[jcifs] how to bypass authentication in ntlmhttpfilter?
Smyth, Jim
Jim.Smyth at broadvision.com
Wed Nov 16 16:06:35 GMT 2005
Thomas,
thanks for the reply. I didnt comment yesterday as I didnt have enough time to implement it & to be honest I was a little unsure about your solution (blush!).
I now see that the body portion is ignored if NTLM negociation (transparent or otherwise is taking place). It is only when the pop-up auth dialog is cancelled that the body is used. Clever.
thanks again
jim
-----Original Message-----
From: Thomas Bley
To: jcifs at lists.samba.org
Cc: Smyth, Jim
Sent: 15-11-2005 10:39
Subject: Re: [jcifs] how to bypass authentication in ntlmhttpfilter?
Hi Jim,
the webdisk uses this:
(from Presentation.java)
...
String userAgent =
request.getHeader("User-Agent").toLowerCase();
if (userAgent.indexOf("opera")!=-1 ||
userAgent.indexOf("konqueror")!=-1 || userAgent.indexOf("safari")!=-1) {
showLogin("<br><center><b>NTLM is disabled for Opera /
Konqueror / Safari.</b></center>");
return;
}
response.setHeader("WWW-Authenticate", "NTLM");
response.setHeader("Connection", "close");
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
// dirty hack if ntlm is disabled or user cancels the form
showLogin("<br><center><b>NTLM seems to be
disabled</b></center>");
...
showLogin shows a normal html-form for logging in and the user stays
anonymous.
The webdisk uses jCIFS, but not ntlmhttpfilter (only some parts of it).
http://sourceforge.net/projects/webdisk/
bye
Tom
Smyth, Jim wrote:
> Hi,
>
> I have got automatic logon to a web application using NT credentials.
I allow users to logoff the webapp by setting a session attribute when a
particular request header is sent, so that the NTLM filter is not
executed (and thus the user can browse the site anonymously).
>
> I would also like to implement the following:
>
> If a user cannot automatically authenticate against the domain, do NOT
show the network dialog. (i.e. allow users to transparently fail NTLM
and then browse the site anonymously).
>
> Has anyone done this? Any hints appreciated!
>
>
> thanks
> jim
>
>
>
More information about the jcifs
mailing list