[jcifs] jcifs.http.NtlmHttpFilter and POST

Michael B Allen ioplex at gmail.com
Thu Aug 21 18:28:16 GMT 2008

On Thu, Aug 21, 2008 at 7:18 AM, Giampaolo Tomassoni
<Giampaolo at tomassoni.biz> wrote:
>> Does anyone know why this might be the case?
> My really really broad guess.
> NTLM is a per-channel authentication protocol, not a per-request one.

You probably shouldn't be making really really broad guesses :->

NTLMSSP over HTTP is per-request. At least it's supposed to be. If you
look at IIS, every request is authenticated. But for performance
reasons JCIFS caches the result of an authentication in the user's
session (which also is not tied to channels incedintally).

If IE does NTLM with a server it will proactively initiate NTLMSSP
authentication for POST requests (I don't know how IE decides which
servers it has authenticated with - it's probably based on the
hostname) as described in the NTLM HTTP Filter documentation. In this
case, the filter must be enabled to consume such authentications or IE
will never send the POST data.

The problem is that the OP's config is screwed up and the filter isn't
being engaged properly for the POST targets.


Michael B Allen
PHP Active Directory SPNEGO SSO

More information about the jcifs mailing list