[jcifs] Alternative to jcifs.http.NtlmHttpFilter
Glass, Eric
eric.glass at capitalone.com
Mon Oct 21 18:47:49 EST 2002
That would be fine by me.
> -----Original Message-----
> From: Allen, Michael B (RSCH) [mailto:Michael_B_Allen at ml.com]
> Sent: Monday, October 21, 2002 3:42 AM
> To: Glass, Eric; jcifs at lists.samba.org
> Cc: 'melbaird at hotmail.com'; 'Michael Piscatello'
> Subject: RE: [jcifs] Alternative to jcifs.http.NtlmHttpFilter
>
>
> Michael,
>
> Please let us know how this works for you in a pre-2.3
> Servlet environment.
>
> Eric,
>
> Depending on Michael's experience and with your permission I
> would like to insert the standard LGPL disclaimer and include
> this in the distro. Okay?
>
> > -----Original Message-----
> > From: Glass, Eric [SMTP:eric.glass at capitalone.com]
> > Sent: Thursday, October 17, 2002 5:00 AM
> > To: jcifs at lists.samba.org
> > Cc: 'melbaird at hotmail.com'; 'Allen, Michael B (RSCH)';
> 'Michael Piscatello'
> > Subject: RE: [jcifs] Alternative to jcifs.http.NtlmHttpFilter
> >
> > Attached is a servlet which uses the 0.7.0b4 NTLM stuff to
> do authentication
> > -- this should work in pre-2.3 Servlet environments. It
> only overrides the
> > "service" method, so if you are just implementing doGet,
> doPost, etc. it
> > should be a drop in replacement for HttpServlet; i.e., you
> can just change:
> >
> > public class MyServlet extends HttpServlet
> >
> > to:
> >
> > public class MyServlet extends NtlmServlet
> >
> > and be up and going. You would set all the jcifs.*
> parameters (domain
> > controller, etc.) via the servlet's initparameters (similar
> to the filter
> > configuration in 2.3+ environments).
> >
> > See also the notes just posted to the list regarding
> 0.7.0b4. If you don't
> > subscribe to the list the message in question is here:
> > http://lists.samba.org/pipermail/jcifs/2002-October/002693.html
> >
> > > -----Original Message-----
> > > From: Allen, Michael B (RSCH) [mailto:Michael_B_Allen at ml.com]
> > > Sent: Thursday, October 17, 2002 1:27 AM
> > > To: 'Michael Piscatello'; jcifs at lists.samba.org
> > > Subject: RE: [jcifs] Alternative to jcifs.http.NtlmHttpFilter
> > >
> > >
> > > I just noticed you said "pop-up". Do you mean the
> > > authentication dialog? NTLM
> > > SSP negotiates user password hashes on the fly. There's no
> > > need for a dialog.
> > >
> > > Not sure why you would want the dialog to come up but just in
> > > case, you can get it
> > > to come up if send "401 Unauthorized / WWW-Authenticate:
> > > NTLM" again *after you
> > > have already negotiated password hashes once*. But you'll
> > > have to read about how
> > > NTLM HTTP Authentication actually works before you get that
> > > far. Read the end of this:
> > > http://jcifs.samba.org/src/docs/ntlmhttpauth.html for starters.
> > >
> > > > -----Original Message-----
> > > > From: Michael Piscatello
> > > [SMTP:mpiscatello at directvinternet.com]
> > > > Sent: Wednesday, October 16, 2002 8:21 AM
> > > > To: Allen, Michael B (RSCH); jcifs at lists.samba.org
> > > > Subject: Re: [jcifs] Alternative to
> jcifs.http.NtlmHttpFilter
> > > >
> > > > Mike,
> > > >
> > > > Thanks! RSN? I did try to adapt it, but it does not bring
> > > up the NTLM
> > > > challenge box. It returns, null and then after refreshing,
> > > brings back the
> > > > credentials, But I need the pop-up. Here is my code.
> > > >
> > > > Thanks,
> > > >
> > > >
> > > > Mike
> > > >
> > > >
> > > > import java.io.IOException;
> > > > import java.io.PrintWriter;
> > > >
> > > > import javax.servlet.ServletContext;
> > > > import javax.servlet.ServletException;
> > > > import javax.servlet.http.HttpServlet;
> > > > import javax.servlet.http.HttpServletRequest;
> > > > import javax.servlet.http.HttpServletResponse;
> > > > import javax.servlet.http.HttpSession;
> > > > import jcifs.UniAddress;
> > > > import jcifs.netbios.NbtAddress;
> > > > import jcifs.smb.SmbSession;
> > > > import jcifs.util.Base64;
> > > > import jcifs.http.NtlmHttpSession;
> > > >
> > > > public class jcifstest extends HttpServlet {
> > > >
> > > > public void doPost(
> > > > javax.servlet.http.HttpServletRequest request,
> > > > javax.servlet.http.HttpServletResponse response)
> > > > throws javax.servlet.ServletException,
> java.io.IOException {
> > > >
> > > > PrintWriter out = response.getWriter();
> > > > ServletContext context = getServletContext();
> > > > String domainController = "192.168.1.102";
> > > > String domain = "HOMEDOM";
> > > > boolean debug = true;
> > > > HttpServletRequest req;
> > > > HttpServletResponse resp;
> > > > HttpSession ssn;
> > > > NtlmHttpSession ntlm;
> > > > String msg;
> > > > byte[] src;
> > > >
> > > > try {
> > > > req = (HttpServletRequest) request;
> > > > resp = (HttpServletResponse) response;
> > > >
> > > > ssn = req.getSession(); /* Retrive the NTLM session
> > > > */
> > > > ntlm = (NtlmHttpSession)
> > > ssn.getAttribute("NtlmHttpSession");
> > > > msg = req.getHeader("Authorization");
> > > >
> > > > if (msg == null || msg.startsWith("NTLM ")
