[jcifs] NtlmHttpFilter caching question

Michael B Allen ioplex at gmail.com
Mon Nov 17 01:13:15 GMT 2008

On Sun, Nov 16, 2008 at 5:10 PM, AJ Weber <aweber at comcast.net> wrote:
> OK,
> I'm trying to fit the filter atop a J2EE framework.  For whatever reason,
> the filter ends-up having to re-authenticate really frequently.

IIS using both NTLM and Negotiate authentication will authenticate
every single HTTP request.

Caching the NTLM hashes is specific to the HTTP Filter and technically
should probably not be done.

> If I let the authentication run its course, it works fine, but I'm going to
> get in a lot of trouble with the network admins and AD guys for all the
> unnecessary traffic.

I doubt it. The NTLM HTTP Filter should not generate any more traffic
than you would see from IIS authenticating clients using NTLM over
NETLOGON to the DC. With IIS you'll see one NetrLogonSamLogonEx call
per auth whereas with the JCIFS NTLM HTTP Filter you'll see one
SMB_COM_SESSION_SETUP_ANDX per auth. No difference really.

If anything the JCIFS method will probably be less resource intensive
since it doesn't use the DCERPC layer, secure channel encryption, etc
(albeit less secure accordingly).


Michael B Allen
PHP Active Directory SPNEGO SSO

More information about the jcifs mailing list