Problem using JCIFs and JSF

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Problem using JCIFs and JSF

Francisco Pinto Araujo Junior
Hi,
 
I construct a web application and use JCIFs to authenticate. I observed in the NtlmHttpFilter class, that filter negotiate with all pages.
Why? I think the authentication (the NTLM negotiation) is necessary only in the first user page call.
 
My context is:
 
I create my own filter class, based in the NtlmHttpFilter, and I use JAAS to connect to our internal authorization system.
In this system, we use a intranet web service to get the user credentials. Because the NTLM authentication itself and this authorization step are a expensive operations, I tryed to create a cached Subject (JAAS Subject), put it in the session (http request session). Only the first call negotiate a NTLM. At this moment my application works fine.
 
But when I use JSF (all .jsf request are intercepted by Faces Servlet), my JSF file not receives the request parameters. The application negotiate (NTLM), creates a Subject and put it in the session. After this moment, all request parameters send to the JSF page are missing. I tryed to debuger but I could not identify the problem.
If I remove this cache (negotiating all http requests) my JSF application works fine again.
After make a revision over my code, and compare with the JCIFs http filter implementation, I remember that JCFs do not use a cache. My question is why? There are some requirement for that?
 
I use Tomcat 5.5.14, JSDK 1.4, JCIFs 1.2.7, and JSF 1.1.
 
Thanks in advance.

--
Francisco Pinto Araújo Júnior
[hidden email]
[hidden email]
 
Reply | Threaded
Open this post in threaded view
|

RE: Problem using JCIFs and JSF

WM-data Johan Lidberg, Munksund

Hi,

I think the part with NTLM negotiation for every page is normal for http
connections.
Once the browser has negotiated basic or ntlm for a page it continues to
use the the same method for all subsequent requests on that site.

I think you can avoid this with https. Then you have a reliable/trustable
connection and
the brwoser/server does not need auth for every request.

/Johan Lidberg

-----Ursprungligt meddelande-----
Från: jcifs-bounces+johan.lidberg=[hidden email]
[mailto:jcifs-bounces+johan.lidberg=[hidden email]]För Francisco
Pinto
Skickat: den 6 februari 2006 13:08
Till: [hidden email]
Ämne: [jcifs] Problem using JCIFs and JSF


Hi,

I construct a web application and use JCIFs to authenticate. I observed in
the NtlmHttpFilter class, that filter negotiate with all pages.
Why? I think the authentication (the NTLM negotiation) is necessary only in
the first user page call.

My context is:

I create my own filter class, based in the NtlmHttpFilter, and I use JAAS to
connect to our internal authorization system.
In this system, we use a intranet web service to get the user credentials.
Because the NTLM authentication itself and this authorization step are a
expensive operations, I tryed to create a cached Subject (JAAS Subject), put
it in the session (http request session). Only the first call negotiate a
NTLM. At this moment my application works fine.

But when I use JSF (all .jsf request are intercepted by Faces Servlet), my
JSF file not receives the request parameters. The application negotiate
(NTLM), creates a Subject and put it in the session. After this moment, all
request parameters send to the JSF page are missing. I tryed to debuger but
I could not identify the problem.
If I remove this cache (negotiating all http requests) my JSF application
works fine again.

After make a revision over my code, and compare with the JCIFs http filter
implementation, I remember that JCFs do not use a cache. My question is why?
There are some requirement for that?

I use Tomcat 5.5.14, JSDK 1.4, JCIFs 1.2.7, and JSF 1.1.

Thanks in advance.

--
Francisco Pinto Araújo Júnior
[hidden email]
[hidden email]
 
Reply | Threaded
Open this post in threaded view
|

Re: Problem using JCIFs and JSF

Michael B Allen-4
In reply to this post by Francisco Pinto Araujo Junior
On Mon, 6 Feb 2006 09:08:27 -0300
Francisco Pinto <[hidden email]> wrote:

> I create my own filter class, based in the NtlmHttpFilter, and I use JAAS to
> connect to our internal authorization system.
>
> But when I use JSF (all .jsf request are intercepted by Faces Servlet), my
> JSF file not receives the request parameters. The application negotiate
> (NTLM), creates a Subject and put it in the session. After this moment, all
> request parameters send to the JSF page are missing. I tryed to debuger but

You need to know the details of the NTLM HTTP Authentication protocol. See
the end of the NTLM HTTP Authentication Filter documentation for links.

  http://jcifs.samba.org/src/docs/ntlmhttpauth.html#proto

Here's a good link that explains the behavior:

  http://blogs.msdn.com/david.wang/archive/2005/12/01/HTTP_POST_Fails_for_Anonymous_Authentication.aspx

Also, check the mailing list. This has been discussed many times.

