[jcifs] Alternative to jcifs.http.NtlmHttpFilter

Glass, Eric eric.glass at capitalone.com
Thu Oct 17 19:00:29 EST 2002


Attached is a servlet which uses the 0.7.0b4 NTLM stuff to do authentication
-- this should work in pre-2.3 Servlet environments.  It only overrides the
"service" method, so if you are just implementing doGet, doPost, etc. it
should be a drop in replacement for HttpServlet;  i.e., you can just change:

public class MyServlet extends HttpServlet

    to:

public class MyServlet extends NtlmServlet

and be up and going.  You would set all the jcifs.* parameters (domain
controller, etc.) via the servlet's initparameters (similar to the filter
configuration in 2.3+ environments).

See also the notes just posted to the list regarding 0.7.0b4.  If you don't
subscribe to the list the message in question is here:
http://lists.samba.org/pipermail/jcifs/2002-October/002693.html

> -----Original Message-----
> From: Allen, Michael B (RSCH) [mailto:Michael_B_Allen at ml.com]
> Sent: Thursday, October 17, 2002 1:27 AM
> To: 'Michael Piscatello'; jcifs at lists.samba.org
> Subject: RE: [jcifs] Alternative to jcifs.http.NtlmHttpFilter
> 
> 
> I just noticed you said "pop-up". Do you mean the 
> authentication dialog? NTLM
> SSP negotiates user password hashes on the fly. There's no 
> need for a dialog.
> 
> Not sure why you would want the dialog to come up but just in 
> case, you can get it
> to come up if send "401 Unauthorized / WWW-Authenticate: 
> NTLM" again *after you
> have already negotiated password hashes once*. But you'll 
> have to read about how
> NTLM HTTP Authentication actually works before you get that 
> far. Read the end of this:
> http://jcifs.samba.org/src/docs/ntlmhttpauth.html for starters.
> 
> > -----Original Message-----
> > From:	Michael Piscatello 
> [SMTP:mpiscatello at directvinternet.com]
> > Sent:	Wednesday, October 16, 2002 8:21 AM
> > To:	Allen, Michael B (RSCH); jcifs at lists.samba.org
> > Subject:	Re: [jcifs] Alternative to jcifs.http.NtlmHttpFilter
> > 
> > Mike,
> > 
> > Thanks! RSN? I did try to adapt it, but it does not bring 
> up the NTLM
> > challenge box. It returns, null and then after refreshing, 
> brings back the
> > credentials, But I need the pop-up. Here is my code.
> > 
> > Thanks,
> > 
> > 
> > Mike
> > 
> > 
> > import java.io.IOException;
> > import java.io.PrintWriter;
> > 
> > import javax.servlet.ServletContext;
> > import javax.servlet.ServletException;
> > import javax.servlet.http.HttpServlet;
> > import javax.servlet.http.HttpServletRequest;
> > import javax.servlet.http.HttpServletResponse;
> > import javax.servlet.http.HttpSession;
> > import jcifs.UniAddress;
> > import jcifs.netbios.NbtAddress;
> > import jcifs.smb.SmbSession;
> > import jcifs.util.Base64;
> > import jcifs.http.NtlmHttpSession;
> > 
> > public class jcifstest extends HttpServlet {
> > 
> >     public void doPost(
> >         javax.servlet.http.HttpServletRequest request,
> >         javax.servlet.http.HttpServletResponse response)
> >         throws javax.servlet.ServletException, java.io.IOException {
> > 
> >         PrintWriter out = response.getWriter();
> >         ServletContext context = getServletContext();
> >         String domainController = "192.168.1.102";
> >         String domain = "HOMEDOM";
> >         boolean debug = true;
> >         HttpServletRequest req;
> >         HttpServletResponse resp;
> >         HttpSession ssn;
> >         NtlmHttpSession ntlm;
> >         String msg;
> >         byte[] src;
> > 
> >         try {
> >             req = (HttpServletRequest) request;
> >             resp = (HttpServletResponse) response;
> > 
> >             ssn = req.getSession(); /* Retrive the NTLM session
> >             */
> >             ntlm = (NtlmHttpSession) 
> ssn.getAttribute("NtlmHttpSession");
> >             msg = req.getHeader("Authorization");
> > 
> >             if (msg == null || msg.startsWith("NTLM ") == false) {
> >                 resp.reset();
> >                 resp.setContentLength(0);
> >                 resp.setHeader("WWW-Authenticate", "NTLM");
> >                 resp.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
> >                 resp.flushBuffer();
> >                 return;
> >             }
> > 
> >             src = Base64.decode(msg.substring(5));
> > 
> >             if (src[8] == 1) {
> >                 String svr;
> >                 byte[] dst = new byte[40];
> > 
> >                 ntlm = new NtlmHttpSession();
> >                 /* Message 1
> >                  */
