[jcifs] how to bypass authentication in ntlmhttpfilter?

Smyth, Jim Jim.Smyth at broadvision.com
Wed Nov 16 16:06:35 GMT 2005


Thomas,

thanks for the reply.  I didnt comment yesterday as I didnt have enough time to implement it & to be honest I was a little unsure about your solution (blush!).

I now see that the body portion is ignored if NTLM negociation (transparent or otherwise is taking place).  It is only when the pop-up auth dialog is cancelled that the body is used.  Clever.

thanks again 

jim

-----Original Message-----
From: Thomas Bley
To: jcifs at lists.samba.org
Cc: Smyth, Jim
Sent: 15-11-2005 10:39
Subject: Re: [jcifs] how to bypass authentication in ntlmhttpfilter?

Hi Jim,

the webdisk uses this:

(from Presentation.java)
...
        String userAgent =
request.getHeader("User-Agent").toLowerCase();
        if (userAgent.indexOf("opera")!=-1 || 
userAgent.indexOf("konqueror")!=-1 || userAgent.indexOf("safari")!=-1) {
            showLogin("<br><center><b>NTLM is disabled for Opera / 
Konqueror / Safari.</b></center>");
            return;
        }
        response.setHeader("WWW-Authenticate", "NTLM");
        response.setHeader("Connection", "close");
        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);

        // dirty hack if ntlm is disabled or user cancels the form
        showLogin("<br><center><b>NTLM seems to be
disabled</b></center>");
...

showLogin shows a normal html-form for logging in and the user stays 
anonymous.

The webdisk uses jCIFS, but not ntlmhttpfilter (only some parts of it).

http://sourceforge.net/projects/webdisk/

bye
Tom


Smyth, Jim wrote:
> Hi,
>
> I have got automatic logon to a web application using NT credentials.
I allow users to logoff the webapp by setting a session attribute when a
particular request header is sent, so that the NTLM filter is not
executed (and thus the user can browse the site anonymously).
>
> I would also like to implement the following:
>
> If a user cannot automatically authenticate against the domain, do NOT
show the network dialog.  (i.e. allow users to transparently fail NTLM
and then browse the site anonymously).  
>
> Has anyone done this?  Any hints appreciated!
>
>
> thanks
> jim
>
>
>   


More information about the jcifs mailing list