[jcifs] jcifs
rezza
rezza at websystemarchitech.com
Fri Jun 25 09:54:33 GMT 2004
Thanks Eric,
I have tried this code using jcifs 0.9.2 NTLM Filter by :
copying jcifs 0.9.2 jar file into web-inf/lib and insert the filter code
into web.xml and execute this :
<%
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
response.setHeader("WWW-Authenticate", "NTLM");
out.print("done");
%>
The browser give me a domain/username/password prompt but it always appear
again although my password is correct, I have to entry in the third prompt
and it will be authenticated. How to capture that the password have been
authenticated in the first prompt?
-rezza-
On Thu, 24 Jun 2004 20:43:25 -0400, Eric <eglass1 at comcast.net> wrote :
> If you send a page status of 401 and request authentication, the browser
> should pop up a window (since it will assume the previously established
> credentials are no longer valid). You would do this in a JSP/servlet
> etc. like:
>
> response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
> response.setHeader("WWW-Authenticate", "NTLM");
>
> Assuming you're using the NTLM filter, you can just stick this at the
> top of the response (in a JSP page, between "<%" "%>" tags). The
> browser should give you a domain/username/password prompt.
>
> The JSP snippet below is unnecessary; it basically does what the jCIFS
> filter does for you, with the rather notable exception being it doesn't
> actually authenticate the credentials provided. The user can send any
> username/password pair and the code below will simply extract the
> username and accept it as valid. The jCIFS filter authenticates against
> a domain controller by making an SMB connection using the credentials
> provided, which means the end user is actually who they say they are.
>
>
> Eric
>
>
> rezza wrote:
> > Eric, very big thanks for your info,
> >
> > Btw let's forget about the "Save this password in your password list"
> > option.
> >
> > Below, I have old jsp script on the net,
> > actually i'm deep in webdesign and not really good in java,
> > if we could do: request.getHeader("Authorization");
> > how to set the header "Authorization" with null value? (clear the
session?)
> > and I hope the login form will pop up suddenly??
> >
> > rezza
> >
> >
> > <%
> >
> > String auth = request.getHeader("Authorization");
> >
> > if (auth == null)
> > {
> > response.setStatus(response.SC_UNAUTHORIZED);
> > response.setHeader("WWW-Authenticate", "NTLM");
> > response.flushBuffer();
> > return;
> > }
> > if (auth.startsWith("NTLM "))
> > {
> > byte[] msg = new sun.misc.BASE64Decoder().decodeBuffer
> > (auth.substring(5));
> > int off = 0, length, offset;
> > if (msg[8] == 1)
> > { // unauthorized
> > byte z = 0;
> > byte[] msg1 = {(byte)'N', (byte)'T', (byte)'L',
> > (byte)'M', (byte)'S', (byte)'S', (byte)'P', z,(byte)2, z, z, z, z, z,
z, z,
> > (byte)40, z, z, z, (byte)1, (byte)130, z, z,z, (byte)2, (byte)2, (byte)
2,
> > z, z, z, z, z, z, z, z, z, z, z, z};
> > response.setHeader("WWW-Authenticate", "NTLM " +
> > new sun.misc.BASE64Encoder().encodeBuffer(msg1).trim());
> > response.sendError(response.SC_UNAUTHORIZED);
> > return;
> > }
> > else if (msg[8] == 3)
> > {
> >
> > off = 30;
> > length = msg[off+17]*256 + msg[off+16];
> > offset = msg[off+19]*256 + msg[off+18];
> > String remoteHost = new String(msg, offset, length);
> > String input = remoteHost;
> > String output = "";
> > int i= 0;
> > while (i < (input.length()-(input.length()/2)))
> > {
> > output = output + input.charAt(i*2);
> > i++;
> > }
> > remoteHost = output;
> >
> > length = msg[off+1]*256 + msg[off];
> > offset = msg[off+3]*256 + msg[off+2];
> > String domain = new String(msg, offset, length);
> >
> > input = domain;
> > output = "";
> > i= 0;
> > while (i < (input.length()-(input.length()/2)))
> > {
> > output = output + input.charAt(i*2);
> > i++;
> > }
> > domain = output;
> >
> >
> > length = msg[off+9]*256 + msg[off+8];
> > offset = msg[off+11]*256 + msg[off+10];
> > String usernament = new String(msg, offset, length);
> > input = usernament;
> > output = "";
> > i= 0;
> > while (i < (input.length()-(input.length()/2))) {
> > output = output + input.charAt(i*2);
> > i++;
> > }
> > usernament = output;
> > out.print(domain+"/"+usernament);
> >
> > }
> > }
> >
> >
> > %>
> >
> > On Wed, 23 Jun 2004 11:12:03 +0000, eglass1 at comcast.net wrote :
> >
> >
> >>For information on what determines whether the user will be prompted
see:
> >>
> >>http://jcifs.samba.org/src/docs/ntlmhttpauth.html#transparent
> >>
> >>You would probably be looking at this from the opposite perspective, as
> >
> > you
> >
> >>*want* people to be prompted for login. The easiest way would likely be
> >>to configure the end user's IE options, under security, "Prompt for
> >
> > Username
> >
> >>and Password" (default is, I believe, "Automatic Logon only in Intranet
> >
> > zone").
> >
> >>This would apply to all applications employing NTLM, however.
> >>
> >>You could also possibly do some funky things with DNS to do this on a
> >>per-application basis (to trick IE into thinking the application is
> >
> > outside the
> >
> >>intranet). You might be able to do this simply by accessing the site
via
> >>IP address rather than hostname, or use the FQDN (depending on how
> >>your zones are set up).
> >>
> >>Another option would be to modify jCIFS to disable NTLM authentication
> >>altogether, then set "jcifs.http.enableBasic" to true. This will do
HTTP
> >>Basic authentication only, which will prompt you for credentials. Note
> >
> > that
> >
> >>this should only be used over HTTPS, as Basic is highly insecure.
> >>
> >>
> >>Eric
> >>
> >>
> >>
> >>>Hello Guys,
> >>>I'm new user of JCIFS,
> >>>I have implement jcifs 0.9.2 for Single Sign On and it's works great !
> >>>By the way, I have a few questions,
> >>>Is there any way or any parameter setting to trigger the samba login
> >
> > form
> >
> >>>always pop up every time user access crucial web applications? even
> >
> > user
> >
> >>>have checked the "Save this password in your password list" option?
> >>>The purpose is to increase web applications security when any user
> >>>forgotten to lock/log off his computer,
> >>>
> >>>thanks,
> >>>K. Rezza
> >>>
> >>>rezza at websystemarchitech.com
> >>>
> >>
> >>
> >>
> >
>
>
>
>
>
More information about the jcifs
mailing list