[jcifs] NTLM HTTP Filter Does Not Work With SMB Signing

Jacob Leung jacobleung at wisagetech.com
Fri Jun 2 03:29:30 GMT 2006

Hello Mike,

We do these Tests with Tomcat5.5 hosted on winXP sp2 in win2003 domain(
since we're not using WINS, we use the second example(domainController)
and your stock code ):

1.    Login of two users(Kevin, Jacob) with session signing enabled 

(with username and password): 

-        login sequential, the first(Kevin) success, Jacob fail(popup

-        again login in new window, the same as above.

-        (restart tomcat)

-        Jacob first, success.  Then Kevin, fail...

-        After about 2 minutes, Kevin login again, success.

2.    Login of 4 users with session signing enabled, this time, we use
LoadRunner to mock concurrence, each user login 50 times.

-        The same. Since we don't know who the first is, but the report
shows only one user success, others fail.

-        We test with LoadRunner about ten more times. At one time, all
user are login success, but this occur once.

-        All these tests we use (domainController, domain, username and



3.    Last test, we comment out the username and password for
preauthentication, both sequential and concurrence , the behavior look
like above.



Jacob Leung






There is something wrong with the NTLM HTTP Filter - several users have

reported sporatic failures. A number of people have sent me a variety of

diagnostics but all I really need right now is for someone (preferrably

multiple people) to perform the following simple test:


  1) Install the stock config as supplied in the documentation. Use the

  first example config unless you're not using WINS in which case use

  second example. Do not use any properties other than those explicitly



  2) Restart your container and have two or three different users on

  different workstations simultaneously login to the site. If this does

  not work, please report the failure.


  3) If multiple users does work, then please stop the container,

  out the username and password for preauthentication, start the

  and again have two or three different users access the site. If it

  works, then your domain controller does not require SMB signing and

  environment is not affected. No need to report your results. If it

  then that means SMB signing is being used and works with multiple

  in which case please report your success.


Any deviation from the above right now is bad science and I'm not



Until someone performs this test we simply cannot proceed with this

issue. I would like to try and make progress on this issue soon.

I will need to update the documentation to reflect the fact that the

filter basically does not work with SMB signing.




-------------- next part --------------
HTML attachment scrubbed and removed

More information about the jcifs mailing list