[jcifs] Alternative to jcifs.http.NtlmHttpFilter

Allen, Michael B (RSCH) Michael_B_Allen at ml.com
Thu Oct 17 09:34:00 EST 2002


> -----Original Message-----
> From:	Michael Piscatello [SMTP:mpiscatello at directvinternet.com]
> Sent:	Wednesday, October 16, 2002 8:21 AM
> To:	Allen, Michael B (RSCH); jcifs at lists.samba.org
> Subject:	Re: [jcifs] Alternative to jcifs.http.NtlmHttpFilter
> 
> Mike,
> 
> Thanks! RSN? I did try to adapt it, but it does not bring up the NTLM
> challenge box. It returns, null and then after refreshing, brings back the
> credentials, But I need the pop-up. Here is my code.
> 
	I'm going to release new code Real Soon Now (RSN). Look at the NtlmSsp
	class and how the Filter and NetworkExplorer use it. At some point you
	will have to look at the NTLM SSP documentation (see end of
	http://jcifs.samba.org/src/docs/ntlmhttpauth.html) and understand
	theprocess and probably look at packet traces to be sure it's doing the right
	thing though.

> Thanks,
> 
> 
> Mike
> 
> 
> import java.io.IOException;
> import java.io.PrintWriter;
> 
> import javax.servlet.ServletContext;
> import javax.servlet.ServletException;
> import javax.servlet.http.HttpServlet;
> import javax.servlet.http.HttpServletRequest;
> import javax.servlet.http.HttpServletResponse;
> import javax.servlet.http.HttpSession;
> import jcifs.UniAddress;
> import jcifs.netbios.NbtAddress;
> import jcifs.smb.SmbSession;
> import jcifs.util.Base64;
> import jcifs.http.NtlmHttpSession;
> 
> public class jcifstest extends HttpServlet {
> 
>     public void doPost(
>         javax.servlet.http.HttpServletRequest request,
>         javax.servlet.http.HttpServletResponse response)
>         throws javax.servlet.ServletException, java.io.IOException {
> 
>         PrintWriter out = response.getWriter();
>         ServletContext context = getServletContext();
>         String domainController = "192.168.1.102";
>         String domain = "HOMEDOM";
>         boolean debug = true;
>         HttpServletRequest req;
>         HttpServletResponse resp;
>         HttpSession ssn;
>         NtlmHttpSession ntlm;
>         String msg;
>         byte[] src;
> 
>         try {
>             req = (HttpServletRequest) request;
>             resp = (HttpServletResponse) response;
> 
>             ssn = req.getSession(); /* Retrive the NTLM session
>             */
>             ntlm = (NtlmHttpSession) ssn.getAttribute("NtlmHttpSession");
>             msg = req.getHeader("Authorization");
> 
>             if (msg == null || msg.startsWith("NTLM ") == false) {
>                 resp.reset();
>                 resp.setContentLength(0);
>                 resp.setHeader("WWW-Authenticate", "NTLM");
>                 resp.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
>                 resp.flushBuffer();
>                 return;
>             }
> 
>             src = Base64.decode(msg.substring(5));
> 
>             if (src[8] == 1) {
>                 String svr;
>                 byte[] dst = new byte[40];
> 
>                 ntlm = new NtlmHttpSession();
>                 /* Message 1
>                  */
>                 ntlm.decodeType1Message(src);
>                 ssn.setAttribute("ntlmworkgroup", ntlm.domain);
> 
>                 /* If a "Domain Contoller" IP was not specified try and
> lookup
>                  * a real domain controller using jcifs.smb.client.domain
>                  */
>                 if ((svr = domainController) == null) {
>                     svr = domain != null ? domain : ntlm.domain;
>                     svr = NbtAddress.getByName(svr, 0x1c,
> null).getHostAddress();
>                 }
> 
>                 ntlm.domainController = UniAddress.getByName(svr);
>                 ntlm.challenge =
> SmbSession.getChallenge(ntlm.domainController);
> 
>                 /* Message 2
>                  */
>                 msg = Base64.encodeBytes(dst, 0,
> ntlm.encodeType2Message(dst));
> 
>                 /* Save NTLM session in HTTP session
>                  */
>                 ssn.setAttribute("NtlmHttpSession", ntlm);
> 
>                 resp.reset();
>                 resp.setContentLength(0);
>                 resp.setHeader("WWW-Authenticate", "NTLM " + msg);
>                 resp.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
>                 resp.flushBuffer();
>                 return;
>             } else
>                 if (src[8] == 3) { /* Message 3
>                 */
>                    
> ntlm.decodeType3Message(Base64.decode(msg.substring(5)));
>                 } else {
>                     throw new ServletException("NTLM HTTP Authentication
> message invalid");
>                 }
> 
>             SmbSession.logon(ntlm.domainController, ntlm.auth);
> 
>             ssn.setAttribute("ntlmdomain", ntlm.domain);
>             ssn.setAttribute("ntlmuser", ntlm.user);
>             ssn.setAttribute("ntlmhost", ntlm.host);
> 
>             if (debug) {
>                 context.log(
>                     "NTLM HTTP Autentication successfull: "
>                         + ntlm.domain
>                         + "\\"
>                         + ntlm.user
>                         + "@"
>                         + ntlm.host);
>             }
>             out.print("ntdomain: " + ssn.getAttribute("ntlmdomain"));
>         } catch (Exception e) {
>             out.print("An Error has occured: " + e.getMessage());
>         }
> 
>     }
> 
>     public void doGet(
>         javax.servlet.http.HttpServletRequest request,
>         javax.servlet.http.HttpServletResponse response)
>         throws javax.servlet.ServletException, java.io.IOException {
>         doPost(request, response);
>     }
> 
> }
> 
> On 10/15/02 9:55 PM, "Allen, Michael B (RSCH)" <Michael_B_Allen at ml.com>
> wrote:
> 
> > The code is pretty simple. I don't think it would be hard to adapt it.
> > Actually
> > the current code is somewhat flawed and more complicated than it needs to
> > be. The 0.7.0b4 package will be released RSN. Look at that.
> > 
> >> -----Original Message-----
> >> From:    Michael Piscatello [SMTP:mpiscatello at directvinternet.com]
> >> Sent:    Tuesday, October 15, 2002 9:53 PM
> >> To:    jcifs at lists.samba.org
> >> Subject:    [jcifs] Alternative to jcifs.http.NtlmHttpFilter
> >> 
> >> Help! I need the functionality of the NtlmHttpFilter but I am stuck with a
> >> 2.2 Servlet spec app server (Websphere) Has anyone replicated the
> >> functionality of the NtlmHttpFilter in a servlet?
> >> 
> >> Thanks
> >> 
> >> Mike
> >> 
> > 
> > 
> 




More information about the jcifs mailing list