[jcifs] Problem using jCIFS NTLM HTTP Authentication for Single Sign-on

Ellery Crane ecrane at bear-code.com
Fri May 11 12:57:01 GMT 2007 

I'm attempting to debug a problem with our implementation of jCIFS.  
We're using OpenCms, and have a module written to incorporate the  
NTLM HTTP Authentication filter in the jCIFS library to accomplish  
single sign-on for Windows users with accounts in Active Directory.   
OpenCMS is being run on a linux server. When OpenCMS is being run on  
the same Windows server as Active Directory, single sign-on works  
perfectly. However, when OpenCms is on the linux server, attempts to  
use the single sign-on functionality cause internal server errors:

When the transparent sign-on page is accessed, the page displays an  
error:

A server error occured!
Server error 500
Internal Server Error
The server encountered an unexpected condition which prevented it  
from fulfilling the request.

Checking the tomcat logs reveals that the following error occurs the  
first time that the transparent login page is accessed:

May 7, 2007 9:54:56 AM org.apache.catalina.core.StandardWrapperValve  
invoke
SEVERE: Servlet.service() for servlet OpenCmsServlet threw exception
java.lang.NullPointerException
         at jcifs.netbios.NbtAddress.<clinit>(NbtAddress.java:199)
         at jcifs.UniAddress.<clinit>(UniAddress.java:62)
         at jcifs.http.NtlmHttpFilter.negotiate(NtlmHttpFilter.java:156)
         at jcifs.http.NtlmHttpFilter.doFilter(NtlmHttpFilter.java:114)
         at  
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter 
(ApplicationFilterChain.java:235)
         at org.apache.catalina.core.ApplicationFilterChain.doFilter 
(ApplicationFilterChain.java:206)
         at org.apache.catalina.core.StandardWrapperValve.invoke 
(StandardWrapperValve.java:228)
         at org.apache.catalina.core.StandardContextValve.invoke 
(StandardContextValve.java:175)
         at org.apache.catalina.core.StandardHostValve.invoke 
(StandardHostValve.java:128)
         at org.apache.catalina.valves.ErrorReportValve.invoke 
(ErrorReportValve.java:104)
         at org.apache.catalina.core.StandardEngineValve.invoke 
(StandardEngineValve.java:109)
         at org.apache.catalina.connector.CoyoteAdapter.service 
(CoyoteAdapter.java:216)
         at org.apache.coyote.http11.Http11Processor.process 
(Http11Processor.java:844)
         at org.apache.coyote.http11.Http11Protocol 
$Http11ConnectionHandler.process(Http11Protocol.java:634)
         at org.apache.tomcat.util.net.JIoEndpoint$Worker.run 
(JIoEndpoint.java:445)
         at java.lang.Thread.run(Thread.java:595)

Subsequent attempts to reload the transparent login page result in a  
different error, which is added to the log each time the page is  
refreshed:

May 7, 2007 9:57:52 AM org.apache.catalina.core.StandardWrapperValve  
invoke
SEVERE: Servlet.service() for servlet OpenCmsServlet threw exception
java.lang.NoClassDefFoundError
         at jcifs.http.NtlmHttpFilter.negotiate(NtlmHttpFilter.java:156)
         at jcifs.http.NtlmHttpFilter.doFilter(NtlmHttpFilter.java:114)
         at  
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter 
(ApplicationFilterChain.java:235)
         at org.apache.catalina.core.ApplicationFilterChain.doFilter 
(ApplicationFilterChain.java:206)
         at org.apache.catalina.core.StandardWrapperValve.invoke 
(StandardWrapperValve.java:228)
         at org.apache.catalina.core.StandardContextValve.invoke 
(StandardContextValve.java:175)
         at org.apache.catalina.core.StandardHostValve.invoke 
(StandardHostValve.java:128)
         at org.apache.catalina.valves.ErrorReportValve.invoke 
(ErrorReportValve.java:104)
         at org.apache.catalina.core.StandardEngineValve.invoke 
(StandardEngineValve.java:109)
         at org.apache.catalina.connector.CoyoteAdapter.service 
(CoyoteAdapter.java:216)
         at org.apache.coyote.http11.Http11Processor.process 
(Http11Processor.java:844)
         at org.apache.coyote.http11.Http11Protocol 
$Http11ConnectionHandler.process(Http11Protocol.java:634)
         at org.apache.tomcat.util.net.JIoEndpoint$Worker.run 
(JIoEndpoint.java:445)
         at java.lang.Thread.run(Thread.java:595)

