[jcifs] Struts forwards and jCIFS NTLM

Justin Mahoney JMahoney at ditech.com
Wed Nov 16 04:04:38 GMT 2005


We are experiencing the following issue with jCIFS 1.2.6 and Struts 1.1:

A "forward" in Struts actually causes the ServletRequest to get reprocessed
through the filter chain, with headers from the most recent browser request
intact (in this case, including the Type 3 message).

It appears NtlmHttpFilter is attempting to re-authenticate and since no
'NtlmHttpChal' session attribute exists (after being removed from the first
successful authentication), a new 'NtlmHttpChal' token is created and set in
the session. Unfortunately this new challenge token obviously does not match
the existing Type 3 message's token, and thus the subsequent call to
SmbSession.logon() fails. After enough of these failures, the account is
locked out due to security policy.

Is there a known workaround to this? I was thinking a programmatic fix would
be to set a request attribute indicating authentication had already
occurred.

This is happening on GETs, not POSTs, btw.

Thanks
-------------- next part --------------
HTML attachment scrubbed and removed


More information about the jcifs mailing list