[jcifs] RE: jCIFS authentication stuff
eglass1 at attbi.com
eglass1 at attbi.com
Thu May 15 23:32:13 EST 2003
> I would certainly like to see jCIFS talking SPNEGO, NTLMSSP, Kerberos, and so
on
> in both the core and via the HTTP authentication filter/servlet. The
> TokenFactory abstraction in your code confusing
> though. It not clear to me that it will be what jCIFS needs when/if these
> mechanisms are integrated into the core. I'd really need a KDC or Win2K
server
> to explore this further though.
>
> Mike
>
This was actually an amalgam of a lot of stuff I was working on.
The main idea behind the tokens was to represent the Type 1, etc. messages as
objects rather than manually parsing and formatting the byte arrays;
this is extremely useful when developing clients, because manually creating
and preparing a Type 3 message in particular is very complicated and
error-prone. It also streamlines the creation of server-side support for
NTLM over protocols other than HTTP. Rather than having to duplicate large
chunks of NtlmSsp.java for each protocol, the NTLMSSP-specific stuff is broken
out and encapsulated.
The TokenFactory stuff came about while I was attempting to get
SPNEGO/Kerberos working; it was an attempt to automate the process of
recognizing and parsing an arbitrary message into a token object. This
isn't really necessary, especially if you're only dealing with NTLMSSP
messages, and I agree it is a bit confusing.
Attached is a quick refactoring of the NTLMSSP-specific stuff; this
would allow you to do stuff like (using the server side as an example):
// type1Bytes is the type 1 message from the client
byte[] type1Bytes;
Type1Message type1 = new Type1Message(type1Bytes);
byte[] challenge = SmbSession.getChallenge(dc);
Type2Message type2 = new Type2Message(type1, challenge, null);
// send the type2 bytes
output.write(type2.toByteArray());
// type3Bytes is the type 3 message from the client
byte[] type3Bytes;
Type3Message type3 = new Type3Message(type3Bytes);
NtlmPasswordAuthentication ntlm =
new NtlmPasswordAuthentication(type3.getDomain(), type3.getUser(),
type3.getLMResponse(), type3.getNTResponse());
SmbSession.logon(dc, ntlm);
This is really more useful for clients, since currently jCIFS doesn't provide
an easy way to build Type 1 and Type 3 messages. Client packages such as the
Jakarta Commons' HttpClient could use this to do NTLM authentication, rather
than rolling their own.
I put these in the jcifs.smb package, so they should work out-of-the-box now.
Eric
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/octet-stream
Size: 8074 bytes
Desc: not available
Url : http://lists.samba.org/archive/jcifs/attachments/20030515/f89bcaf3/attachment.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/octet-stream
Size: 7998 bytes
Desc: not available
Url : http://lists.samba.org/archive/jcifs/attachments/20030515/f89bcaf3/attachment-0001.obj
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/octet-stream
Size: 13474 bytes
Desc: not available
Url : http://lists.samba.org/archive/jcifs/attachments/20030515/f89bcaf3/attachment-0002.obj
More information about the jcifs
mailing list