> >                 ntlm.decodeType1Message(src);
> >                 ssn.setAttribute("ntlmworkgroup", ntlm.domain);
> > 
> >                 /* If a "Domain Contoller" IP was not 
> specified try and
> > lookup
> >                  * a real domain controller using 
> jcifs.smb.client.domain
> >                  */
> >                 if ((svr = domainController) == null) {
> >                     svr = domain != null ? domain : ntlm.domain;
> >                     svr = NbtAddress.getByName(svr, 0x1c,
> > null).getHostAddress();
> >                 }
> > 
> >                 ntlm.domainController = UniAddress.getByName(svr);
> >                 ntlm.challenge =
> > SmbSession.getChallenge(ntlm.domainController);
> > 
> >                 /* Message 2
> >                  */
> >                 msg = Base64.encodeBytes(dst, 0,
> > ntlm.encodeType2Message(dst));
> > 
> >                 /* Save NTLM session in HTTP session
> >                  */
> >                 ssn.setAttribute("NtlmHttpSession", ntlm);
> > 
> >                 resp.reset();
> >                 resp.setContentLength(0);
> >                 resp.setHeader("WWW-Authenticate", "NTLM " + msg);
> >                 resp.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
> >                 resp.flushBuffer();
> >                 return;
> >             } else
> >                 if (src[8] == 3) { /* Message 3
> >                 */
> >                    
> > ntlm.decodeType3Message(Base64.decode(msg.substring(5)));
> >                 } else {
> >                     throw new ServletException("NTLM HTTP 
> Authentication
> > message invalid");
> >                 }
> > 
> >             SmbSession.logon(ntlm.domainController, ntlm.auth);
> > 
> >             ssn.setAttribute("ntlmdomain", ntlm.domain);
> >             ssn.setAttribute("ntlmuser", ntlm.user);
> >             ssn.setAttribute("ntlmhost", ntlm.host);
> > 
> >             if (debug) {
> >                 context.log(
> >                     "NTLM HTTP Autentication successfull: "
> >                         + ntlm.domain
> >                         + "\\"
> >                         + ntlm.user
> >                         + "@"
> >                         + ntlm.host);
> >             }
> >             out.print("ntdomain: " + 
> ssn.getAttribute("ntlmdomain"));
> >         } catch (Exception e) {
> >             out.print("An Error has occured: " + e.getMessage());
> >         }
> > 
> >     }
> > 
> >     public void doGet(
> >         javax.servlet.http.HttpServletRequest request,
> >         javax.servlet.http.HttpServletResponse response)
> >         throws javax.servlet.ServletException, java.io.IOException {
> >         doPost(request, response);
> >     }
> > 
> > }
> > 
> > On 10/15/02 9:55 PM, "Allen, Michael B (RSCH)" 
> <Michael_B_Allen at ml.com>
> > wrote:
> > 
> > > The code is pretty simple. I don't think it would be hard 
> to adapt it.
> > > Actually
> > > the current code is somewhat flawed and more complicated 
> than it needs to
> > > be. The 0.7.0b4 package will be released RSN. Look at that.
> > > 
> > >> -----Original Message-----
> > >> From:    Michael Piscatello 
> [SMTP:mpiscatello at directvinternet.com]
> > >> Sent:    Tuesday, October 15, 2002 9:53 PM
> > >> To:    jcifs at lists.samba.org
> > >> Subject:    [jcifs] Alternative to jcifs.http.NtlmHttpFilter
> > >> 
> > >> Help! I need the functionality of the NtlmHttpFilter but 
> I am stuck with a
> > >> 2.2 Servlet spec app server (Websphere) Has anyone replicated the
> > >> functionality of the NtlmHttpFilter in a servlet?
> > >> 
> > >> Thanks
> > >> 
> > >> Mike
> > >> 
> > > 
> > > 
> > 
> 
 
**************************************************************************
The information transmitted herewith is sensitive information intended only
for use by the individual or entity to which it is addressed. If the reader
of this message is not the intended recipient, you are hereby notified that
any review, retransmission, dissemination, distribution, copying or other
use of, or taking of any action in reliance upon this information is
strictly prohibited. If you have received this communication in error,
please contact the sender and delete the material from your computer.
  

-------------- next part --------------
A non-text attachment was scrubbed...
Name: NtlmServlet.java
Type: application/octet-stream
Size: 2582 bytes
Desc: not available
Url : http://lists.samba.org/archive/jcifs/attachments/20021017/6a3290f2/NtlmServlet.obj


More information about the jcifs mailing list