[jcifs] Insufficient information in jCIFS doc'n about session attribute persistence

Morten.Hattesen at tietoenator.com Morten.Hattesen at tietoenator.com
Mon Jun 12 13:14:53 GMT 2006

In the jCIFS docs
http://jcifs.samba.org/src/docs/ntlmhttpauth.html#tomcat it is described
how session persistence may create invalid signatures, when restored.
It is much worse than that. The entire jCIFS configuration is destroyed
when the persisted session attributes are restored as part of a server
Since the jCIFS configuration is initialized on class-loading (static),
rather than lazily when required, configuration parameters such as
jcifs.smb.client.username is initialized to default "GUEST" account.
Note that this all takes place before the servlet initailization
parameters in web.xml are read.
This was the topic of a previous post of mine, some time ago
Similar behaviour is experienced with other servers that persist session
attribute, such as JBOSS.
The configuration handling of jCIFS really ought to be
Morten Hattesen
-------------- next part --------------
HTML attachment scrubbed and removed

More information about the jcifs mailing list