[jcifs] NtlmHttpFilter issues.

Michael B Allen mba2000 at ioplex.com
Thu Mar 23 20:17:22 GMT 2006 

On Wed, 22 Mar 2006 16:38:32 -0400
"BASHEER, SHIBU" <shibu.basheer at emera.com> wrote:

> Hello,  
>  
> I am trying to authenticate my j2ee application using NtlmHttpFilter
> using instructions from
> http://jcifs.samba.org/src/docs/ntlmhttpauth.html
>  
> My config:
> Tomcat 5.5.9
> java 1.5.0_06
> jcifs-1.2.7.jar
>  
> I find that the authentication only works intermittently.  After tomcat
> server is restarted, the browser automatically authenticates into the
> application as the way it should work, however, after a while if another
> user tries to start a session, he is challenged with a password dialog.
> It will works for the same user after a server reboot.  Sometimes it may
> allows one or two users to log in before it starts challenging for
> password for new sessions.  There are no errors reported in the logs,
> and I do not know why the problem is intermittent.  I have included my
> settings in web.xml
>  
> <filter>
> <filter-name>NtlmHttpFilter</filter-name>
> <filter-class>jcifs.http.NtlmHttpFilter</filter-class>
> <init-param>
> 	<param-name>jcifs.http.domainController</param-name>
> 	<param-value>ip.address</param-value>
> </init-param>
> </filter>
> 
> <filter-mapping>
>     <filter-name>NtlmHttpFilter</filter-name>
>     <url-pattern>/*</url-pattern>
> </filter-mapping>

If you're really getting the above errors and you're using the
domainController property (and not the jcifs.smb.client.domain property)
then that is rather strange and I can only conclude that there is
something wrong with the specified domain controller (e.g. overloaded).

Or your diagnostics are based on a different configuration in which case
I cannot comment.

> Also, another maybe unrelated issue is that jcifs.smb.client.domain
> requires the value to be less than 15 characters.  Our domain is 15
> characters long, so the NtlmHttpFilter seems to trim the last character
> resulting in an UnknownHostException.  For this reason, I am using
> jcifs.http.NtlmHttpFilter which seems to work at least after a fresh
> server startup.

Mmm, from the above web.xml I do not see jcifs.smb.client.domain.

Anyway, NetBIOS names are limited to 15 characters but a domain name
with 15 characters should be fine. If it is being trucated that is a
bug and we would like to know how to reproduce the problem.

Mike

More information about the jcifs mailing list