[jcifs] Alternative to jcifs.http.NtlmHttpFilter
Michael Piscatello
mpiscatello at directvinternet.com
Thu Oct 17 22:33:28 EST 2002
Eric,
Thank you very much. I will try it today in our environment.
Thanks again,
Mike
On 10/17/02 5:00 AM, "Glass, Eric" <eric.glass at capitalone.com> wrote:
> Attached is a servlet which uses the 0.7.0b4 NTLM stuff to do authentication
> -- this should work in pre-2.3 Servlet environments. It only overrides the
> "service" method, so if you are just implementing doGet, doPost, etc. it
> should be a drop in replacement for HttpServlet; i.e., you can just change:
>
> public class MyServlet extends HttpServlet
>
> to:
>
> public class MyServlet extends NtlmServlet
>
> and be up and going. You would set all the jcifs.* parameters (domain
> controller, etc.) via the servlet's initparameters (similar to the filter
> configuration in 2.3+ environments).
>
> See also the notes just posted to the list regarding 0.7.0b4. If you don't
> subscribe to the list the message in question is here:
> http://lists.samba.org/pipermail/jcifs/2002-October/002693.html
>
>> -----Original Message-----
>> From: Allen, Michael B (RSCH) [mailto:Michael_B_Allen at ml.com]
>> Sent: Thursday, October 17, 2002 1:27 AM
>> To: 'Michael Piscatello'; jcifs at lists.samba.org
>> Subject: RE: [jcifs] Alternative to jcifs.http.NtlmHttpFilter
>>
>>
>> I just noticed you said "pop-up". Do you mean the
>> authentication dialog? NTLM
>> SSP negotiates user password hashes on the fly. There's no
>> need for a dialog.
>>
>> Not sure why you would want the dialog to come up but just in
>> case, you can get it
>> to come up if send "401 Unauthorized / WWW-Authenticate:
>> NTLM" again *after you
>> have already negotiated password hashes once*. But you'll
>> have to read about how
>> NTLM HTTP Authentication actually works before you get that
>> far. Read the end of this:
>> http://jcifs.samba.org/src/docs/ntlmhttpauth.html for starters.
>>
>>> -----Original Message-----
>>> From: Michael Piscatello
>> [SMTP:mpiscatello at directvinternet.com]
>>> Sent: Wednesday, October 16, 2002 8:21 AM
>>> To: Allen, Michael B (RSCH); jcifs at lists.samba.org
>>> Subject: Re: [jcifs] Alternative to jcifs.http.NtlmHttpFilter
>>>
>>> Mike,
>>>
>>> Thanks! RSN? I did try to adapt it, but it does not bring
>> up the NTLM
>>> challenge box. It returns, null and then after refreshing,
>> brings back the
>>> credentials, But I need the pop-up. Here is my code.
>>>
>>> Thanks,
>>>
>>>
>>> Mike
>>>
>>>
>>> import java.io.IOException;
>>> import java.io.PrintWriter;
>>>
>>> import javax.servlet.ServletContext;
>>> import javax.servlet.ServletException;
>>> import javax.servlet.http.HttpServlet;
>>> import javax.servlet.http.HttpServletRequest;
>>> import javax.servlet.http.HttpServletResponse;
>>> import javax.servlet.http.HttpSession;
>>> import jcifs.UniAddress;
>>> import jcifs.netbios.NbtAddress;
>>> import jcifs.smb.SmbSession;
>>> import jcifs.util.Base64;
>>> import jcifs.http.NtlmHttpSession;
>>>
>>> public class jcifstest extends HttpServlet {
>>>
>>> public void doPost(
>>> javax.servlet.http.HttpServletRequest request,
>>> javax.servlet.http.HttpServletResponse response)
>>> throws javax.servlet.ServletException, java.io.IOException {
>>>
>>> PrintWriter out = response.getWriter();
>>> ServletContext context = getServletContext();
>>> String domainController = "192.168.1.102";
>>> String domain = "HOMEDOM";
>>> boolean debug = true;
>>> HttpServletRequest req;
>>> HttpServletResponse resp;
>>> HttpSession ssn;
>>> NtlmHttpSession ntlm;
>>> String msg;
>>> byte[] src;
>>>
>>> try {
>>> req = (HttpServletRequest) request;
>>> resp = (HttpServletResponse) response;
>>>
>>> ssn = req.getSession(); /* Retrive the NTLM session
>>> */
>>> ntlm = (NtlmHttpSession)
>> ssn.getAttribute("NtlmHttpSession");
>>> msg = req.getHeader("Authorization");
>>>
