For debugging i wrote a really simple Web-Application which contains only a simple JSP Page with a small Form containing a textfield and a submit button.
The tomcat is configured to use the Waffle Filter on this page. I know send the Form to the same page but under another URL which is not covered by the Filter. The Post Parameters are now completely lost but an ntml token gets transmitted.
So to summerize:
- I go to http://myserver/autologin/test.jsp (which goes through waffle filter)
- On that page i have a form with an action pointing to (http://myserver/content/test.jsp) which is the same page but refered to under another URL (alias).
- All POST Parameters are lost in that second request
I'm using Waffle from waffle.codeplex.com and IE8.
EDIT: This is also happening if i am using other NTLM filters. So the problem is not Waffle here but Internet Explorer which forces to reauthenticate the NTLM session everytime a POST request is issued.
Did anyone experience this problem before?
I have the same Problem with IE8 and Windows7
The following solution only worked for me with IE7 on WindowsXP:
http://billcomer.blogspot.com/2009/01/ntlm-authentication-and-ie-post-problem.html
EDIT: Ok, i forgot to add my server to my local Itranet zone: IE -> Internet Options -> Security -> Select "Locale Intranet" and click on Sites -> Advanced -> Now add your Server
http://www.nateirwin.net/2007/01/19/enabling-ntlm-authentication-in-firefox-and-internet-explorer/
Now it works also with IE8 on Windows7
In my example, The url http://myserver/autologin/test.jsp was send through the filter, so waffle authenticated correctly and landed on the page. When i then posted the form, the new request did not go through waffle, causing the IE to force a re-authentication via NTLM. Due to the fact that Waffle was no longer involved in the communication, the re-authentication failed and the post parameters were lost.
So the quick solution is to change the url pattern for waffle, so that it matches all sites within the application. i.e. /* instead of /autologin.