[jcifs] Jcifs Error after upgrading from 1.2.17 to 1.3.14 (Access Denied)

BlackEyeII russelmorgan at hotmail.com
Wed Jun 29 11:12:45 MDT 2011 

Michael B Allen wrote:
> 
> Hi Russ,
> 
> What do you mean "when trying to NTLM authenticate"?
> 
> What is the error / exception / stack trace?
> 
> What does you code do / look like?
> 
> Are you trying to authenticate HTTP clients?
> 
> Mike
> 
> 

Yes we are trying to HTTP authenticate.

The error in short terms is "Access is Denied"

Shown here in the Jcifs logs:
SmbComSessionSetupAndXResponse[command=SMB_COM_SESSION_SETUP_ANDX,
> received=false,errorCode=*Access is
> denied*.,flags=0x0098,flags2=0xC807,signSeq=193,tid=0,pid=60468,
> uid=0,mid=100,wordCount=0,byteCount=0,andxCommand=0xFF,andxOffset=0,
> isLoggedInAsGuest=false,nativeOs=,nativeLanMan=,primaryDomain=] 

And here is a stack trace of the error:
ERROR 2011-06-21 08:31:00,076 cms - Error in client request.
cms.common.exception.UserAuthenticationFailedException: Access is denied.
	at
com.disney.cms.authentication.CMSNTLMAuthenticator.authenticateUserWithDomainController(CMSNTLMAuthenticator.java:245)
	at
com.disney.cms.authentication.CMSNTLMAuthenticator.authenticateWithUserDomainName(CMSNTLMAuthenticator.java:213)
	at
com.disney.cms.authentication.CMSNTLMAuthenticator.login(CMSNTLMAuthenticator.java:156)
	at
com.disney.cms.authentication.CMSAuthenticator.authenticateUser(CMSAuthenticator.java:73)
	at
com.disney.cms.action.AuthenticateUserAction.authenticateUser(AuthenticateUserAction.java:345)
	at
com.disney.cms.action.AuthenticateUserAction.getAuthenticatedUser(AuthenticateUserAction.java:177)
	at sun.reflect.GeneratedMethodAccessor126.invoke(Unknown Source)
	at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at
com.disney.cms.handler.system.rpc.RPCRequestHandler.invokeMethod(RPCRequestHandler.java:471)
	at
com.disney.cms.handler.system.rpc.RPCRequestHandler.handleRPCRequest(RPCRequestHandler.java:553)
	at
com.disney.cms.handler.system.rpc.RPCRequestHandler.handleRequest(RPCRequestHandler.java:173)
	at com.disney.silver.service_log4j.Service.handleRequest(Service.java:383)
	at com.disney.silver.service_log4j.Service.doPost(Service.java:147)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:738)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:831)
	at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
	at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at
com.disney.cobalt.util.JPASessionFilter.doFilter(JPASessionFilter.java:64)
	at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
	at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
	at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
	at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
	at com.disney.tomcat.GreenCookieValve.invoke(GreenCookieValve.java:92)
	at
com.disney.tomcat.RequestThrottleValve.invoke(RequestThrottleValve.java:326)
	at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
	at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:286)
	at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:845)
	at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:583)
	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
	at java.lang.Thread.run(Thread.java:619)

The code around that and how we are using it:

Let me pseudo code/code explain that here:

We really have two paths we are using:

So for authentications where we have the domain name:

First we try to do a jcifsHostsLookup for the domain. 

Once that is done we take the info on the user and make this call:
authenticateUserWithDomainController(userName, password,
domainName,userDomainController);

And the second type is if we have the actual domain controller 

// Build a credentials object
        NtlmPasswordAuthentication credentials =
            new NtlmPasswordAuthentication(domainName, userName, password);
        try {
            // Attempt to authenticate against the domain controller
            SmbSession.logon(domainController, credentials);
        }

I am trying to get some additional logging in right now to see if one of
these particular methods is the one failing.

Hope that answers your questions.

Thanks for the input 
Russ



--
View this message in context: http://samba.2283325.n4.nabble.com/Jcifs-Error-after-upgrading-from-1-2-17-to-1-3-14-Access-Denied-tp3629069p3633459.html
Sent from the Samba - jcifs mailing list archive at Nabble.com.

More information about the jCIFS mailing list