[jcifs] NtlmHttpFilter java.lang.ExceptionInInitializerError& java.lang.NoClassDefFoundError

Richard Caper rcaper at gmail.com
Thu Jun 15 13:43:22 GMT 2006 

The filter normally only logs the user in once; it checks the session
and only initiates authentication if the user has not already been
authenticated.

The problem with only mapping a filter to a single page on the server
is that once NTLM authentication has taken place, the client (IE) will
proactively reinitiate authentication for every POST request to that
server.  So if you try a POST to another page it will send an empty
request along with the NTLM type-1 message.  If you don't have the
filter in place to respond with the challenge, then to your
application it will look like the user submitted an empty POST.

The problem with serialization is twofold:

1) in a clustered environment with distributed sessions, the
serialized values are problematic; the reason is that they are tied to
a specific socket communication between a specific server and the
domain controller.  If reconstituted on a different application
server, all sorts of funky behavior can occur.

2) even in a non-clustered environment, many application servers
serialize sessions to disk on a clean shutdown.  This is so you can
bounce the app server and maintain active user sessions across the
restart.  the problem here is that on restart the objects in the
sessions are recreated before the filter itself is initialized; hence
some of the static setup stuff intended to be done in the filters
init() method is already configured when that is run.

On 6/15/06, Mike Streeton <mike.streeton at ardentia.co.uk> wrote:
> Sergio,
>    One tip when using windows authentication that solved a lot of our problems:
>
> Only authenticate a single page. Put you filter on a subdirectory that contains a single servlet/jsp page that puts a value in the session indicating the user and that they have been authenticated, make sure this value can be serialized. Terminate NTLM search the archive of this list to find out how.
>
> This works on the principle you only login once, not on every page. Simply add another filter to the rest of the application that checks for you serialized value stored in the session, if it is not present forward to NTLM filter servlet/jsp page.
>
> Mike
>
> www.ardentia.com the home of NetSearch
> -----Original Message-----
> From: jcifs-bounces+mike.streeton=ardentia.co.uk at lists.samba.org [mailto:jcifs-bounces+mike.streeton=ardentia.co.uk at lists.samba.org] On Behalf Of Sergio Mendonça
> Sent: 14 June 2006 19:30
> To: jcifs at lists.samba.org
> Subject: Re: [jcifs] NtlmHttpFilter java.lang.ExceptionInInitializerError& java.lang.NoClassDefFoundError
>
> Thanks for your help Mike!
>
> I'm not using a cluster environment and the errors happens when the
> tomcat run normally.
> In the server that the NtlmHttpFilter works fine the OS is Linux Fedora
> Core 4 and in the server that the problems occours, ths OS is Linux
> Fedora Core 5.
> The two servers are 64 bits.
> These are all the informations that i know for now.
> How I could disabled session serialization?
>
> Thanks again!
> Sergio
>
>
> Michael B Allen wrote:
>
> >JCIFS does not work if the objects it puts into the session are
> >serialized. This can happen in a cluster environment or when restarting
> >a container.
> >
> >The only solution is to somehow disabled session serialization for
> >the filter.
> >
> >There is a fundamental problem with trying to use a stateful
> >authentication protocol (NTLM) over a stateless transport (HTTP).
> >
> >Mike
> >
> >On Wed, 14 Jun 2006 10:07:41 -0300
> >Sergio Mendonça <sergio.mendonca at ebiz.com.br> wrote:
> >
> >
> >
> >>Hi,
> >>
> >>Im trying to use the NtlmHttpFilter to authenticate the users and have
> >>some problems.
> >>This is the configuration that i'm using in the web.xml:
> >>
> >><filter>
> >>        <filter-name>NtlmHttpFilter</filter-name>
> >>        <filter-class>jcifs.http.NtlmHttpFilter</filter-class>
> >>        <init-param>
> >>            <param-name>jcifs.smb.client.domain</param-name>
> >>            <param-value>celos</param-value>
> >>        </init-param>
> >>        <init-param>
> >>            <param-name>jcifs.netbios.wins</param-name>
> >>            <param-value>192.168.13.230</param-value>
> >>        </init-param>
