NtlmHttpFilter issues.

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

NtlmHttpFilter issues.

BASHEER, SHIBU
Hello,  
 
I am trying to authenticate my j2ee application using NtlmHttpFilter
using instructions from
http://jcifs.samba.org/src/docs/ntlmhttpauth.html
 
My config:
Tomcat 5.5.9
java 1.5.0_06
jcifs-1.2.7.jar
 
I find that the authentication only works intermittently.  After tomcat
server is restarted, the browser automatically authenticates into the
application as the way it should work, however, after a while if another
user tries to start a session, he is challenged with a password dialog.
It will works for the same user after a server reboot.  Sometimes it may
allows one or two users to log in before it starts challenging for
password for new sessions.  There are no errors reported in the logs,
and I do not know why the problem is intermittent.  I have included my
settings in web.xml
 
<filter>
<filter-name>NtlmHttpFilter</filter-name>
<filter-class>jcifs.http.NtlmHttpFilter</filter-class>
<init-param>
        <param-name>jcifs.http.domainController</param-name>
        <param-value>ip.address</param-value>
</init-param>
</filter>

<filter-mapping>
    <filter-name>NtlmHttpFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

Also, another maybe unrelated issue is that jcifs.smb.client.domain
requires the value to be less than 15 characters.  Our domain is 15
characters long, so the NtlmHttpFilter seems to trim the last character
resulting in an UnknownHostException.  For this reason, I am using
jcifs.http.NtlmHttpFilter which seems to work at least after a fresh
server startup.

Any pointers will be much appreciated.

Thanks,
SB
Reply | Threaded
Open this post in threaded view
|

RE: NtlmHttpFilter issues.

BASHEER, SHIBU
After much research, I managed to get NtlmHttpFilter working in tomcat.
Here is what I did:

1. Had to use appropriate jcifs.smb.client.(domain, username, and
password) (http://jcifs.samba.org/src/docs/ntlmhttpauth.html#signing)

2. Stick <Manager pathname=""/> in your application's <Context> in
server.xml (http://lists.samba.org/archive/jcifs/2005-March/004807.html)


Hope this helps.

Shibu

-----Original Message-----
From: jcifs-bounces+shibu.basheer=[hidden email]
[mailto:jcifs-bounces+shibu.basheer=[hidden email]] On Behalf
Of BASHEER, SHIBU
Sent: Wednesday, March 22, 2006 4:39 PM
To: [hidden email]
Subject: [jcifs] NtlmHttpFilter issues.

Hello,  
 
I am trying to authenticate my j2ee application using NtlmHttpFilter
using instructions from
http://jcifs.samba.org/src/docs/ntlmhttpauth.html
 
My config:
Tomcat 5.5.9
java 1.5.0_06
jcifs-1.2.7.jar
 
I find that the authentication only works intermittently.  After tomcat
server is restarted, the browser automatically authenticates into the
application as the way it should work, however, after a while if another
user tries to start a session, he is challenged with a password dialog.
It will works for the same user after a server reboot.  Sometimes it may
allows one or two users to log in before it starts challenging for
password for new sessions.  There are no errors reported in the logs,
and I do not know why the problem is intermittent.  I have included my
settings in web.xml
 
<filter>
<filter-name>NtlmHttpFilter</filter-name>
<filter-class>jcifs.http.NtlmHttpFilter</filter-class>
<init-param>
        <param-name>jcifs.http.domainController</param-name>
        <param-value>ip.address</param-value>
</init-param>
</filter>

<filter-mapping>
    <filter-name>NtlmHttpFilter</filter-name>
    <url-pattern>/*</url-pattern>
</filter-mapping>

Also, another maybe unrelated issue is that jcifs.smb.client.domain
requires the value to be less than 15 characters.  Our domain is 15
characters long, so the NtlmHttpFilter seems to trim the last character
resulting in an UnknownHostException.  For this reason, I am using
jcifs.http.NtlmHttpFilter which seems to work at least after a fresh
server startup.

Any pointers will be much appreciated.

Thanks,
SB
Reply | Threaded
Open this post in threaded view
|

Re: NtlmHttpFilter issues.

