[jcifs] Problem with NtlmHttpFilter and Apache2

Wouter van Reeven Wouter.van.Reeven at AMIS.nl
Wed Jun 14 14:15:39 GMT 2006 

Hi,


Over the past few weeks I have used the NtlmHttpFilter in a web app I have been developing using Oracle JDeveloper. Now I have deployed the app to Tomcat 5.0.28 under Linux and I run into some strange problems. When I deploy to Debian Etch under VMWare, everything works fine. When I deploy to Red Hat Enterprise Linux ES release 3 I can't get the filter to work. What I have done is this.
I have installed Apache 2.0 and created a forward to Tomcat like this

    RewriteEngine On
    RewriteRule ^/(.*) http://vmdebian:8180/$1
    ProxyRequests Off
    ProxyPass / http://vmdebian:8180/
    ProxyPassReverse / http://vmdebian:8180/

The hostname for my RedHAt machine is redhat and I have put that in the httpd.conf file on RedHat where it reads vmdebian on Debian. So when I browse to http://vmdebian or http://redhat I get the Tomcat page instead of the Apache 2.0 page. We do this to be able to redirect to different applications on different ports based on the server name in the URL.
In Tomcat I created a web app with one JSP file that says "Success". Then I modified web.xml to read

  <filter>
      <filter-name>NtlmHttpFilter</filter-name>
      <filter-class>jcifs.http.NtlmHttpFilter</filter-class>
      <init-param>
          <param-name>jcifs.http.domainController</param-name>
          <param-value>my.local.domaincontroller</param-value>
      </init-param>
      <init-param>
          <param-name>jcifs.smb.client.domain</param-name>
          <param-value>DOMAIN</param-value>
      </init-param>
      <init-param>
          <param-name>jcifs.smb.client.username</param-name>
          <param-value>user</param-value>
      </init-param>
      <init-param>
          <param-name>jcifs.smb.client.password</param-name>
          <param-value>password</param-value>
      </init-param>
      <init-param>
          <param-name>jcifs.util.loglevel</param-name>
          <param-value>3</param-value>
      </init-param>
  </filter>

  <filter-mapping>
      <filter-name>NtlmHttpFilter</filter-name>
      <url-pattern>/*</url-pattern>
  </filter-mapping>

of course making sure all config options have the correct values. Finally I put the jcifs-1.2.9.jar in WEB-INF/lib in my web app.

Now for the problem: when I deploy this on Debian Etch with Tomcat 5.0.28 everything works fine. I connect to http://vmdebian:8080/myapp and I get prompted for a username and password. Please note I am working in a customer's network and I don't login to it, so I always get prompted. When I connect to http://vmdebian/myapp I also get a login popup and when I enter a valid username and password I get to see my "secret" jsp file.
When I deploy this on RedHat, however, connecting to http://redhat:8080/myapp works like a charm. Again I get the login popup and I can enter by providing the correct username and password. When I try to connect to http://redhat/myapp I never get a login popup! Setting the loglevel to 3 I see these messages

New data read: Transport1[my.local.domaincontroller/192.168.0.2:0]
00000: FF 53 4D 42 72 00 00 00 00 98 03 C0 00 00 00 00  |ÿSMBr......À....|
00010: 00 00 00 00 00 00 00 00 00 00 B7 8A 00 00 02 00  |..........·.....|

byteCount=34 but readBytesWireFormat returned 18
NtlmSsp: msg != null && msg.startsWith("NTLM ")
NtlmSsp: msg = TlRMTVNTUAACAAAACgAKADAAAAAFAoEAu2wvEE8mIzUAAAAAAAAAACwALAA6AAAARABTAEcATwBSAAIACgBEAFMARwBPAFIAAQAWAEoAQwBJAEYAUwAwAF8AMQBfADMAOQAAAAAA
NtlmSsp: msg != null && msg.startsWith("NTLM ")
NtlmSsp: msg = TlRMTVNTUAACAAAACgAKADAAAAAFAoEAu2wvEE8mIzUAAAAAAAAAACwALAA6AAAARABTAEcATwBSAAIACgBEAFMARwBPAFIAAQAWAEoAQwBJAEYAUwAwAF8AMQBfADMAOQAAAAAA

The NtlmSsp messages are caused by some logging statements I added to NtlmSsp.java.
Since the filter is working correctly when trying to access the jsp page directly on the Tomcat port, I suspect the culprit is somewhere between Apache 2 and Tomcat on RedHat. Please note I am using the RedHat httpd rpm while I downloaded Tomcat 5.0.28 in tar.gz format from the Jakarta Tomcat website. On my Debian VMWare machine I use the Debian apache2 deb packages and the same Tomcat 5.0.28 tar.gz download.

Please help!


Thanks, Wouter van Reeven

-- 
AMIS Services BV
Edisonbaan 15
Postbus 24
3430 AA  NIEUWEGEIN

T +31 (30)6016000
F +31 (30)6016001

-------------- next part --------------
HTML attachment scrubbed and removed

More information about the jcifs mailing list