Either a required impersonation level was not provided, or the provided impersonation level is invalid

Apr 26, 2011 at 2:11 PM

Hi, I try Impersonation with NegotiateSecurityFilter in simple gwt aplication. (Win 7, 64bit java 1.6., both server and client accounts are in domain)
I put following code into service method of configured servlet:

String userName = Secur32Util.getUserNameEx(Secur32.EXTENDED_NAME_FORMAT.NameSamCompatible);    //impersonated user name as expected

boolean b = new File("existing.file").exists();    //returns false
File nf = new File("new.file");
nf.createNewFile();    //throws java.io.IOException: Either a required impersonation level was not provided, or the provided impersonation level is invalid


getUserNameEx returns correct client account name, but all file IOs fails.
In Process Monitor I see result 'BAD IMPERSONATION' for two related CreateFile system calls.
I enable 'Enable computer and user accounts to be trusted for delegation' and 'Impersonate a client after authentication' in Local Policies, tried in AD too, but without success.
When I use server account on client side too, everything works.

Some error or my missuse?

Thanks,

Juraj

Developer
Apr 27, 2011 at 1:27 AM

Hi,

I'm not sure I understand correctly what you're trying to do, but I wanted to mention that as said in the doco there is no mapping between Java thread and Native threads (The one that are impersonated).

Thus if you need to perform any operation on behalf on the impersonated user, you'll need to use native call instead of Java ones (In this case, I guess CreateFile() ). Any Java operation will still be performed as the user that ran the Java app, not the impersonated user.

Nicolas