[jcifs] Alternative to jcifs.http.NtlmHttpFilter
Allen, Michael B (RSCH)
Michael_B_Allen at ml.com
Mon Oct 21 17:41:44 EST 2002
Michael,
Please let us know how this works for you in a pre-2.3 Servlet environment.
Eric,
Depending on Michael's experience and with your permission I would like to insert the standard LGPL disclaimer and include this in the distro. Okay?
> -----Original Message-----
> From: Glass, Eric [SMTP:eric.glass at capitalone.com]
> Sent: Thursday, October 17, 2002 5:00 AM
> To: jcifs at lists.samba.org
> Cc: 'melbaird at hotmail.com'; 'Allen, Michael B (RSCH)'; 'Michael Piscatello'
> Subject: RE: [jcifs] Alternative to jcifs.http.NtlmHttpFilter
>
> Attached is a servlet which uses the 0.7.0b4 NTLM stuff to do authentication
> -- this should work in pre-2.3 Servlet environments. It only overrides the
> "service" method, so if you are just implementing doGet, doPost, etc. it
> should be a drop in replacement for HttpServlet; i.e., you can just change:
>
> public class MyServlet extends HttpServlet
>
> to:
>
> public class MyServlet extends NtlmServlet
>
> and be up and going. You would set all the jcifs.* parameters (domain
> controller, etc.) via the servlet's initparameters (similar to the filter
> configuration in 2.3+ environments).
>
> See also the notes just posted to the list regarding 0.7.0b4. If you don't
> subscribe to the list the message in question is here:
> http://lists.samba.org/pipermail/jcifs/2002-October/002693.html
>
> > -----Original Message-----
> > From: Allen, Michael B (RSCH) [mailto:Michael_B_Allen at ml.com]
> > Sent: Thursday, October 17, 2002 1:27 AM
> > To: 'Michael Piscatello'; jcifs at lists.samba.org
> > Subject: RE: [jcifs] Alternative to jcifs.http.NtlmHttpFilter
> >
> >
> > I just noticed you said "pop-up". Do you mean the
> > authentication dialog? NTLM
> > SSP negotiates user password hashes on the fly. There's no
> > need for a dialog.
> >
> > Not sure why you would want the dialog to come up but just in
> > case, you can get it
> > to come up if send "401 Unauthorized / WWW-Authenticate:
> > NTLM" again *after you
> > have already negotiated password hashes once*. But you'll
> > have to read about how
> > NTLM HTTP Authentication actually works before you get that
> > far. Read the end of this:
> > http://jcifs.samba.org/src/docs/ntlmhttpauth.html for starters.
> >
> > > -----Original Message-----
> > > From: Michael Piscatello
> > [SMTP:mpiscatello at directvinternet.com]
> > > Sent: Wednesday, October 16, 2002 8:21 AM
> > > To: Allen, Michael B (RSCH); jcifs at lists.samba.org
> > > Subject: Re: [jcifs] Alternative to jcifs.http.NtlmHttpFilter
> > >
> > > Mike,
> > >
> > > Thanks! RSN? I did try to adapt it, but it does not bring
> > up the NTLM
> > > challenge box. It returns, null and then after refreshing,
> > brings back the
> > > credentials, But I need the pop-up. Here is my code.
> > >
> > > Thanks,
> > >
> > >
> > > Mike
> > >
> > >
> > > import java.io.IOException;
> > > import java.io.PrintWriter;
> > >
> > > import javax.servlet.ServletContext;
> > > import javax.servlet.ServletException;
> > > import javax.servlet.http.HttpServlet;
> > > import javax.servlet.http.HttpServletRequest;
> > > import javax.servlet.http.HttpServletResponse;
> > > import javax.servlet.http.HttpSession;
> > > import jcifs.UniAddress;
> > > import jcifs.netbios.NbtAddress;
> > > import jcifs.smb.SmbSession;
> > > import jcifs.util.Base64;
> > > import jcifs.http.NtlmHttpSession;
> > >
> > > public class jcifstest extends HttpServlet {
> > >
> > > public void doPost(
> > > javax.servlet.http.HttpServletRequest request,
> > > javax.servlet.http.HttpServletResponse response)
> > > throws javax.servlet.ServletException, java.io.IOException {
> > >
> > > PrintWriter out = response.getWriter();
> > > ServletContext context = getServletContext();
> > > String domainController = "192.168.1.102";
> > > String domain = "HOMEDOM";
> > > boolean debug = true;
> > > HttpServletRequest req;
> > > HttpServletResponse resp;
> > > HttpSession ssn;
> > > NtlmHttpSession ntlm;
> > > String msg;
> > > byte[] src;
> > >
> > > try {
> > > req = (HttpServletRequest) request;
> > > resp = (HttpServletResponse) response;
> > >
> > > ssn = req.getSession(); /* Retrive the NTLM session
> > > */
> > > ntlm = (NtlmHttpSession)
