Re: how to bypass authentication in ntlmhttpfilter?

Hi Jim,

the webdisk uses this:

(from Presentation.java)
...
       String userAgent = request.getHeader("User-Agent").toLowerCase();
       if (userAgent.indexOf("opera")!=-1 || 
userAgent.indexOf("konqueror")!=-1 || userAgent.indexOf("safari")!=-1) {
           showLogin("<br><center><b>NTLM is disabled for Opera / 
Konqueror / Safari.</b></center>");
           return;
       }
       response.setHeader("WWW-Authenticate", "NTLM");
       response.setHeader("Connection", "close");
       response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);

       // dirty hack if ntlm is disabled or user cancels the form
       showLogin("<br><center><b>NTLM seems to be disabled</b></center>");
...

showLogin shows a normal html-form for logging in and the user stays 
anonymous.

The webdisk uses jCIFS, but not ntlmhttpfilter (only some parts of it).

http://sourceforge.net/projects/webdisk/

bye
Tom


Smyth, Jim wrote:
> Hi,
>
> I have got automatic logon to a web application using NT credentials.  I allow 
> users to logoff the webapp by setting a session attribute when a particular 
> request header is sent, so that the NTLM filter is not executed (and thus the 
> user can browse the site anonymously).
>
> I would also like to implement the following:
>
> If a user cannot automatically authenticate against the domain, do NOT show the network dialog.  (i.e. allow users to transparently fail NTLM and then browse the site anonymously).  
>
> Has anyone done this?  Any hints appreciated!
>
>
> thanks
> jim
>
>
>