logo       
<prev   next>

RE: how to bypass authentication in ntlmhttpfilter?: msg#00040

network.samba.java

Subject: RE: how to bypass authentication in ntlmhttpfilter?

Thomas,

thanks for the reply. I didnt comment yesterday as I didnt have enough time to
implement it & to be honest I was a little unsure about your solution (blush!).

I now see that the body portion is ignored if NTLM negociation (transparent or
otherwise is taking place). It is only when the pop-up auth dialog is
cancelled that the body is used. Clever.

thanks again

jim

-----Original Message-----
From: Thomas Bley
To: jcifs@xxxxxxxxxxxxxxx
Cc: Smyth, Jim
Sent: 15-11-2005 10:39
Subject: Re: [jcifs] how to bypass authentication in ntlmhttpfilter?

Hi Jim,

the webdisk uses this:

(from Presentation.java)
...
String userAgent =
request.getHeader("User-Agent").toLowerCase();
if (userAgent.indexOf("opera")!=-1 ||
userAgent.indexOf("konqueror")!=-1 || userAgent.indexOf("safari")!=-1) {
showLogin("<br><center><b>NTLM is disabled for Opera /
Konqueror / Safari.</b></center>");
return;
}
response.setHeader("WWW-Authenticate", "NTLM");
response.setHeader("Connection", "close");
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);

// dirty hack if ntlm is disabled or user cancels the form
showLogin("<br><center><b>NTLM seems to be
disabled</b></center>");
...

showLogin shows a normal html-form for logging in and the user stays
anonymous.

The webdisk uses jCIFS, but not ntlmhttpfilter (only some parts of it).

http://sourceforge.net/projects/webdisk/

bye
Tom


Smyth, Jim wrote:
> Hi,
>
> I have got automatic logon to a web application using NT credentials.
I allow users to logoff the webapp by setting a session attribute when a
particular request header is sent, so that the NTLM filter is not
executed (and thus the user can browse the site anonymously).
>
> I would also like to implement the following:
>
> If a user cannot automatically authenticate against the domain, do NOT
show the network dialog. (i.e. allow users to transparently fail NTLM
and then browse the site anonymously).
>
> Has anyone done this? Any hints appreciated!
>
>
> thanks
> jim
>
>
>



<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Struts forwards and jCIFS NTLM: 00040, Justin Mahoney
Next by Date:  null successfully logged in: 00040, Antonio Bastardo
Previous by Thread:  Re: how to bypass authentication in ntlmhttpfilter?i: 00040, Thomas Bley
Next by Thread:  offline authentication: 00040, Ricardo Trindade
Indexes:  [Date] [Thread] [Top] [All Lists]

Google Custom Search
News | FAQ | advertise