After a few minutes have passed, refreshing the transparent login  
page reveals an exception trace that is not shown in the logs:

javax.servlet.ServletException: Filter execution threw an exception
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter 
(ApplicationFilterChain.java:259)
	at org.apache.catalina.core.ApplicationFilterChain.doFilter 
(ApplicationFilterChain.java:206)
	at org.apache.catalina.core.StandardWrapperValve.invoke 
(StandardWrapperValve.java:228)
	at org.apache.catalina.core.StandardContextValve.invoke 
(StandardContextValve.java:175)
	at org.apache.catalina.core.StandardHostValve.invoke 
(StandardHostValve.java:128)
	at org.apache.catalina.valves.ErrorReportValve.invoke 
(ErrorReportValve.java:104)
	at org.apache.catalina.core.StandardEngineValve.invoke 
(StandardEngineValve.java:109)
	at org.apache.catalina.connector.CoyoteAdapter.service 
(CoyoteAdapter.java:216)
	at org.apache.coyote.http11.Http11Processor.process 
(Http11Processor.java:844)
	at org.apache.coyote.http11.Http11Protocol 
$Http11ConnectionHandler.process(Http11Protocol.java:634)
	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run 
(JIoEndpoint.java:445)
	at java.lang.Thread.run(Thread.java:595)
Caused by: java.lang.NoClassDefFoundError
	at jcifs.http.NtlmHttpFilter.negotiate(NtlmHttpFilter.java:156)
	at jcifs.http.NtlmHttpFilter.doFilter(NtlmHttpFilter.java:114)
	at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter 
(ApplicationFilterChain.java:235)
	... 11 more

It is entirely possible that these errors are a result of improper  
configuration of our OpenCMS module, and we are in contact with the  
vendor we purchased the module from to verify if this is the case.   
However, give that the exceptions stem from within the jCIFS classes,  
it was my thought that this could be a problem with our jCIFS  
implementation.

We're using the latest version (1.2.13)  of jCIFS, and version 6.0.10  
of Tomcat. Here is the relevant portion of our web.xml:

      <filter>
         <filter-name>NtlmHttpFilter</filter-name>
         <filter-class>jcifs.http.NtlmHttpFilter</filter-class>
         <init-param>
             <param-name>jcifs.http.domainController</param-name>
             <param-value>WINDOWS SERVER IP ADDRESS</param-value>
          </init-param>
          <init-param>
             <param-name>jcifs.smb.client.domain</param-name>
             <param-value>OUR DOMAIN</param-value>
          </init-param>
          <init-param>
             <param-name>jcifs.smb.client.username</param-name>
             <param-value>opencms</param-value>
          </init-param>
          <init-param>
             <param-name>jcifs.smb.client.password</param-name>
             <param-value>Op3nCMS</param-value>
          </init-param>
          <init-param>
             <param-name>jcifs.util.loglevel</param-name>
             <param-value>3</param-value>
          </init-param>
      </filter>

      <filter-mapping>
          <filter-name>NtlmHttpFilter</filter-name>
          <url-pattern>/opencms/system/adlogin/*</url-pattern>
      </filter-mapping>

Does anyone have a clue what might be going on here? Thanks!

_________________________________
Ellery Crane
-------------- next part --------------
HTML attachment scrubbed and removed

More information about the jcifs mailing list