Join GitHub today
SEC-1087: NTLM Filter and IE Post problems #1340
We are using NTLM Windows Authentication for a Single Sign On (SSO) project.
The Spring security Filter NtlmProcessingFilter for most of the time is absolutely fine.
However the are atleast two scenarios where this fails.
1) When the session is timed out and a form.submit() request is made.
There is a solution described in the jcifs documentation. Search for registry key. This solution works but is not suitable for many clients who would not give access to change registry settings on all their client PCs.
The fix described here applies to Spring-Security 2.0.4
Here is my suggested Spring solution to org.springframework.security.ui.ntlm.NtlmProcessingFilter:
protected void doFilterHttp(final HttpServletRequest request,
final String authMessage = request.getHeader(“Authorization”);
// Check the special IE POST request with Authorization header containing
Robrecht Anrijs said:
a -1 for this path: It is not completely fixed… Sometimes the following happens:
In our Test-environment everything goes fine, but in our production-environment: it fails.
Danny Dion said:
I'm having the same problem using Spring Security with Google Web Toolkit.
I'm really a novice at this type of issue solving but I'd like to give the suggested patch a try, if someone can just help me a bit... I'm quite confused as to where the suggested code is supposed to be inserted. May I ask that you post the fixed method as a whole?
Thanks a lot,