> == false) {
> > > > resp.reset();
> > > > resp.setContentLength(0);
> > > > resp.setHeader("WWW-Authenticate", "NTLM");
> > > >
> resp.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
> > > > resp.flushBuffer();
> > > > return;
> > > > }
> > > >
> > > > src = Base64.decode(msg.substring(5));
> > > >
> > > > if (src[8] == 1) {
> > > > String svr;
> > > > byte[] dst = new byte[40];
> > > >
> > > > ntlm = new NtlmHttpSession();
> > > > /* Message 1
> > > > */
> > > > ntlm.decodeType1Message(src);
> > > > ssn.setAttribute("ntlmworkgroup", ntlm.domain);
> > > >
> > > > /* If a "Domain Contoller" IP was not
> > > specified try and
> > > > lookup
> > > > * a real domain controller using
> > > jcifs.smb.client.domain
> > > > */
> > > > if ((svr = domainController) == null) {
> > > > svr = domain != null ? domain : ntlm.domain;
> > > > svr = NbtAddress.getByName(svr, 0x1c,
> > > > null).getHostAddress();
> > > > }
> > > >
> > > > ntlm.domainController =
> UniAddress.getByName(svr);
> > > > ntlm.challenge =
> > > > SmbSession.getChallenge(ntlm.domainController);
> > > >
> > > > /* Message 2
> > > > */
> > > > msg = Base64.encodeBytes(dst, 0,
> > > > ntlm.encodeType2Message(dst));
> > > >
> > > > /* Save NTLM session in HTTP session
> > > > */
> > > > ssn.setAttribute("NtlmHttpSession", ntlm);
> > > >
> > > > resp.reset();
> > > > resp.setContentLength(0);
> > > > resp.setHeader("WWW-Authenticate",
> "NTLM " + msg);
> > > >
> resp.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
> > > > resp.flushBuffer();
> > > > return;
> > > > } else
> > > > if (src[8] == 3) { /* Message 3
> > > > */
> > > >
> > > > ntlm.decodeType3Message(Base64.decode(msg.substring(5)));
> > > > } else {
> > > > throw new ServletException("NTLM HTTP
> > > Authentication
> > > > message invalid");
> > > > }
> > > >
> > > > SmbSession.logon(ntlm.domainController, ntlm.auth);
> > > >
> > > > ssn.setAttribute("ntlmdomain", ntlm.domain);
> > > > ssn.setAttribute("ntlmuser", ntlm.user);
> > > > ssn.setAttribute("ntlmhost", ntlm.host);
> > > >
> > > > if (debug) {
> > > > context.log(
> > > > "NTLM HTTP Autentication successfull: "
> > > > + ntlm.domain
> > > > + "\\"
> > > > + ntlm.user
> > > > + "@"
> > > > + ntlm.host);
> > > > }
> > > > out.print("ntdomain: " +
> > > ssn.getAttribute("ntlmdomain"));
> > > > } catch (Exception e) {
> > > > out.print("An Error has occured: " +
> e.getMessage());
> > > > }
> > > >
> > > > }
> > > >
> > > > public void doGet(
> > > > javax.servlet.http.HttpServletRequest request,
> > > > javax.servlet.http.HttpServletResponse response)
> > > > throws javax.servlet.ServletException,
> java.io.IOException {
> > > > doPost(request, response);
> > > > }
> > > >
> > > > }
> > > >
> > > > On 10/15/02 9:55 PM, "Allen, Michael B (RSCH)"
> > > <Michael_B_Allen at ml.com>
> > > > wrote:
> > > >
> > > > > The code is pretty simple. I don't think it would be hard
> > > to adapt it.
> > > > > Actually
> > > > > the current code is somewhat flawed and more complicated
> > > than it needs to
> > > > > be. The 0.7.0b4 package will be released RSN. Look at that.
> > > > >
> > > > >> -----Original Message-----
> > > > >> From: Michael Piscatello
> > > [SMTP:mpiscatello at directvinternet.com]
> > > > >> Sent: Tuesday, October 15, 2002 9:53 PM
> > > > >> To: jcifs at lists.samba.org
> > > > >> Subject: [jcifs] Alternative to jcifs.http.NtlmHttpFilter
> > > > >>
> > > > >> Help! I need the functionality of the NtlmHttpFilter but
> > > I am stuck with a
> > > > >> 2.2 Servlet spec app server (Websphere) Has anyone
> replicated the
> > > > >> functionality of the NtlmHttpFilter in a servlet?
> > > > >>
> > > > >> Thanks
> > > > >>
> > > > >> Mike
> > > > >>
> > > > >
> > > > >
> > > >
> > >
> >
> >
> **************************************************************
> ************
> > The information transmitted herewith is sensitive
> information intended only
> > for use by the individual or entity to which it is
> addressed. If the reader
> > of this message is not the intended recipient, you are
> hereby notified that
> > any review, retransmission, dissemination, distribution,
> copying or other
> > use of, or taking of any action in reliance upon this information is
> > strictly prohibited. If you have received this
> communication in error,
> > please contact the sender and delete the material from your
> computer.
> >
> > << File: NtlmServlet.java >>
>
**************************************************************************
The information transmitted herewith is sensitive information intended only
for use by the individual or entity to which it is addressed. If the reader
of this message is not the intended recipient, you are hereby notified that
any review, retransmission, dissemination, distribution, copying or other
use of, or taking of any action in reliance upon this information is
strictly prohibited. If you have received this communication in error,
please contact the sender and delete the material from your computer.
More information about the jcifs
mailing list