[jcifs] Insufficient information in jCIFS doc'n about session
attribute persistence
Michael B Allen
mba2000 at ioplex.com
Tue Jun 13 07:18:51 GMT 2006
On Mon, 12 Jun 2006 15:14:53 +0200
<Morten.Hattesen at tietoenator.com> wrote:
> The configuration handling of jCIFS really ought to be
> rewritten/refactored.
Well I haven't been working on jCIFS much but if someone were to fix
this this is how I think it might be done:
The problem is that there are cryptographic keys in the objects stored in
the session. Those keys are only valid in the context of the transport
over which they were created. So there needs to be some code in the key
get routines that verifies that the associated transport is still valid
and if not throw an exception all the way up into the Filter such that
it causes reauthentication. It's probably 10 lines of code.
Mike
--
Michael B Allen
PHP Extension for SSO w/ Windows Group Authorization
http://www.ioplex.com/
More information about the jcifs
mailing list