> > ssn.getAttribute("NtlmHttpSession");
> > > msg = req.getHeader("Authorization");
> > >
> > > if (msg == null || msg.startsWith("NTLM ") == false) {
> > > resp.reset();
> > > resp.setContentLength(0);
> > > resp.setHeader("WWW-Authenticate", "NTLM");
> > > resp.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
> > > resp.flushBuffer();
> > > return;
> > > }
> > >
> > > src = Base64.decode(msg.substring(5));
> > >
> > > if (src[8] == 1) {
> > > String svr;
> > > byte[] dst = new byte[40];
> > >
> > > ntlm = new NtlmHttpSession();
> > > /* Message 1
> > > */
> > > ntlm.decodeType1Message(src);
> > > ssn.setAttribute("ntlmworkgroup", ntlm.domain);
> > >
> > > /* If a "Domain Contoller" IP was not
> > specified try and
> > > lookup
> > > * a real domain controller using
> > jcifs.smb.client.domain
> > > */
> > > if ((svr = domainController) == null) {
> > > svr = domain != null ? domain : ntlm.domain;
> > > svr = NbtAddress.getByName(svr, 0x1c,
> > > null).getHostAddress();
> > > }
> > >
> > > ntlm.domainController = UniAddress.getByName(svr);
> > > ntlm.challenge =
> > > SmbSession.getChallenge(ntlm.domainController);
> > >
> > > /* Message 2
> > > */
> > > msg = Base64.encodeBytes(dst, 0,
> > > ntlm.encodeType2Message(dst));
> > >
> > > /* Save NTLM session in HTTP session
> > > */
> > > ssn.setAttribute("NtlmHttpSession", ntlm);
> > >
> > > resp.reset();
> > > resp.setContentLength(0);
> > > resp.setHeader("WWW-Authenticate", "NTLM " + msg);
> > > resp.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
> > > resp.flushBuffer();
> > > return;
> > > } else
> > > if (src[8] == 3) { /* Message 3
> > > */
> > >
> > > ntlm.decodeType3Message(Base64.decode(msg.substring(5)));
> > > } else {
> > > throw new ServletException("NTLM HTTP
> > Authentication
> > > message invalid");
> > > }
> > >
> > > SmbSession.logon(ntlm.domainController, ntlm.auth);
> > >
> > > ssn.setAttribute("ntlmdomain", ntlm.domain);
> > > ssn.setAttribute("ntlmuser", ntlm.user);
> > > ssn.setAttribute("ntlmhost", ntlm.host);
> > >
> > > if (debug) {
> > > context.log(
> > > "NTLM HTTP Autentication successfull: "
> > > + ntlm.domain
> > > + "\\"
> > > + ntlm.user
> > > + "@"
> > > + ntlm.host);
> > > }
> > > out.print("ntdomain: " +
> > ssn.getAttribute("ntlmdomain"));
> > > } catch (Exception e) {
> > > out.print("An Error has occured: " + e.getMessage());
> > > }
> > >
> > > }
> > >
> > > public void doGet(
> > > javax.servlet.http.HttpServletRequest request,
> > > javax.servlet.http.HttpServletResponse response)
> > > throws javax.servlet.ServletException, java.io.IOException {
> > > doPost(request, response);
> > > }
> > >
> > > }
> > >
> > > On 10/15/02 9:55 PM, "Allen, Michael B (RSCH)"
> > <Michael_B_Allen at ml.com>
> > > wrote:
> > >
> > > > The code is pretty simple. I don't think it would be hard
> > to adapt it.
> > > > Actually
> > > > the current code is somewhat flawed and more complicated
> > than it needs to
> > > > be. The 0.7.0b4 package will be released RSN. Look at that.
> > > >
> > > >> -----Original Message-----
> > > >> From: Michael Piscatello
> > [SMTP:mpiscatello at directvinternet.com]
> > > >> Sent: Tuesday, October 15, 2002 9:53 PM
> > > >> To: jcifs at lists.samba.org
> > > >> Subject: [jcifs] Alternative to jcifs.http.NtlmHttpFilter
> > > >>
> > > >> Help! I need the functionality of the NtlmHttpFilter but
> > I am stuck with a
> > > >> 2.2 Servlet spec app server (Websphere) Has anyone replicated the
> > > >> functionality of the NtlmHttpFilter in a servlet?
> > > >>
> > > >> Thanks
> > > >>
> > > >> Mike
> > > >>
> > > >
> > > >
> > >
> >
>
> **************************************************************************
> The information transmitted herewith is sensitive information intended only
> for use by the individual or entity to which it is addressed. If the reader
> of this message is not the intended recipient, you are hereby notified that
> any review, retransmission, dissemination, distribution, copying or other
> use of, or taking of any action in reliance upon this information is
> strictly prohibited. If you have received this communication in error,
> please contact the sender and delete the material from your computer.
>
> << File: NtlmServlet.java >>
More information about the jcifs
mailing list