[jcifs] NTLMHttpFilter for multiple Domains?

AJ Weber aweber at comcast.net
Tue May 13 16:43:30 GMT 2008

Yes.  I got something working...I'm "beta testing" it right now.

I have a "known issue" with the interaction with one of our J2EE webapps that I'm trying to figure-out.  For whatever reason, it seems like the new filter is clobbering some of the existing HTTP Session's context.  I can't see how, and have started to work on debugging it.

Otherwise, it successfully authenticates users against any number of configured allowed domains (and correctly rejects incorrect authentication attempts, or attempts against non-configured domains).

The other "known limitation" is that if the user's workstation/session is NOT currently logged-into any NT Domain, IE falls-back to prompting the user for credentials.  In this case, the order in which the NTLM Messages go back-and-forth plays a hurdle, and the current code will only authenticate those users against the "default domain" (that which is configured using the standard jcifs... properties in the web.xml for the filter).

Also, I have only tested this with IE 6.0, 6.5 and 7.0.  I have not tested Firefox, etc.

I was planning on releasing the code back to the JCIFS project once I had figured-out this one problem, but I haven't had a lot of luck getting any response at all from them.


  ----- Original Message ----- 
  From: Jose Luis Martinez Avial 
  To: AJ Weber ; jcifs at lists.samba.org 
  Sent: Tuesday, May 13, 2008 11:12 AM
  Subject: RE: [jcifs] NTLMHttpFilter for multiple Domains?

  Did you get something on this? I'm looking to do the same thing.


  From: jcifs-bounces+jlmartinez=bpi-gruposantander.com at lists.samba.org [mailto:jcifs-bounces+jlmartinez=bpi-gruposantander.com at lists.samba.org] On Behalf Of AJ Weber
  Sent: Wednesday, April 23, 2008 11:44 AM
  To: jcifs at lists.samba.org
  Subject: [jcifs] NTLMHttpFilter for multiple Domains?

  Has anyone extended the NTLMHttpFilter to support multiple "allowed" domains?

  I may have a situation where multiple domains are allowed for authentication to a site, and they don't have an appropriate Trust Relationship setup.

  I think I could extend it to support this myself, but didn't want to "reinvent the wheel" if someone else already had done it and can share.

  Thanks in advance,

  Internet communications are not secure and therefore Banco 
  Santander International does not accept legal responsibility for 
  the contents of this message. Any views or opinions presented are 
  solely those of the author and do not necessarily represent those 
  of Banco Santander International unless otherwise specifically 

  Las comunicaciones via Internet no son seguras y por lo tanto 
  Banco Santander International no asume responsabilidad legal ni 
  de ningun otro tipo por el contenido de este mensaje. Cualquier 
  opinion transmitida pertenece unicamente al autor y no 
  necesariamente representa la opinion del Banco Santander 
  International a no ser que este expresamente detallado.

-------------- next part --------------
HTML attachment scrubbed and removed

More information about the jcifs mailing list