[jcifs] Getting domain info from one server to another
Diego Seoane
dseoane78 at gmail.com
Thu Jun 4 20:09:54 GMT 2009
Great! Really appreciate your help.
I've tried this solution, but when i connect my servlet from a client in a
different workgroup, i am prompted to autenticate myself (using Explorer 6).
I write my credentials (one valid on the machine i am loging), but when the
app gets the info from the header, still returns empty (the UserId in your
code is blank). It works great if i connect from the same machine, but, the
same as request.GetRemoteUser will do, and that's not my point...
Any ideas of what the hell could possibly happens?
Obrigado!!! :)
PD: I'm pretending sending this to the list too, but i don't know if i'm
doing well....first time around, very sorry :(
2009/6/4 Paulo Alexandre Figueiredo Gonçalves <paulo at hdfigueira.min-saude.pt
>
> Put this code on top of yor servlet or jsp.
> It will simulate a NTLM authentication and give you the domain, user and
> workstation of the user calling the page.
>
> Hope it works for you.
>
> Paulo Gonçalves
>
> PS: Pay attention that this is not real authentication. If the credentials
> are prompted to the user on the client side, what he puts in the
> authentication box is what you will get on the server side.
>
>
> /***************************************************************************************/
> response.setHeader("Cache-Control","no-cache");
>
> byte[] CHALLENGE_MESSAGE =
> {(byte)'N', (byte)'T', (byte)'L', (byte)'M', (byte)'S',(byte)'S',
> (byte)'P', 0,
> 2, 0, 0, 0, 0, 0, 0, 0, // message type: 2
> 40, 0, 0, 0, 1, (byte)130, 0, 0,
> 0, 2, 2, 2, 0, 0, 0, 0, // nonce
> 0, 0, 0, 0, 0, 0, 0, 0};
>
> try {
> String auth = request.getHeader("Authorization");
> if (auth == null) {
> response.setContentLength(0);
> response.setStatus(response.SC_UNAUTHORIZED);
> response.setHeader("WWW-Authenticate", "NTLM");
> return;
> }
>
> byte[] msg = new
> sun.misc.BASE64Decoder().decodeBuffer(auth.substring(5));
> // Step 1: Negotiation message received
> if (msg[8] == 1) {
> // Send challenge message (Step 2)
> response.setContentLength(2);
> response.setStatus(response.SC_UNAUTHORIZED);
> response.setHeader("WWW-Authenticate",
> "NTLM " + new
> sun.misc.BASE64Encoder().encodeBuffer(CHALLENGE_MESSAGE));
> out.println(" ");
> return;
> }
>
> // Step 3: Authentication message received
> if (msg[8] == 3) {
> int off = 30;
> int length, offset;
> length = (msg[off+1]<<8) + msg[off];
> offset = (msg[off+3]<<8) + msg[off+2];
> String domain = new String(msg, offset, length);
> length = (msg[off+9]<<8) + msg[off+8];
> offset = (msg[off+11]<<8) + msg[off+10];
> String user = new String(msg, offset, length);
> length = (msg[off+17]<<8) + msg[off+16];
> offset = (msg[off+19]<<8) + msg[off+18];
> String ws = new String(msg, offset, length);
>
> StringBuffer sb = new StringBuffer();
> for (int i = 0; i < domain.length(); i++) {
> char c = domain.charAt(i);
> if (c > ' ')
> sb.append(c);
> }
> domain = sb.toString();
> sb = new StringBuffer();
> for (int i = 0; i < user.length(); i++) {
> char c = user.charAt(i);
> if (c > ' ')
> sb.append(c);
> }
> user = sb.toString();
> sb = new StringBuffer();
> for (int i = 0; i < ws.length(); i++) {
> char c = ws.charAt(i);
> if (c > ' ')
> sb.append(c);
> }
> ws = sb.toString();
>
> session.putValue("userId", domain+"\\"+user+": "+ws);
> }
>
> } catch(Exception e) {
> session.putValue("userId", "");
> }
>
>
> /***************************************************************************************/
>
> ------------------------------
> *De:* jcifs-bounces+paulo=hdfigueira.min-saude.pt at lists.samba.org[jcifs-bounces+paulo=
> hdfigueira.min-saude.pt at lists.samba.org] Em Nome De Diego Seoane [
> dseoane78 at gmail.com]
> *Enviado:* quarta-feira, 3 de Junho de 2009 21:41
> *Para:* jcifs at lists.samba.org
> *Assunto:* [jcifs] Getting domain info from one server to another
>
> Hi everybody!
> (first of all, i'd like to beg your pardon for my bad english)....sorry :S.
>
> I am using last jcifs library, after going round and round, googling for
> some solution to solve my problem.
> My actual situation is that i need, from a Java application (a servlet
> maybe), to catch the domain of the user that mades the request to my app,
> when this user comes from a domain that is different from the domain where
> my app is published.
>
> I mean, if my app is in a tomcat on a domain "A", and someone logs in my
> app coming from an account that is loged on a domain "B", i need to know
> that the domain of that user is "B". The real problem comes when the users
> can log in a Citrix shared desktop, and connect my app from that shared
> desktop (or, i don't know..let's say that is a proxy in the middle of all
> this...). Then the domain i need to catch is the domain of the Citrix
> sessión (not a big problem, i suppose, if the differents domains represents
> no problem to jcifs), or the domain that the user logged in before going
> throuhg that proxy...
>
> I've tried the aproximation with NTML like:
>
> NtlmPasswordAuthentication ntlm =
> (NtlmPasswordAuthentication)
> request.getAttribute("NtlmHttpAuth");
>
> Debug.println("Request: " +
> request.getAttribute("NtlmHttpAuth").toString(),"");
> String domain2 = ntlm.getDomain().toString();
>
> ..but everytime i try that, ntlm is null (no values returned at all).
> ¿¿What am i doing wrong?? My web.xml is basic (really i don't care to
> autenticate on a domain, the only thing i want is to get the name of the
> domain from the caller, even if it's not in mine. Obviously, the domains had
> a trusted relation between both, and the machines are visible from one
> another). It goes like this:
>
> <filter>
> <filter-name>NtlmHttpFilter</filter-name>
> <filter-class>jcifs.http.NtlmHttpFilter</filter-class>
> <init-param>
> <param-name>jcifs.http.domainController</param-name>
> <param-value>192.168.202.129</param-value>
> </init-param>
>
> </filter>
> <filter-mapping>
> <filter-name>NtlmHttpFilter</filter-name>
> <url-pattern>/*</url-pattern>
> </filter-mapping>
>
> Do i really to set up a Wins, a user and a password from the domain, or
> something like that only to get what i need?
>
>
>
> I've tried another aproximation with PHP, and simply getting the NTML Auth
> header of the request, and decripting it, i am finding something near the
> solution, but..i need to put this to work on java (due to requirements of
> the customer).
>
> Really sorry for the English...i hope that at least i could made myself
> understood.
>
> Really appreciate your help. Thank you very much.
>
> Regards,
>
> Diego
>
-------------- next part --------------
HTML attachment scrubbed and removed
More information about the jcifs
mailing list