Mike
Reply | Threaded
Open this post in threaded view
|

Re: Problem using JCIFs and JSF

Francisco Pinto Araujo Junior
In reply to this post by WM-data Johan Lidberg, Munksund
Hi Johan,
 
Thank you for your help.
 
Well, the related problem only occurs when I use JSF. It works fine if I use a simple JSP (instead a JSF file).
My banchmark is a ASP application on a IIS Server. In that scene, I think, only the first time (per session) was authenticated. My question is if this feature (in the JCIFs NtlmHttpFilter class) will be some limitation of the JCIFs or something like that.
 
I think this kind of check every page is great overhead on my web application. What you think about it?
 
On the other hand, this related problem (lost of request parameters) may be a Bug (JCIFs or JSF), and I need to found a good solution.
 
Thanks.
 
--
Francisco Pinto Araújo Júnior
[hidden email]
[hidden email]
 
2006/2/6, WM-data Johan Lidberg, Munksund <[hidden email]>:

Hi,

I think the part with NTLM negotiation for every page is normal for http
connections.
Once the browser has negotiated basic or ntlm for a page it continues to
use the the same method for all subsequent requests on that site.

I think you can avoid this with https. Then you have a reliable/trustable
connection and
the brwoser/server does not need auth for every request.

/Johan Lidberg

-----Ursprungligt meddelande-----
Från: jcifs-bounces+johan.lidberg=[hidden email]
[mailto:[hidden email]]För Francisco
Pinto
Skickat: den 6 februari 2006 13:08
Till: [hidden email]
Ämne: [jcifs] Problem using JCIFs and JSF


Hi,

I construct a web application and use JCIFs to authenticate. I observed in
the NtlmHttpFilter class, that filter negotiate with all pages.
Why? I think the authentication (the NTLM negotiation) is necessary only in
the first user page call.

My context is:

I create my own filter class, based in the NtlmHttpFilter, and I use JAAS to
connect to our internal authorization system.
In this system, we use a intranet web service to get the user credentials.
Because the NTLM authentication itself and this authorization step are a
expensive operations, I tryed to create a cached Subject (JAAS Subject), put
it in the session (http request session). Only the first call negotiate a
NTLM. At this moment my application works fine.

But when I use JSF (all .jsf request are intercepted by Faces Servlet), my
JSF file not receives the request parameters. The application negotiate
(NTLM), creates a Subject and put it in the session. After this moment, all
request parameters send to the JSF page are missing. I tryed to debuger but
I could not identify the problem.
If I remove this cache (negotiating all http requests) my JSF application
works fine again.

After make a revision over my code, and compare with the JCIFs http filter
implementation, I remember that JCFs do not use a cache. My question is why?
There are some requirement for that?

I use Tomcat 5.5.14, JSDK 1.4, JCIFs 1.2.7, and JSF 1.1.

Thanks in advance.

--
Francisco Pinto Araújo Júnior
[hidden email]
[hidden email]




--
Francisco Pinto Araújo Júnior
[hidden email]
[hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Problem using JCIFs and JSF

Francisco Pinto Araujo Junior
In reply to this post by Michael B Allen-4
Hi, Mike.
 
I didn´t know that details. Well...Thank you.
 
--
Francisco Pinto Araújo Júnior
[hidden email]
[hidden email]
 
2006/2/6, Michael B Allen <[hidden email]>:
On Mon, 6 Feb 2006 09:08:27 -0300
Francisco Pinto <[hidden email]> wrote:

> I create my own filter class, based in the NtlmHttpFilter, and I use JAAS to
> connect to our internal authorization system.
>
> But when I use JSF (all .jsf request are intercepted by Faces Servlet), my
> JSF file not receives the request parameters. The application negotiate
> (NTLM), creates a Subject and put it in the session. After this moment, all
> request parameters send to the JSF page are missing. I tryed to debuger but

You need to know the details of the NTLM HTTP Authentication protocol. See
the end of the NTLM HTTP Authentication Filter documentation for links.

http://jcifs.samba.org/src/docs/ntlmhttpauth.html#proto

Here's a good link that explains the behavior:

http://blogs.msdn.com/david.wang/archive/2005/12/01/HTTP_POST_Fails_for_Anonymous_Authentication.aspx

Also, check the mailing list. This has been discussed many times.

Mike



--
Francisco Pinto Araújo Júnior
[hidden email]
[hidden email]