Darren Greer

Greenhorn
+ Follow
since Aug 22, 2014
Merit badge: grant badges
For More
Cows and Likes
Cows
Total received
0
In last 30 days
0
Total given
0
Likes
Total received
0
Received in last 30 days
0
Total given
0
Given in last 30 days
0
Forums and Threads
Scavenger Hunt
expand Ranch Hand Scavenger Hunt
expand Greenhorn Scavenger Hunt

Recent posts by Darren Greer

I'm having some issues with jcifs picking up the wrong authenticated user. I suspect it is related to the "flow" of the application. I'll give as much background as I think is needed, but please let me know if you need more maybe point me in the right direction. This is a third party packaged application, so I don't have access to any of the servlet code.

First For Reference - Versions:
-JCIFS 1.3.17
-Java 1.7.0_42

The general flow/container layout of this application is such:

/servlet
-ext.min.js
*XMLHttpRequest -> /invokeSession.jsp

Within invokeSession.jsp, we are attempting to grab the "remote user" from the Session. However, what we're seeing is that the result returned for the remote user is the "admin" account that was used to fire up the 3rd party services (Tomcat underneath). For example. User XXX is logged into the desktop. When they hit the application, the logs are showing that User YYY (Admin account that the java services are running under) was authorized by JCIFS.

JCIFS is configured as below in the web.xml:



The XMLHttpRequest is formatted as such from within ext.min.js, but have left out a lot of the ansillary code:



The relavent code from invokeSession.jsp that is getting the remote user is:



The username always comes back null, but in the application logs we can see the debug output of JCIFS that is showing the admin user that started the application server. So, my main questions are why remoteUser is coming back null from invokeSession, and why JCIFS is authenticating the wrong user?
9 years ago