[jcifs] Struts forwards and jCIFS NTLM
Justin Mahoney
JMahoney at ditech.com
Wed Nov 16 04:04:38 GMT 2005
We are experiencing the following issue with jCIFS 1.2.6 and Struts 1.1:
A "forward" in Struts actually causes the ServletRequest to get reprocessed
through the filter chain, with headers from the most recent browser request
intact (in this case, including the Type 3 message).
It appears NtlmHttpFilter is attempting to re-authenticate and since no
'NtlmHttpChal' session attribute exists (after being removed from the first
successful authentication), a new 'NtlmHttpChal' token is created and set in
the session. Unfortunately this new challenge token obviously does not match
the existing Type 3 message's token, and thus the subsequent call to
SmbSession.logon() fails. After enough of these failures, the account is
locked out due to security policy.
Is there a known workaround to this? I was thinking a programmatic fix would
be to set a request attribute indicating authentication had already
occurred.
This is happening on GETs, not POSTs, btw.
Thanks
-------------- next part --------------
HTML attachment scrubbed and removed
More information about the jcifs
mailing list