[jcifs] Weird behaviour with NTLMHttpFilter

Swapnil Patil swapnil123patil at gmail.com
Thu Jan 1 11:35:44 GMT 2009


Hi Stefan ,

Thank you for you answere. Its nice to see solution to my problem.

>>>"to mod the SmbSession in that way that it forcefully called the disconnect method of the underlying transport as soon as the logoff >>>method was being called."
Can you give more inputs on it ? I am newbie , I want do these changes for me.

"Allowing multiple domains without trusts" This is my next target but
first I have to get over current problem.

I am using jcifs-1.2.25a . Is this issue resolved in version 1.4 ?


On Wed, Dec 31, 2008 at 9:54 PM, Stefan Müller <stefan.mueller at issp.cc> wrote:
> Hi,
>
> I experienced similar issues at the end of 2007 with jCIFS build 1.2.17. The first user went fine, the second user (different user account, different host) received a 403 HTTP error. After a certain time period (I think it was suspiciously close to the SO_TIMEOUT value I had defined) or when restarting Tomcat (5.5) it started working again for the next "first user" that had been the second one in the initial call.
>
> When implementing the NTLM handshake directly (without the filter class and with the motivation to cover multiple domains without trusts in this effort) I eventually ended up with the "solution" to mod the SmbSession in that way that it forcefully called the disconnect method of the underlying transport as soon as the logoff method was being called. So I gave up the benefit of impersonation but it did work that way. Without the modification the handshake apparently failed at the logon method of the SmbSession class. Unfortunately, I did not backup the exception.
>
> Regards
>
> ---------------------------------------------------------------------------
> Stefan Müller
> CTO
>
> ISSP Software und Service GmbH
> Eichenweg 6
> A-4048 Puchenau/Linz
> Mob.: +43 664 39 59 518
> Fax.: +43 732 221705-28
> Mail: stefan.mueller at issp.cc
> -------------------------------------------------
> Firmenbuchgericht: LG Linz
> Firmenbuchnummer: 218098 h
>
>
> -----Ursprüngliche Nachricht-----
> Von: jcifs-bounces+stefan.mueller=issp.cc at lists.samba.org [mailto:jcifs-bounces+stefan.mueller=issp.cc at lists.samba.org] Im Auftrag von Swapnil Patil
> Gesendet: Mittwoch, 31. Dezember 2008 16:07
> An: jcifs at lists.samba.org
> Betreff: [jcifs] Weird behaviour with NTLMHttpFilter
>
> Hi,
> I am using NTLMHttpFilter.
> Server : Tomcat 5.0. On machine 192.168.2.79.
> After starting tomcat if test my application from  192.168.5.120.(its
> in same domain where my apllication is deployed) NTLM works fine.
> After this if I test my application from server itself i.e
> 192.168.2.79 it ask for user name password to connect 192.168.2.79. !
> I can login if click url 3 times !.  vice-versa of this is true i.e.
> afteer server restart if strat testing from 192.168.2.79 then I
> encounter problem at 192.168.5.120
> web.xml is as follows
> <filter>
>    <filter-name>NtlmHttpFilter</filter-name>
>     <filter-class>jcifs.http.NtlmHttpFilter</filter-class>
>     <init-param>
>          <param-name>jcifs.netbios.wins</param-name>
>          <param-value>192.168.5.124,192.168.5.126</param-value>
>     </init-param>
>     <init-param>
>          <param-name>jcifs.smb.client.domain</param-name>
>          <param-value>techo</param-value>
>     </init-param>
> </filter>
> <filter-mapping>
>   <filter-name>NtlmHttpFilter</filter-name>
>   <url-pattern>/index.jsp</url-pattern>
> </filter-mapping>
>
> --- index.jsp
> I am getting user name from session.getAttribute("NtlmHttpAuth");. And
> then puting that user in request. and then I am submiting page to
> login.jsp
> I am hiting index.jsp to test my application.
> I am newbie in NTLM so this may be as per design behaviour.
> Does any know about such behavior ?
> --
> Thanks & Regards
> Swapnil Patil.
>



-- 
Thanks & Regards
Swapnil Patil.


More information about the jcifs mailing list