• Post Reply Bookmark Topic Watch Topic
  • New Topic

After adding servlet filter to check NTLM, form POST returns null parameters

 
Tom Esposito
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
After adding in a servlet filter to check NTLM for a username and add to the session, all of my forms that sent via the POST method all return null parameters (retrieved with request.getParameter(paramName);). If I switch the form to use GET and change no other portion of the code, I am able to retrieve the parameters without issue. Also, if I remove the session filter I am also able to retrieve the parameters from either post or get.

I assume the issue is happening in some way because of the handshake required by the NTLM process in the session filter as I have used other session filters without issue in the past, but I'm not sure how to resolve this. Any help is greatly appreciated.

here is my session filter ntlm code (mind you that this does work in capturing the NTLM information and sets it to the session without issue):



Thanks for the help,
Tom
 
Tom Esposito
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
oh yea, and just to mention this example is using Struts 1.3.9 but I have also tried this with just plain jsp and no framework and had the same results.
 
Tom Esposito
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ok, I finally figured it out - turns out that IE is a real pain when it comes to NTLM and POST. Basically it wont accept anything in the post after an ntlm transaction unless that same transaction happens every time.. so here's my modified filter that works with ntlm and form post (since there's really no place I've found this elsewhere). mind you that I now understand that this is not the most secure way to do the transaction and its recommended to use ntlmv2, but its educational either way



Then in my web.xml I have to set the filter mapping as:


That way it is processed through every request on every page - ensuring that the ntlm check is performed and allows the page to submit data in the POST.


hope this helps someone.
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!