[jcifs] Anyway to force basic authentication?

Jason Bainbridge jbainbridge at gmail.com
Tue Jun 20 17:57:42 GMT 2006

On 6/14/06, Jason Bainbridge <jbainbridge at gmail.com> wrote:
> There is a previous message on the list mentioning that it would be
> possible to do this by modifying the filter code so has anyone
> implemented that at all? I'm more of a support/admin/implementation
> guy and only hack at a bit of code here and there so that is a bit
> over my head. It would be nicer though if there was just a way to
> configure the fallback of BASIC to be used regardless of NTLM working
> or not.

Oops, didn't realize the above was sent direct to Mike and not the
list, no wonder nobody else replied. ;)

Anyway I was having a bit of a look into what modifications would be
required to always prompt for a user's windows credentials using BASIC
authentication instead of the automatic NTLM handshaking. Obviously
the class that needs changes for the filter is NtlmHttpFilter.java and
it is around the IF block:

        if( msg != null && (msg.startsWith( "NTLM " ) ||
                    (offerBasic && msg.startsWith("Basic ")))) {

Am I reading that correctly in that it will return True and need to
enter the IF block if a user has already authenticated through BASIC?
Meaning that if I want it to return false the first time around all I
need to do is remove the check for msg.startsWith( "NTLM " )?

Would I also need to remove the if block for:

if (msg.startsWith("NTLM ")) {

Or does using the BASIC authentication end up with a message type of
NTLM and still need that?

Apologies for the newbie like questions but these days I don't get to
do much coding so I am more than a little rusty, but if I can work out
what needs to be done to be able to force basic authentication in
addition to simply enabling it I will look into making that a
configuration option and make my patch available if anyone was

Jason Bainbridge
An Aussie geek stuck in Texas - http://jasonbainbridge.com

More information about the jcifs mailing list