>>> if (msg == null || msg.startsWith("NTLM ") == false) {
>>> resp.reset();
>>> resp.setContentLength(0);
>>> resp.setHeader("WWW-Authenticate", "NTLM");
>>> resp.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
>>> resp.flushBuffer();
>>> return;
>>> }
>>>
>>> src = Base64.decode(msg.substring(5));
>>>
>>> if (src[8] == 1) {
>>> String svr;
>>> byte[] dst = new byte[40];
>>>
>>> ntlm = new NtlmHttpSession();
>>> /* Message 1
>>> */
>>> ntlm.decodeType1Message(src);
>>> ssn.setAttribute("ntlmworkgroup", ntlm.domain);
>>>
>>> /* If a "Domain Contoller" IP was not
>> specified try and
>>> lookup
>>> * a real domain controller using
>> jcifs.smb.client.domain
>>> */
>>> if ((svr = domainController) == null) {
>>> svr = domain != null ? domain : ntlm.domain;
>>> svr = NbtAddress.getByName(svr, 0x1c,
>>> null).getHostAddress();
>>> }
>>>
>>> ntlm.domainController = UniAddress.getByName(svr);
>>> ntlm.challenge =
>>> SmbSession.getChallenge(ntlm.domainController);
>>>
>>> /* Message 2
>>> */
>>> msg = Base64.encodeBytes(dst, 0,
>>> ntlm.encodeType2Message(dst));
>>>
>>> /* Save NTLM session in HTTP session
>>> */
>>> ssn.setAttribute("NtlmHttpSession", ntlm);
>>>
>>> resp.reset();
>>> resp.setContentLength(0);
>>> resp.setHeader("WWW-Authenticate", "NTLM " + msg);
>>> resp.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
>>> resp.flushBuffer();
>>> return;
>>> } else
>>> if (src[8] == 3) { /* Message 3
>>> */
>>>
>>> ntlm.decodeType3Message(Base64.decode(msg.substring(5)));
>>> } else {
>>> throw new ServletException("NTLM HTTP
>> Authentication
>>> message invalid");
>>> }
>>>
>>> SmbSession.logon(ntlm.domainController, ntlm.auth);
>>>
>>> ssn.setAttribute("ntlmdomain", ntlm.domain);
>>> ssn.setAttribute("ntlmuser", ntlm.user);
>>> ssn.setAttribute("ntlmhost", ntlm.host);
>>>
>>> if (debug) {
>>> context.log(
>>> "NTLM HTTP Autentication successfull: "
>>> + ntlm.domain
>>> + "\\"
>>> + ntlm.user
>>> + "@"
>>> + ntlm.host);
>>> }
>>> out.print("ntdomain: " +
>> ssn.getAttribute("ntlmdomain"));
>>> } catch (Exception e) {
>>> out.print("An Error has occured: " + e.getMessage());
>>> }
>>>
>>> }
>>>
>>> public void doGet(
>>> javax.servlet.http.HttpServletRequest request,
>>> javax.servlet.http.HttpServletResponse response)
>>> throws javax.servlet.ServletException, java.io.IOException {
>>> doPost(request, response);
>>> }
>>>
>>> }
>>>
>>> On 10/15/02 9:55 PM, "Allen, Michael B (RSCH)"
>> <Michael_B_Allen at ml.com>
>>> wrote:
>>>
>>>> The code is pretty simple. I don't think it would be hard
>> to adapt it.
>>>> Actually
>>>> the current code is somewhat flawed and more complicated
>> than it needs to
>>>> be. The 0.7.0b4 package will be released RSN. Look at that.
>>>>
>>>>> -----Original Message-----
>>>>> From: Michael Piscatello
>> [SMTP:mpiscatello at directvinternet.com]
>>>>> Sent: Tuesday, October 15, 2002 9:53 PM
>>>>> To: jcifs at lists.samba.org
>>>>> Subject: [jcifs] Alternative to jcifs.http.NtlmHttpFilter
>>>>>
>>>>> Help! I need the functionality of the NtlmHttpFilter but
>> I am stuck with a
>>>>> 2.2 Servlet spec app server (Websphere) Has anyone replicated the
>>>>> functionality of the NtlmHttpFilter in a servlet?
>>>>>
>>>>> Thanks
>>>>>
>>>>> Mike
>>>>>
>>>>
>>>>
>>>
>>
>
> **************************************************************************
> The information transmitted herewith is sensitive information intended only
> for use by the individual or entity to which it is addressed. If the reader
> of this message is not the intended recipient, you are hereby notified that
> any review, retransmission, dissemination, distribution, copying or other
> use of, or taking of any action in reliance upon this information is
> strictly prohibited. If you have received this communication in error,
> please contact the sender and delete the material from your computer.
>
>
>
More information about the jcifs
mailing list