The javadoc for Session says "Because a session is only a client side concept, the session object needs not to be closed or released when it's not needed anymore."
That's been working well for me until we started connecting to a new Sharepoint server which requires NTLM authentication. (We are using AtomPub.) The NTLMAuthenticationProvider does work at first, but after some time, it no longer works and all requests to Sharepoint CMIS return a 401 Unauthorized response with the "WWW-Authenticate: NTLM" response header. So the Sharepoint server is asking for NTLM authentication again, but unlike the first time around, the OpenCMIS client does not do the NTLM dance anymore, it just returns a CmisUnauthorizedException. I read up on NTLM authentication<http://www.innovation.ch/personal/ronald/ntlm.html> a little bit, and apparently it is a connection based authentication which requires re-authentication whenever the connection is closed. So it seems like the NTLMAuthenticationProvider is not working properly after the HTTP connection gets closed. Is this likely an example of the "USE WITH CARE!" caution mentioned in the NTMLAuthenticationProvider's javadoc? This is on Websphere 8.5 and it certainly qualifies as a multi-user environment. Thanks michael lucas | Senior Software Developer | Great-West Life