> >>        <init-param>
> >>            <param-name>jcifs.netbios.cachePolicy</param-name>
> >>            <param-value>0</param-value>
> >>        </init-param>
> >>        <init-param>
> >>            <param-name>jcifs.util.loglevel</param-name>
> >>            <param-value>3</param-value>
> >>        </init-param>
> >>        <init-param>
> >>                <param-name>jcifs.smb.client.username</param-name>
> >>                <param-value>operador</param-value>
> >>        </init-param>
> >>        <init-param>
> >>            <param-name>jcifs.smb.client.password</param-name>
> >>            <param-value>operador2003</param-value>
> >>        </init-param>
> >>    </filter>
> >>    <filter-mapping>
> >>        <filter-name>NtlmHttpFilter</filter-name>
> >>        <url-pattern>/*</url-pattern>
> >>    </filter-mapping>
> >>
> >>This configuration works perfectly in others servers, but in the
> >>production server does'nt work, generating this 2 errors listed below:
> >>*
> >>1-*
> >>ERROR 13/06/2006 13:06:30,656
> >>org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/cadastro].[default]
> >>- Servlet.service() for servlet default threw exception
> >> java.lang.ExceptionInInitializerError
> >>    at jcifs.smb.SmbSession.getChallengeForDomain(SmbSession.java:95)
> >>    at jcifs.http.NtlmHttpFilter.negotiate(NtlmHttpFilter.java:150)
> >>    at jcifs.http.NtlmHttpFilter.doFilter(NtlmHttpFilter.java:114)
> >>    at
> >>org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
> >>    at
> >>org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
> >>    at
> >>org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
> >>    at
> >>org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
> >>    at
> >>org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
> >>    at
> >>org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
> >>    at
> >>org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
> >>    at
> >>org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
> >>    at
> >>org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:868)
> >>    at
> >>org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:663)
> >>    at
> >>org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
> >>    at
> >>org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
> >>    at
> >>org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
> >>    at java.lang.Thread.run(Thread.java:595)
> >>Caused by: java.lang.NullPointerException
> >>    at jcifs.netbios.NbtAddress.<clinit>(NbtAddress.java:199)
> >>    ... 17 more
> >>
> >>*2-*
> >>ERROR 13/06/2006 13:06:31,744
> >>org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/cadastro].[default]
> >>- Servlet.service() for servlet default threw exception
> >> java.lang.NoClassDefFoundError
> >>    at jcifs.smb.SmbSession.getChallengeForDomain(SmbSession.java:95)
> >>    at jcifs.http.NtlmHttpFilter.negotiate(NtlmHttpFilter.java:150)
> >>    at jcifs.http.NtlmHttpFilter.doFilter(NtlmHttpFilter.java:114)
> >>    at
> >>org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:202)
> >>    at
> >>org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:173)
> >>    at
> >>org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
> >>    at
> >>org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:178)
> >>    at
> >>org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:126)
> >>    at
> >>org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:105)
> >>    at
> >>org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:107)
> >>    at
> >>org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:148)
> >>    at
> >>org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:868)
> >>    at
> >>org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:663)
> >>    at
> >>org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:527)
> >>    at
> >>org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:80)
> >>    at
> >>org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:684)
> >>    at java.lang.Thread.run(Thread.java:595)
> >>
> >>The login dialog is shown, i set the username and password, then the
> >>error #1 occurs.
> >>After this, the error #2 passes to occour.
> >>
> >>Somebody can help me?
> >>Thanks
> >>
> >>Sergio Mendonça
> >>
> >>
> >>
> >
> >
> >
> >
>
>

More information about the jcifs mailing list