[jcifs] jcifs
rezza
rezza at websystemarchitech.com
Thu Jun 24 14:08:19 GMT 2004
Eric, very big thanks for your info,
Btw let's forget about the "Save this password in your password list"
option.
Below, I have old jsp script on the net,
actually i'm deep in webdesign and not really good in java,
if we could do: request.getHeader("Authorization");
how to set the header "Authorization" with null value? (clear the session?)
and I hope the login form will pop up suddenly??
rezza
<%
String auth = request.getHeader("Authorization");
if (auth == null)
{
response.setStatus(response.SC_UNAUTHORIZED);
response.setHeader("WWW-Authenticate", "NTLM");
response.flushBuffer();
return;
}
if (auth.startsWith("NTLM "))
{
byte[] msg = new sun.misc.BASE64Decoder().decodeBuffer
(auth.substring(5));
int off = 0, length, offset;
if (msg[8] == 1)
{ // unauthorized
byte z = 0;
byte[] msg1 = {(byte)'N', (byte)'T', (byte)'L',
(byte)'M', (byte)'S', (byte)'S', (byte)'P', z,(byte)2, z, z, z, z, z, z, z,
(byte)40, z, z, z, (byte)1, (byte)130, z, z,z, (byte)2, (byte)2, (byte)2,
z, z, z, z, z, z, z, z, z, z, z, z};
response.setHeader("WWW-Authenticate", "NTLM " +
new sun.misc.BASE64Encoder().encodeBuffer(msg1).trim());
response.sendError(response.SC_UNAUTHORIZED);
return;
}
else if (msg[8] == 3)
{
off = 30;
length = msg[off+17]*256 + msg[off+16];
offset = msg[off+19]*256 + msg[off+18];
String remoteHost = new String(msg, offset, length);
String input = remoteHost;
String output = "";
int i= 0;
while (i < (input.length()-(input.length()/2)))
{
output = output + input.charAt(i*2);
i++;
}
remoteHost = output;
length = msg[off+1]*256 + msg[off];
offset = msg[off+3]*256 + msg[off+2];
String domain = new String(msg, offset, length);
input = domain;
output = "";
i= 0;
while (i < (input.length()-(input.length()/2)))
{
output = output + input.charAt(i*2);
i++;
}
domain = output;
length = msg[off+9]*256 + msg[off+8];
offset = msg[off+11]*256 + msg[off+10];
String usernament = new String(msg, offset, length);
input = usernament;
output = "";
i= 0;
while (i < (input.length()-(input.length()/2))) {
output = output + input.charAt(i*2);
i++;
}
usernament = output;
out.print(domain+"/"+usernament);
}
}
%>
On Wed, 23 Jun 2004 11:12:03 +0000, eglass1 at comcast.net wrote :
> For information on what determines whether the user will be prompted see:
>
> http://jcifs.samba.org/src/docs/ntlmhttpauth.html#transparent
>
> You would probably be looking at this from the opposite perspective, as
you
> *want* people to be prompted for login. The easiest way would likely be
> to configure the end user's IE options, under security, "Prompt for
Username
> and Password" (default is, I believe, "Automatic Logon only in Intranet
zone").
> This would apply to all applications employing NTLM, however.
>
> You could also possibly do some funky things with DNS to do this on a
> per-application basis (to trick IE into thinking the application is
outside the
> intranet). You might be able to do this simply by accessing the site via
> IP address rather than hostname, or use the FQDN (depending on how
> your zones are set up).
>
> Another option would be to modify jCIFS to disable NTLM authentication
> altogether, then set "jcifs.http.enableBasic" to true. This will do HTTP
> Basic authentication only, which will prompt you for credentials. Note
that
> this should only be used over HTTPS, as Basic is highly insecure.
>
>
> Eric
>
>
> > Hello Guys,
> > I'm new user of JCIFS,
> > I have implement jcifs 0.9.2 for Single Sign On and it's works great !
> > By the way, I have a few questions,
> > Is there any way or any parameter setting to trigger the samba login
form
> > always pop up every time user access crucial web applications? even
user
> > have checked the "Save this password in your password list" option?
> > The purpose is to increase web applications security when any user
> > forgotten to lock/log off his computer,
> >
> > thanks,
> > K. Rezza
> >
> > rezza at websystemarchitech.com
> >
>
>
>
More information about the jcifs
mailing list