[jcifs] Getting domain info from one server to another

Diego Seoane dseoane78 at gmail.com
Thu Jun 4 20:09:54 GMT 2009


Great! Really appreciate your help.
I've tried this solution, but when i connect my servlet from a client in a
different workgroup, i am prompted to autenticate myself (using Explorer 6).
I write my credentials (one valid on the machine i am loging), but when the
app gets the info from the header, still returns empty (the UserId in your
code is blank). It works great if i connect from the same machine, but, the
same as request.GetRemoteUser will do, and that's not my point...

Any ideas of what the hell could possibly happens?

Obrigado!!! :)

PD: I'm pretending sending this to the list too, but i don't know if i'm
doing well....first time around, very sorry :(

2009/6/4 Paulo Alexandre Figueiredo Gonçalves <paulo at hdfigueira.min-saude.pt
>

>  Put this code on top of yor servlet or jsp.
> It will simulate a NTLM authentication and give you the domain, user and
> workstation of the user calling the page.
>
> Hope it works for you.
>
>     Paulo Gonçalves
>
> PS: Pay attention that this is not real authentication. If the credentials
> are prompted to the user on the client side, what he puts in the
> authentication box is what you will get on the server side.
>
>
> /***************************************************************************************/
>     response.setHeader("Cache-Control","no-cache");
>
>     byte[] CHALLENGE_MESSAGE =
>         {(byte)'N', (byte)'T', (byte)'L', (byte)'M', (byte)'S',(byte)'S',
> (byte)'P', 0,
>         2, 0, 0, 0, 0, 0, 0, 0,  // message type: 2
>         40, 0, 0, 0, 1, (byte)130, 0, 0,
>         0, 2, 2, 2, 0, 0, 0, 0, // nonce
>         0, 0, 0, 0, 0, 0, 0, 0};
>
>     try {
>         String auth = request.getHeader("Authorization");
>         if (auth == null) {
>             response.setContentLength(0);
>             response.setStatus(response.SC_UNAUTHORIZED);
>             response.setHeader("WWW-Authenticate", "NTLM");
>             return;
>         }
>
>         byte[] msg = new
> sun.misc.BASE64Decoder().decodeBuffer(auth.substring(5));
>         // Step 1: Negotiation message received
>         if (msg[8] == 1) {
>             // Send challenge message (Step 2)
>             response.setContentLength(2);
>             response.setStatus(response.SC_UNAUTHORIZED);
>             response.setHeader("WWW-Authenticate",
>                 "NTLM " + new
> sun.misc.BASE64Encoder().encodeBuffer(CHALLENGE_MESSAGE));
>             out.println(" ");
>             return;
>         }
>
>         // Step 3: Authentication message received
>         if (msg[8] == 3) {
>             int off = 30;
>             int length, offset;
>             length = (msg[off+1]<<8) + msg[off];
>             offset = (msg[off+3]<<8) + msg[off+2];
>             String domain = new String(msg, offset, length);
>             length = (msg[off+9]<<8) + msg[off+8];
>             offset = (msg[off+11]<<8) + msg[off+10];
>             String user = new String(msg, offset, length);
>             length = (msg[off+17]<<8) + msg[off+16];
>             offset = (msg[off+19]<<8) + msg[off+18];
>             String ws = new String(msg, offset, length);
>
>             StringBuffer sb = new StringBuffer();
>             for (int i = 0; i < domain.length(); i++) {
>                 char c = domain.charAt(i);
>                 if (c > ' ')
>                     sb.append(c);
>             }
>             domain = sb.toString();
>             sb = new StringBuffer();
>             for (int i = 0; i < user.length(); i++) {
>                 char c = user.charAt(i);
>                 if (c > ' ')
>                     sb.append(c);
>             }
>             user = sb.toString();
>             sb = new StringBuffer();
>             for (int i = 0; i < ws.length(); i++) {
>                 char c = ws.charAt(i);
>                 if (c > ' ')
>                     sb.append(c);
>             }
>             ws = sb.toString();
>
>    session.putValue("userId", domain+"\\"+user+": "+ws);
>   }
>
>  } catch(Exception e) {
>   session.putValue("userId", "");
>  }
>
>
> /***************************************************************************************/
>
>  ------------------------------
> *De:* jcifs-bounces+paulo=hdfigueira.min-saude.pt at lists.samba.org[jcifs-bounces+paulo=
> hdfigueira.min-saude.pt at lists.samba.org] Em Nome De Diego Seoane [
> dseoane78 at gmail.com]
> *Enviado:* quarta-feira, 3 de Junho de 2009 21:41
> *Para:* jcifs at lists.samba.org
> *Assunto:* [jcifs] Getting domain info from one server to another
>
>    Hi everybody!
> (first of all, i'd like to beg your pardon for my bad english)....sorry :S.
>
> I am using last jcifs library, after going round and round, googling for
> some solution to solve my problem.
> My actual situation is that i need, from a Java application (a servlet
> maybe), to catch the domain of the user that mades the request to my app,
> when this user comes from a domain that is different from the domain where
> my app is published.
>
> I mean, if my app is in a tomcat on a domain "A", and someone logs in my
> app coming from an account that is loged on a domain "B", i need to know
> that the domain of that user is "B". The real problem comes when the users
> can log in a Citrix shared desktop, and connect my app from that shared
> desktop (or, i don't know..let's say that is a proxy in the middle of all
> this...). Then the domain i need to catch is the domain of the Citrix
> sessión (not a big problem, i suppose, if the differents domains represents
> no problem to jcifs), or the domain that the user logged in before going
> throuhg that proxy...
>
> I've tried the aproximation with NTML like:
>
> NtlmPasswordAuthentication ntlm =
>                       (NtlmPasswordAuthentication)
>           request.getAttribute("NtlmHttpAuth");
>
>              Debug.println("Request: " +
> request.getAttribute("NtlmHttpAuth").toString(),"");
>              String domain2 = ntlm.getDomain().toString();
>
> ..but everytime i try that, ntlm is null (no values returned at all).
> ¿¿What am i doing wrong?? My web.xml is basic (really i don't care to
> autenticate on a domain, the only thing i want is to get the name of the
> domain from the caller, even if it's not in mine. Obviously, the domains had
> a trusted relation between both, and the machines are visible from one
> another). It goes like this:
>
>  <filter>
>     <filter-name>NtlmHttpFilter</filter-name>
>     <filter-class>jcifs.http.NtlmHttpFilter</filter-class>
>     <init-param>
>         <param-name>jcifs.http.domainController</param-name>
>         <param-value>192.168.202.129</param-value>
>     </init-param>
>
> </filter>
> <filter-mapping>
>     <filter-name>NtlmHttpFilter</filter-name>
>     <url-pattern>/*</url-pattern>
> </filter-mapping>
>
> Do i really to set up a Wins, a user and a password from the domain, or
> something like that only to get what i need?
>
>
>
> I've tried another aproximation with PHP, and simply getting the NTML Auth
> header of the request, and decripting it, i am finding something near the
> solution, but..i need to put this to work on java (due to requirements of
> the customer).
>
> Really sorry for the English...i hope that at least i could made myself
> understood.
>
> Really appreciate your help. Thank you very much.
>
> Regards,
>
> Diego
>
-------------- next part --------------
HTML attachment scrubbed and removed


More information about the jcifs mailing list