[jcifs] Re: question about ntlm http authentication

Mon Sep 19 09:00:14 GMT 2005

For all my tests increasing soTimeout solved the issue, the http-session
looks ok (timeout is 30 minutes). The default for soTimeout is 15 seconds,
therefore it's logical for me that users reauthenticate after 20-25
seconds.
There are not many differences between NetworkExplorer and the WebDisk,
I'm not (yet) using dfsreferral and the higher attrExpirationPeriod. When
Ntlm is not supported (or the user simply hits the escape button when the
password-window comes up) I switch back to the html-form. I also
explicitly excluded opera since it displays an error page when ntlm is
requested. For konqueror and safari I'm not sure how they behave, maybe
there are patches providing ntlm-support for them. Apart from the timeout
issue, tests with samba, w2k3 and the filer didn't show any problems.
Tom

> Given the emphasis I've expressed regarding NetworkExplorer, don't you
> think you should read through the code? Needless to say it does solve
> your "problem" and not by increasing soTimeout. In fact if you are having
> this problem then I'm pretty certain your code will fail miserably with
> multiple concurrent users.
>
> Mike
>
> On Mon, 19 Sep 2005 02:38:36 +0200
> Thomas Bley <thomas.bley at simple-groupware.de> wrote:
>
>> Hi Mike,
>>
>> of course I've looked at the networkexplorer but unfortunately there is
>> no documentation telling me exactly where my problem is solved:
>>
>> It looks like the turning point is soTimeout, is it ?
>>
>>  From the documentation:
>> jcifs.smb.client.soTimeout
>> To prevent the client from holding server resources unnecessarily,
>> sockets are closed after this time period if there is no activity. This
>> time is specified in milliseconds. The default is 15000.
>>
>> => For me it is not clear that this setting has an effect on the ntlm
>> http authentication.
>>
>> Config.setProperty( "jcifs.smb.client.soTimeout", "600000" );
>> Config.setProperty( "jcifs.smb.client.attrExpirationPeriod", "300000" );
>>
>> using this doesn't work in init(). When I use System.setProperty the
>> values are used.
>> With soTimeout=600000 I am no longer able to do a connect after an
>> inactivity greater than 60 seconds (timeout exceptions). When I restart
>> Tomcat it works again.
>> Using soTimeout 60000 seems to work.
>>
>> bye
>> Tom
>>
>>
>> Michael B Allen wrote:
>> > On Sun, 18 Sep 2005 20:28:17 +0200
>> > Thomas Bley <thomas.bley at simple-groupware.de> wrote:
>> >
>> >
>> >>Hi Mike,
>> >>
>> >>using ntlm the authentication is valid for some seconds. When the user
>> >>is inactive for 20-30 seconds, and clicks again in the webdisk, he
>> gets
>> >>a "access denied". So his browser has to provide the authentication
>> >>again and the user gets the access again.
>> >>
>> >>Do you know if this behaviour can be configured in any way ?
>> >>(e.g. allowing 2 minutes of inactivity before giving access denied)
>> >
>> >
>> > I don't mean to be sarcastic but is there a reason why you're ignoring
>> > my advise to follow the NetworkExplorer.java code?
>> >
>> > Mike
>> >
>>
>
>