Michael B Allen-4
In reply to this post by BASHEER, SHIBU
On Wed, 22 Mar 2006 16:38:32 -0400
"BASHEER, SHIBU" <[hidden email]> wrote:

> Hello,  
>  
> I am trying to authenticate my j2ee application using NtlmHttpFilter
> using instructions from
> http://jcifs.samba.org/src/docs/ntlmhttpauth.html
>  
> My config:
> Tomcat 5.5.9
> java 1.5.0_06
> jcifs-1.2.7.jar
>  
> I find that the authentication only works intermittently.  After tomcat
> server is restarted, the browser automatically authenticates into the
> application as the way it should work, however, after a while if another
> user tries to start a session, he is challenged with a password dialog.
> It will works for the same user after a server reboot.  Sometimes it may
> allows one or two users to log in before it starts challenging for
> password for new sessions.  There are no errors reported in the logs,
> and I do not know why the problem is intermittent.  I have included my
> settings in web.xml
>  
> <filter>
> <filter-name>NtlmHttpFilter</filter-name>
> <filter-class>jcifs.http.NtlmHttpFilter</filter-class>
> <init-param>
> <param-name>jcifs.http.domainController</param-name>
> <param-value>ip.address</param-value>
> </init-param>
> </filter>
>
> <filter-mapping>
>     <filter-name>NtlmHttpFilter</filter-name>
>     <url-pattern>/*</url-pattern>
> </filter-mapping>

If you're really getting the above errors and you're using the
domainController property (and not the jcifs.smb.client.domain property)
then that is rather strange and I can only conclude that there is
something wrong with the specified domain controller (e.g. overloaded).

Or your diagnostics are based on a different configuration in which case
I cannot comment.

> Also, another maybe unrelated issue is that jcifs.smb.client.domain
> requires the value to be less than 15 characters.  Our domain is 15
> characters long, so the NtlmHttpFilter seems to trim the last character
> resulting in an UnknownHostException.  For this reason, I am using
> jcifs.http.NtlmHttpFilter which seems to work at least after a fresh
> server startup.

Mmm, from the above web.xml I do not see jcifs.smb.client.domain.

Anyway, NetBIOS names are limited to 15 characters but a domain name
with 15 characters should be fine. If it is being trucated that is a
bug and we would like to know how to reproduce the problem.

Mike

Reply | Threaded
Open this post in threaded view
|

Re: NtlmHttpFilter issues.

Michael B Allen-4
In reply to this post by BASHEER, SHIBU
On Thu, 23 Mar 2006 13:58:54 -0400
"BASHEER, SHIBU" <[hidden email]> wrote:

> After much research, I managed to get NtlmHttpFilter working in tomcat.
> Here is what I did:
>
> 1. Had to use appropriate jcifs.smb.client.(domain, username, and
> password) (http://jcifs.samba.org/src/docs/ntlmhttpauth.html#signing)
>
> 2. Stick <Manager pathname=""/> in your application's <Context> in
> server.xml (http://lists.samba.org/archive/jcifs/2005-March/004807.html)

This is interesting. I'll have to add this to the FAQ.

Mike
Reply | Threaded
Open this post in threaded view
|

Re: NtlmHttpFilter issues.

Michael B Allen-4
Documentation updated in 1.2.8 to be released RSN.

On Thu, 23 Mar 2006 15:32:30 -0500
Michael B Allen <[hidden email]> wrote:

> On Thu, 23 Mar 2006 13:58:54 -0400
> "BASHEER, SHIBU" <[hidden email]> wrote:
>
> > After much research, I managed to get NtlmHttpFilter working in tomcat.
> > Here is what I did:
> >
> > 1. Had to use appropriate jcifs.smb.client.(domain, username, and
> > password) (http://jcifs.samba.org/src/docs/ntlmhttpauth.html#signing)
> >
> > 2. Stick <Manager pathname=""/> in your application's <Context> in
> > server.xml (http://lists.samba.org/archive/jcifs/2005-March/004807.html)
>
> This is interesting. I'll have to add this to the FAQ.
>
> Mike
>