• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Paul Clapham
  • Ron McLeod
  • Tim Cooke
  • Junilu Lacar
  • Rob Spoor
  • Devaka Cooray
  • Jeanne Boyarsky
Saloon Keepers:
  • Jesse Silverman
  • Stephan van Hulst
  • Tim Moores
  • Carey Brown
  • Tim Holloway
  • Jj Roberts
  • Al Hobbs
  • Piet Souris

JCIFS - Incorrect Domain Username Being Returned

Posts: 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm having some issues with jcifs picking up the wrong authenticated user. I suspect it is related to the "flow" of the application. I'll give as much background as I think is needed, but please let me know if you need more maybe point me in the right direction. This is a third party packaged application, so I don't have access to any of the servlet code.

First For Reference - Versions:
-JCIFS 1.3.17
-Java 1.7.0_42

The general flow/container layout of this application is such:

*XMLHttpRequest -> /invokeSession.jsp

Within invokeSession.jsp, we are attempting to grab the "remote user" from the Session. However, what we're seeing is that the result returned for the remote user is the "admin" account that was used to fire up the 3rd party services (Tomcat underneath). For example. User XXX is logged into the desktop. When they hit the application, the logs are showing that User YYY (Admin account that the java services are running under) was authorized by JCIFS.

JCIFS is configured as below in the web.xml:

The XMLHttpRequest is formatted as such from within ext.min.js, but have left out a lot of the ansillary code:

The relavent code from invokeSession.jsp that is getting the remote user is:

The username always comes back null, but in the application logs we can see the debug output of JCIFS that is showing the admin user that started the application server. So, my main questions are why remoteUser is coming back null from invokeSession, and why JCIFS is authenticating the wrong user?
Consider Paul's rocket mass heater.
    Bookmark Topic Watch Topic
  • New Topic