Win a copy of OCP Java SE 8 Programmer II Exam Study Guide this week in the OCP forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

JCIFS - Incorrect Domain Username Being Returned  RSS feed

Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I'm having some issues with jcifs picking up the wrong authenticated user. I suspect it is related to the "flow" of the application. I'll give as much background as I think is needed, but please let me know if you need more maybe point me in the right direction. This is a third party packaged application, so I don't have access to any of the servlet code.

First For Reference - Versions:
-JCIFS 1.3.17
-Java 1.7.0_42

The general flow/container layout of this application is such:

*XMLHttpRequest -> /invokeSession.jsp

Within invokeSession.jsp, we are attempting to grab the "remote user" from the Session. However, what we're seeing is that the result returned for the remote user is the "admin" account that was used to fire up the 3rd party services (Tomcat underneath). For example. User XXX is logged into the desktop. When they hit the application, the logs are showing that User YYY (Admin account that the java services are running under) was authorized by JCIFS.

JCIFS is configured as below in the web.xml:

The XMLHttpRequest is formatted as such from within ext.min.js, but have left out a lot of the ansillary code:

The relavent code from invokeSession.jsp that is getting the remote user is:

The username always comes back null, but in the application logs we can see the debug output of JCIFS that is showing the admin user that started the application server. So, my main questions are why remoteUser is coming back null from invokeSession, and why JCIFS is authenticating the wrong user?
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!