You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by Christophe Dupriez <ch...@poisoncentre.be> on 2008/11/20 12:43:50 UTC

POST request.ContentLength() is 0 when using NTLM

When it is not your application, when it is not the HTTP server, it is the BROWSER!!!

The following explains what the IE optimization I was not aware of:
http://lists.samba.org/archive/jcifs/2006-September/006554.html
http://dreamweaverforum.info/flex/118349-ntlm-filereference.html

The following explains two different solutions:
http://lists.samba.org/archive/jcifs/2004-December/004459.html
(Solution 2 but in our case no need for a filter: the proposed logic will perfectly fit in the NTLM Authenticator)

I will program and test them next week. Patches will be republished after few weeks of testing:
current one support "GET" correctly and "POST" if the Registry of each user is modified
(HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/Internet Settings/DisableNTLMPreAuth to be set to 1).

Wishing you a very nice day,

Christophe Dupriez
Centre Antipoisons-Antigifcentrum
C/o Hôpital Central de la Base Reine Astrid
Rue Bruyn
1120 Bruxelles
Belgique
tel 32-(0)2.264.96.36
fax 32-(0)2.264.96.46



----- Original Message -----
From: Christophe Dupriez [mailto:christophe.dupriez@poisoncentre.be]
To: dev@tomcat.apache.org [mailto:dev@tomcat.apache.org]
Subject: Tomcat 6.0.18, POST request.ContentLength() is 0 when entering the Authenticator


> Hi Tomcat Developpers!
> 
> Few days ago I provided an NTLM Authenticator. My users reported that their
> POST requests are now without content.
> I traced and I can confirm that, when entering the
> NtlmAuthenticator.authenticate method, request.ContentLength() is -1 for GET
> transactions (and it works) but it is 0 for POST.
> At the very entrance of BasicAuthenticator.authenticate, 
> request.ContentLength() is -1 for GET transactions (and it works) but the
> real length is there for POST.
> 
> So I can have 50 GET transactions without any problems : the NTLM
> authentication is done once with the first transaction. Then, if a POST
> comes, it will be 0 length.
> 
> Any idea of what may be happening? As I did not found any real dependency on
> the word "BASIC" within Tomcat source, I am wondering if lower level Java
> Run Time could test explicitely the authentication method and "forget" to
> manage the ContentLength? It seems that some people have problem with FORM
> authentication. Could it be a similar problem?
> 
> The patch file is accessible:
> http://www.destin.be/tomcat/NtlmAuthentication.patch
> 
> The new authenticator class is accessible:
> http://www.destin.be/tomcat/NtlmAuthenticator.java
> 
> Wishing you a very nice week,
> 
> Christophe Dupriez
> Centre Antipoisons - Antigifcentrum
> C/o Hôpital Central de la Base Reine Astrid
>    Rue Bruyn - 1120 Bruxelles - Belgique
> tel 32-(0)2.264.96.36 fax 32-(0)2.264.96.46

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org