[jcifs] Insufficient information in jCIFS doc'n about session
attribute persistence
Morten.Hattesen at tietoenator.com
Morten.Hattesen at tietoenator.com
Mon Jun 12 13:14:53 GMT 2006
In the jCIFS docs
http://jcifs.samba.org/src/docs/ntlmhttpauth.html#tomcat it is described
how session persistence may create invalid signatures, when restored.
It is much worse than that. The entire jCIFS configuration is destroyed
when the persisted session attributes are restored as part of a server
restart.
Since the jCIFS configuration is initialized on class-loading (static),
rather than lazily when required, configuration parameters such as
jcifs.smb.client.username is initialized to default "GUEST" account.
Note that this all takes place before the servlet initailization
parameters in web.xml are read.
This was the topic of a previous post of mine, some time ago
http://lists.samba.org/archive/jcifs/2005-March/004807.html
Similar behaviour is experienced with other servers that persist session
attribute, such as JBOSS.
The configuration handling of jCIFS really ought to be
rewritten/refactored.
rgds,
Morten Hattesen
-------------- next part --------------
HTML attachment scrubbed and removed
More information about the jcifs
mailing list