. allow users to transparently fail NTLM and then browse the site anonymously).
>
> Has anyone done this? Any hints appreciated!
>
>
> thanks
> jim
>
>
>
More information about the jcifs
mailing list