[jcifs] Alternative to jcifs.http.NtlmHttpFilter
Allen, Michael B (RSCH)
Michael_B_Allen at ml.com
Thu Oct 17 15:27:08 EST 2002
I just noticed you said "pop-up". Do you mean the authentication dialog? NTLM
SSP negotiates user password hashes on the fly. There's no need for a dialog.
Not sure why you would want the dialog to come up but just in case, you can get it
to come up if send "401 Unauthorized / WWW-Authenticate: NTLM" again *after you
have already negotiated password hashes once*. But you'll have to read about how
NTLM HTTP Authentication actually works before you get that far. Read the end of this:
http://jcifs.samba.org/src/docs/ntlmhttpauth.html for starters.
> -----Original Message-----
> From: Michael Piscatello [SMTP:mpiscatello at directvinternet.com]
> Sent: Wednesday, October 16, 2002 8:21 AM
> To: Allen, Michael B (RSCH); jcifs at lists.samba.org
> Subject: Re: [jcifs] Alternative to jcifs.http.NtlmHttpFilter
>
> Mike,
>
> Thanks! RSN? I did try to adapt it, but it does not bring up the NTLM
> challenge box. It returns, null and then after refreshing, brings back the
> credentials, But I need the pop-up. Here is my code.
>
> Thanks,
>
>
> Mike
>
>
> import java.io.IOException;
> import java.io.PrintWriter;
>
> import javax.servlet.ServletContext;
> import javax.servlet.ServletException;
> import javax.servlet.http.HttpServlet;
> import javax.servlet.http.HttpServletRequest;
> import javax.servlet.http.HttpServletResponse;
> import javax.servlet.http.HttpSession;
> import jcifs.UniAddress;
> import jcifs.netbios.NbtAddress;
> import jcifs.smb.SmbSession;
> import jcifs.util.Base64;
> import jcifs.http.NtlmHttpSession;
>
> public class jcifstest extends HttpServlet {
>
> public void doPost(
> javax.servlet.http.HttpServletRequest request,
> javax.servlet.http.HttpServletResponse response)
> throws javax.servlet.ServletException, java.io.IOException {
>
> PrintWriter out = response.getWriter();
> ServletContext context = getServletContext();
> String domainController = "192.168.1.102";
> String domain = "HOMEDOM";
> boolean debug = true;
> HttpServletRequest req;
> HttpServletResponse resp;
> HttpSession ssn;
> NtlmHttpSession ntlm;
> String msg;
> byte[] src;
>
> try {
> req = (HttpServletRequest) request;
> resp = (HttpServletResponse) response;
>
> ssn = req.getSession(); /* Retrive the NTLM session
> */
> ntlm = (NtlmHttpSession) ssn.getAttribute("NtlmHttpSession");
> msg = req.getHeader("Authorization");
>
> if (msg == null || msg.startsWith("NTLM ") == false) {
> resp.reset();
> resp.setContentLength(0);
> resp.setHeader("WWW-Authenticate", "NTLM");
> resp.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
> resp.flushBuffer();
> return;
> }
>
> src = Base64.decode(msg.substring(5));
>
> if (src[8] == 1) {
> String svr;
> byte[] dst = new byte[40];
>
> ntlm = new NtlmHttpSession();
> /* Message 1
> */
> ntlm.decodeType1Message(src);
> ssn.setAttribute("ntlmworkgroup", ntlm.domain);
>
> /* If a "Domain Contoller" IP was not specified try and
> lookup
> * a real domain controller using jcifs.smb.client.domain
> */
> if ((svr = domainController) == null) {
> svr = domain != null ? domain : ntlm.domain;
> svr = NbtAddress.getByName(svr, 0x1c,
> null).getHostAddress();
> }
>
> ntlm.domainController = UniAddress.getByName(svr);
> ntlm.challenge =
> SmbSession.getChallenge(ntlm.domainController);
>
> /* Message 2
> */
> msg = Base64.encodeBytes(dst, 0,
> ntlm.encodeType2Message(dst));
>
> /* Save NTLM session in HTTP session
> */
> ssn.setAttribute("NtlmHttpSession", ntlm);
>
> resp.reset();
> resp.setContentLength(0);
> resp.setHeader("WWW-Authenticate", "NTLM " + msg);
> resp.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
> resp.flushBuffer();
> return;
> } else
> if (src[8] == 3) { /* Message 3
> */
>
> ntlm.decodeType3Message(Base64.decode(msg.substring(5)));
> } else {
> throw new ServletException("NTLM HTTP Authentication
> message invalid");
> }
>
> SmbSession.logon(ntlm.domainController, ntlm.auth);
>
> ssn.setAttribute("ntlmdomain", ntlm.domain);
> ssn.setAttribute("ntlmuser", ntlm.user);
> ssn.setAttribute("ntlmhost", ntlm.host);
>
> if (debug) {
> context.log(
> "NTLM HTTP Autentication successfull: "
> + ntlm.domain
> + "\\"
> + ntlm.user
> + "@"
> + ntlm.host);
> }
> out.print("ntdomain: " + ssn.getAttribute("ntlmdomain"));
> } catch (Exception e) {
> out.print("An Error has occured: " + e.getMessage());
> }
>
> }
>
> public void doGet(
> javax.servlet.http.HttpServletRequest request,
> javax.servlet.http.HttpServletResponse response)
> throws javax.servlet.ServletException, java.io.IOException {
> doPost(request, response);
> }
>
> }
>
> On 10/15/02 9:55 PM, "Allen, Michael B (RSCH)" <Michael_B_Allen at ml.com>
> wrote:
>
> > The code is pretty simple. I don't think it would be hard to adapt it.
> > Actually
> > the current code is somewhat flawed and more complicated than it needs to
> > be. The 0.7.0b4 package will be released RSN. Look at that.
> >
> >> -----Original Message-----
> >> From: Michael Piscatello [SMTP:mpiscatello at directvinternet.com]
> >> Sent: Tuesday, October 15, 2002 9:53 PM
> >> To: jcifs at lists.samba.org
> >> Subject: [jcifs] Alternative to jcifs.http.NtlmHttpFilter
> >>
> >> Help! I need the functionality of the NtlmHttpFilter but I am stuck with a
> >> 2.2 Servlet spec app server (Websphere) Has anyone replicated the
> >> functionality of the NtlmHttpFilter in a servlet?
> >>
> >> Thanks
> >>
> >> Mike
> >>
> >
> >
>
More information about the jcifs
mailing list