[jcifs] Re: NTLM http client uses Sun NTLM coming with JVM
1.4.2_10 instead of jcifs
Michael B Allen
mba2000 at ioplex.com
Fri Feb 3 18:19:04 GMT 2006
On Fri, 03 Feb 2006 16:56:35 +0100
Oliver Schoett <os at sdm.de> wrote:
> My Chi Doan wrote:
> > 2) When using System JVM (version 1.4.2_10), regardless which login
> > and password is used in the url above, always the user, who is logged
> > in on the PC, is got authenticated. E.g. xxx works on PC of yyy and
> > tries to call the ntlm client with his own NT login and password. The
> > authenticaton is always perfomed for user yyy instead of xxx.
> > It looks like in this case the Sun's NTLM is used instead of jcifs.
> Hmm, this is the third time this has been asked since Jan 25. Maybe it
> should become an entry in the Documentation and/or FAQ:
>
> NTLM authentication of HTTP requests works automatically in Sun JRE
> 1.4.2_02 and higher on Windows (including Java 5, but I haven't
> tested that): When you make an HTTP request to a Web server that
> requires Windows authentication, an NTLM authentication attempt is
> made automatically and transparently with the user's Windows
> credentials (see Java Bug 4857110). Only when that attempt fails
> the java.net.Authenticator class is invoked to get a user name and
> password.
>
> See also
> http://java.sun.com/j2se/1.4.2/docs/guide/net/properties.html#ntlm
>
> I do not know how to turn off the initial NTLM authentication with the
> Windows user credentials.
The correct way to resolve this issue would be to provide a full
blown HTTP client rather than just wrap calls to the included Sun
HTTP client. But it would be nice if there was a way to disable NTLM
negotiation so that JCIFS can still work.
Mike
More information about the jcifs
mailing list