chemistry-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Lucas, Mike" <>
Subject Session re-use with NTLMAuthenticationProvider
Date Tue, 23 Sep 2014 16:57:15 GMT
The javadoc for Session says "Because a session is only a client side concept, the session
object needs not to be closed or released when it's not needed anymore."

That's been working well for me until we started connecting to a new Sharepoint server which
requires NTLM authentication. (We are using AtomPub.) The NTLMAuthenticationProvider does
work at first, but after some time, it no longer works and all requests to Sharepoint CMIS
return a 401 Unauthorized response with the "WWW-Authenticate: NTLM"  response header. So
the Sharepoint server is asking for NTLM authentication again, but unlike the first time around,
the OpenCMIS client does not do the NTLM dance anymore, it just returns a CmisUnauthorizedException.

I read up on NTLM authentication<>
a little bit, and apparently it is a connection based authentication which requires re-authentication
whenever the connection is closed. So it seems like the NTLMAuthenticationProvider is not
working properly after the HTTP connection gets closed.

Is this likely an example of the "USE WITH CARE!" caution mentioned in the NTMLAuthenticationProvider's
javadoc? This is on Websphere 8.5 and it certainly qualifies as a multi-user environment.

michael lucas  |  Senior Software Developer  |  Great-West Life

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message