|
|
Struts forwards and jCIFS NTLM: msg#00039network.samba.java
We are experiencing the following issue with jCIFS 1.2.6 and Struts 1.1: A "forward" in Struts actually causes the ServletRequest to get reprocessed through the filter chain, with headers from the most recent browser request intact (in this case, including the Type 3 message). It appears NtlmHttpFilter is attempting to re-authenticate and since no 'NtlmHttpChal' session attribute exists (after being removed from the first successful authentication), a new 'NtlmHttpChal' token is created and set in the session. Unfortunately this new challenge token obviously does not match the existing Type 3 message's token, and thus the subsequent call to SmbSession.logon() fails. After enough of these failures, the account is locked out due to security policy. Is there a known workaround to this? I was thinking a programmatic fix would be to set a request attribute indicating authentication had already occurred. This is happening on GETs, not POSTs, btw. Thanks |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | offline authentication: 00039, Ricardo Trindade |
|---|---|
| Next by Date: | RE: how to bypass authentication in ntlmhttpfilter?: 00039, Smyth, Jim |
| Previous by Thread: | offline authenticationi: 00039, Ricardo Trindade |
| Next by Thread: | RE: Struts forwards and jCIFS NTLM: 00039, Justin Mahoney |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |