[jcifs] Linux and Windows

Rupesh Kumar rupesh.kumar at blr.techspan.com
Wed Mar 26 05:02:11 EST 2003 

Hi,
I did this for my project. Here is the code from my doFilter method. It
works for mozilla/netscape.
When prompted for a username, the user gives the username as
domain\username.
Please note that this uses basic authentication so it might not be secure
for use over internet.


    public void doFilter( ServletRequest request,
                          ServletResponse response,
                          FilterChain chain ) throws IOException,
ServletException {
        HttpServletRequest req;
        HttpServletResponse resp;
        NtlmPasswordAuthentication ntlm;
        UniAddress dc;
        byte[] challenge;
        String msg;
        HttpSession ssn;

        req = (HttpServletRequest)request;
        resp = (HttpServletResponse)response;
        ssn = req.getSession();
        msg = req.getHeader( "Authorization" );

        if(req.getHeader("User-Agent").indexOf("MSIE") < 0) {
            String uMsg = (msg != null) ? msg.toUpperCase() : null;
            if(uMsg != null && uMsg.startsWith("BASIC")) {
                // Get encoded user and password, comes after "BASIC "
                String userpassEncoded = msg.substring(6);
                // Decode it, using any base 64 decoder
                sun.misc.BASE64Decoder dec = new sun.misc.BASE64Decoder();
                String userpassDecoded = new
String(dec.decodeBuffer(userpassEncoded));
                int sep = userpassDecoded.indexOf(':');
                String username = userpassDecoded.substring(0,sep);
                String password =
userpassDecoded.substring(sep+1,userpassDecoded.length());
                int i;
                String domain = null;
                if(( i = username.indexOf( '\\' )) != -1 ) {
                    domain = username.substring( 0, i );
                    username = username.substring( i + 1 );
                }
                System.out.println("NtlmHttpFilter::doFilter- Basic
Authentication domain = " + domain + " username = " + username);
                ntlm = new NtlmPasswordAuthentication( domain, username,
password );
                dc = UniAddress.getByName( domainController, true );
                try {
                    SmbSession.logon( dc, ntlm );
                    System.out.println("NtlmHttpFilter - User " + username +
"has logged in" );
                } catch( SmbAuthException sae ) {
                    resp.setHeader( "WWW-Authenticate", "BASIC" );
                    resp.setHeader( "Connection", "close" );
                    resp.setStatus( HttpServletResponse.SC_UNAUTHORIZED );
                    resp.flushBuffer();
                    return;
                }
                ssn.setAttribute( "BasicHttpAuth", ntlm );

            }
            else if((ntlm =
(NtlmPasswordAuthentication)ssn.getAttribute("BasicHttpAuth")) == null) {
                resp.setHeader( "WWW-Authenticate", "BASIC" );
                resp.setHeader( "Connection", "close" );
                resp.setStatus( HttpServletResponse.SC_UNAUTHORIZED );
                resp.flushBuffer();
                return;
            }
            chain.doFilter( new NtlmHttpServletRequest( req, ntlm ),
response );
        }
        else {
            if( msg != null && msg.startsWith( "NTLM " )) {
                dc = UniAddress.getByName( domainController, true );
                challenge = SmbSession.getChallenge( dc );
                if(( ntlm = doAuthentication( req, resp, challenge )) ==
null ) {
                    return;
                }
                try {
                    SmbSession.logon( dc, ntlm );
					
                } catch( SmbAuthException sae ) {
                    resp.setHeader( "WWW-Authenticate", "NTLM" );
                    resp.setHeader( "Connection", "close" );
                    resp.setStatus( HttpServletResponse.SC_UNAUTHORIZED );
                    resp.flushBuffer();
                    return;
                }
                ssn.setAttribute( "NtlmHttpAuth", ntlm );
            } else if(( ntlm = (NtlmPasswordAuthentication)ssn.getAttribute(
"NtlmHttpAuth" )) == null ) {
                resp.setHeader( "WWW-Authenticate", "NTLM" );
                resp.setHeader( "Connection", "close" );
                resp.setStatus( HttpServletResponse.SC_UNAUTHORIZED );
                resp.flushBuffer();
                return;
            }
            chain.doFilter( new NtlmHttpServletRequest( req, ntlm ),
response );
        }

    }


Cheers,
-Rupesh

-----Original Message-----
From: Tyrrell, James [mailto:JTyrrell at AEGONUSA.com]
Sent: Tuesday, March 25, 2003 11:33 PM
To: 'Glass, Eric'; Tyrrell, James; 'jcifs at samba.org'
Subject: RE: [jcifs] Linux and Windows


Eric,

That would be great and something that I think this great package needs.  We
all live in this corporate world where windows is everywhere, but I hate to
tie something so completely to windows and IE that nothing else works and in
fact sometimes when I hit the server it appears to lock up if I get at it
(the site) from a browser that is not supported.  I have not really gotten
that nailed down just yet.

Thank You
Jim Tyrrell


-----Original Message-----
From: Glass, Eric [mailto:eric.glass at capitalone.com]
Sent: Tuesday, March 25, 2003 1:00 PM
To: 'Tyrrell, James'; 'jcifs at samba.org'
Subject: RE: [jcifs] Linux and Windows


I submitted a patch a very long time ago to enable HTTP-Basic authentication
as well as NTLM; this was against 0.7.0b4 or something, though, so a lot of
changes have been made since then.  Basically, if their browser doesn't
support NTLM authentication (Netscape, etc.), this prompts them for a
username and password which are then authenticated against the domain.  If I
get a chance, I'll work up something similar against the current codebase.

Eric


> -----Original Message-----
> From: Tyrrell, James [mailto:JTyrrell at AEGONUSA.com]
> Sent: Tuesday, March 25, 2003 12:53 PM
> To: 'jcifs at samba.org'
> Subject: [jcifs] Linux and Windows
> 
> 
> Everyone,
> 
> Okay I think I got though my localhost and IP address problem with the
> latter blocking my access to the site.
> 
> Now I have a question.  The filter servlet that is running 
> seems to look for
> certain strings and if they are not found in the header then it denies
> access to the server or in other words sends a 401.  Of 
> course some of these
> strings are only set by IE, shouldn't this filter try to detect in the
> header the users browser and work as it does for IE, but 
> allow or create
> another behavior if the users browser is not IE?
> 
> I guess my question is as I create web applications I find 
> this library to
> be a godsend, however it also ties me into only having 
> Windows users.  Since
> something like this library is useful on the LAN, then I 
> would like a back
> door that my Linux and other computer users can get into my site.
> 
> Maybe I do not know enough about filtering and maybe I can 
> create a filter
> that would enable this, but I am not sure how to make that work.
> 
> Does anyone have some thoughts on this?
> 
> I hunted around for some thoughts on this and have not found any yet.
> 
> Thank You
> Jim Tyrrell
> 
> 
 
**************************************************************************
The information transmitted herewith is sensitive information intended only
for use by the individual or entity to which it is addressed. If the reader
of this message is not the intended recipient, you are hereby notified that
any review, retransmission, dissemination, distribution, copying or other
use of, or taking of any action in reliance upon this information is
strictly prohibited. If you have received this communication in error,
please contact the sender and delete the material from your computer.

More information about the jcifs mailing list