[jcifs] Problem using jCIFS NTLM HTTP Authentication for Single
Sign-on
Ellery Crane
ecrane at bear-code.com
Fri May 11 12:57:01 GMT 2007
I'm attempting to debug a problem with our implementation of jCIFS.
We're using OpenCms, and have a module written to incorporate the
NTLM HTTP Authentication filter in the jCIFS library to accomplish
single sign-on for Windows users with accounts in Active Directory.
OpenCMS is being run on a linux server. When OpenCMS is being run on
the same Windows server as Active Directory, single sign-on works
perfectly. However, when OpenCms is on the linux server, attempts to
use the single sign-on functionality cause internal server errors:
When the transparent sign-on page is accessed, the page displays an
error:
A server error occured!
Server error 500
Internal Server Error
The server encountered an unexpected condition which prevented it
from fulfilling the request.
Checking the tomcat logs reveals that the following error occurs the
first time that the transparent login page is accessed:
May 7, 2007 9:54:56 AM org.apache.catalina.core.StandardWrapperValve
invoke
SEVERE: Servlet.service() for servlet OpenCmsServlet threw exception
java.lang.NullPointerException
at jcifs.netbios.NbtAddress.<clinit>(NbtAddress.java:199)
at jcifs.UniAddress.<clinit>(UniAddress.java:62)
at jcifs.http.NtlmHttpFilter.negotiate(NtlmHttpFilter.java:156)
at jcifs.http.NtlmHttpFilter.doFilter(NtlmHttpFilter.java:114)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter
(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter
(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke
(StandardWrapperValve.java:228)
at org.apache.catalina.core.StandardContextValve.invoke
(StandardContextValve.java:175)
at org.apache.catalina.core.StandardHostValve.invoke
(StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke
(ErrorReportValve.java:104)
at org.apache.catalina.core.StandardEngineValve.invoke
(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service
(CoyoteAdapter.java:216)
at org.apache.coyote.http11.Http11Processor.process
(Http11Processor.java:844)
at org.apache.coyote.http11.Http11Protocol
$Http11ConnectionHandler.process(Http11Protocol.java:634)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run
(JIoEndpoint.java:445)
at java.lang.Thread.run(Thread.java:595)
Subsequent attempts to reload the transparent login page result in a
different error, which is added to the log each time the page is
refreshed:
May 7, 2007 9:57:52 AM org.apache.catalina.core.StandardWrapperValve
invoke
SEVERE: Servlet.service() for servlet OpenCmsServlet threw exception
java.lang.NoClassDefFoundError
at jcifs.http.NtlmHttpFilter.negotiate(NtlmHttpFilter.java:156)
at jcifs.http.NtlmHttpFilter.doFilter(NtlmHttpFilter.java:114)
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter
(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter
(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke
(StandardWrapperValve.java:228)
at org.apache.catalina.core.StandardContextValve.invoke
(StandardContextValve.java:175)
at org.apache.catalina.core.StandardHostValve.invoke
(StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke
(ErrorReportValve.java:104)
at org.apache.catalina.core.StandardEngineValve.invoke
(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service
(CoyoteAdapter.java:216)
at org.apache.coyote.http11.Http11Processor.process
(Http11Processor.java:844)
at org.apache.coyote.http11.Http11Protocol
$Http11ConnectionHandler.process(Http11Protocol.java:634)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run
(JIoEndpoint.java:445)
at java.lang.Thread.run(Thread.java:595)
After a few minutes have passed, refreshing the transparent login
page reveals an exception trace that is not shown in the logs:
javax.servlet.ServletException: Filter execution threw an exception
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter
(ApplicationFilterChain.java:259)
at org.apache.catalina.core.ApplicationFilterChain.doFilter
(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke
(StandardWrapperValve.java:228)
at org.apache.catalina.core.StandardContextValve.invoke
(StandardContextValve.java:175)
at org.apache.catalina.core.StandardHostValve.invoke
(StandardHostValve.java:128)
at org.apache.catalina.valves.ErrorReportValve.invoke
(ErrorReportValve.java:104)
at org.apache.catalina.core.StandardEngineValve.invoke
(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service
(CoyoteAdapter.java:216)
at org.apache.coyote.http11.Http11Processor.process
(Http11Processor.java:844)
at org.apache.coyote.http11.Http11Protocol
$Http11ConnectionHandler.process(Http11Protocol.java:634)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run
(JIoEndpoint.java:445)
at java.lang.Thread.run(Thread.java:595)
Caused by: java.lang.NoClassDefFoundError
at jcifs.http.NtlmHttpFilter.negotiate(NtlmHttpFilter.java:156)
at jcifs.http.NtlmHttpFilter.doFilter(NtlmHttpFilter.java:114)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter
(ApplicationFilterChain.java:235)
... 11 more
It is entirely possible that these errors are a result of improper
configuration of our OpenCMS module, and we are in contact with the
vendor we purchased the module from to verify if this is the case.
However, give that the exceptions stem from within the jCIFS classes,
it was my thought that this could be a problem with our jCIFS
implementation.
We're using the latest version (1.2.13) of jCIFS, and version 6.0.10
of Tomcat. Here is the relevant portion of our web.xml:
<filter>
<filter-name>NtlmHttpFilter</filter-name>
<filter-class>jcifs.http.NtlmHttpFilter</filter-class>
<init-param>
<param-name>jcifs.http.domainController</param-name>
<param-value>WINDOWS SERVER IP ADDRESS</param-value>
</init-param>
<init-param>
<param-name>jcifs.smb.client.domain</param-name>
<param-value>OUR DOMAIN</param-value>
</init-param>
<init-param>
<param-name>jcifs.smb.client.username</param-name>
<param-value>opencms</param-value>
</init-param>
<init-param>
<param-name>jcifs.smb.client.password</param-name>
<param-value>Op3nCMS</param-value>
</init-param>
<init-param>
<param-name>jcifs.util.loglevel</param-name>
<param-value>3</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>NtlmHttpFilter</filter-name>
<url-pattern>/opencms/system/adlogin/*</url-pattern>
</filter-mapping>
Does anyone have a clue what might be going on here? Thanks!
_________________________________
Ellery Crane
-------------- next part --------------
HTML attachment scrubbed and removed
More information about the jcifs
mailing list