Does code only support NTLMv2 or does it also support NTLMv1?

NTLMv2 authentication library and filter for Java

Brought to you by: marcelschoen

Does code only support NTLMv2 or does it also support NTLMv1?

Forum: General Discussion

Creator: Jay Walters

Created: 2012-08-23

Updated: 2014-04-17

Jay Walters - 2012-08-23

I am working to upgrade an application and not sure if all my clients will move to NTLMv2 at the same time or not.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
- Jay Walters - 2012-09-07
  
  Ok, I have this problem answered (and nobody else reading this forum, hooray!).
  
  The caching of the server challenge doesn't work for me, I'm using ajax and the app can have multiple outstanding requests at the same time so with different challenges I get fails. I am thinking to also use more of the request as part of the key.
  
  If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Marcel Schoen - 2012-10-27

Hi,
Sorry, I haven't tracked my sourceforge messages for some time. I think it should support NTLMv1 just the same; but concurrent requests from the same client (within the same session) will indeed be a problem. In AJAX apps, you should try to first perform the NTLM authentication, and once that is done, the app can perform as many concurrent requests as it wants.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Tony BenBrahim - 2014-01-24

I have looked at the code in preparation for implementing on a Centos server.

Since NTLM keeps the same connection during the NTLM exchange, one thing that will be unique and constant between the various authentication steps is the Remote Address + Remote Port (just the Remote Address does not work). That would fix the concurrent request problem (it is not on the initial request only, for POSTS, an NLTM Authenticate header may be sent preemptively, and must be handled - the code does that correctly - but may not if concurrent).
Also the EhCache is overkill here, I understand why it is used, but someone who knows why it is used would be able to modify the code to use it. For most cases, a simple ConcurrentHashMap would do. I can send my version if you want it.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Marcel Schoen - 2014-04-17

Hi Tony,

Thanks for your feedback. Sorry for my late reply. For various personal reasons, I haven't been checking the messages here for quite a while.

I agree that EHCache may be overkill, it was just kind of an easy solution. There are other ways to achieve the same of course.

As for concurrent requests: I didn't put too much effort into handling them correctly. So far I would have recommended avoiding them... but of course there could be better handling.

In short, if you have code improvements, let me know. I can add you as a developer to the project, so you can just commit your changes directly.

Regards,
Marcel

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.