NtlmServletpublic abstract class NtlmServlet extends HttpServlet | This servlet may be used with pre-2.3 servlet containers
to protect content with NTLM HTTP Authentication. Servlets that
extend this abstract base class may be authenticatied against an SMB
server or domain controller depending on how the
jcifs.smb.client.domain or jcifs.http.domainController
properties are be specified. With later containers the
NtlmHttpFilter should be used/b>. For custom NTLM HTTP Authentication schemes the NtlmSsp may be used.
Read jCIFS NTLM HTTP Authentication and the Network Explorer Servlet related information. |
| Fields Summary |
|---|
| private String | defaultDomain | | private String | domainController | | private boolean | loadBalance | | private boolean | enableBasic | | private boolean | insecureBasic | | private String | realm |
| Methods Summary |
|---|
| public void | init(javax.servlet.ServletConfig config)
super.init(config);
/* Set jcifs properties we know we want; soTimeout and cachePolicy to 10min.
*/
Config.setProperty( "jcifs.smb.client.soTimeout", "300000" );
Config.setProperty( "jcifs.netbios.cachePolicy", "600" );
Enumeration e = config.getInitParameterNames();
String name;
while (e.hasMoreElements()) {
name = (String) e.nextElement();
if (name.startsWith("jcifs.")) {
Config.setProperty(name, config.getInitParameter(name));
}
}
defaultDomain = Config.getProperty("jcifs.smb.client.domain");
domainController = Config.getProperty("jcifs.http.domainController");
if( domainController == null ) {
domainController = defaultDomain;
loadBalance = Config.getBoolean( "jcifs.http.loadBalance", true );
}
enableBasic = Boolean.valueOf(
Config.getProperty("jcifs.http.enableBasic")).booleanValue();
insecureBasic = Boolean.valueOf(
Config.getProperty("jcifs.http.insecureBasic")).booleanValue();
realm = Config.getProperty("jcifs.http.basicRealm");
if (realm == null) realm = "jCIFS";
| | protected void | service(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)
UniAddress dc;
boolean offerBasic = enableBasic &&
(insecureBasic || request.isSecure());
String msg = request.getHeader("Authorization");
if (msg != null && (msg.startsWith("NTLM ") ||
(offerBasic && msg.startsWith("Basic ")))) {
if( loadBalance ) {
dc = new UniAddress( NbtAddress.getByName( domainController, 0x1C, null ));
} else {
dc = UniAddress.getByName( domainController, true );
}
NtlmPasswordAuthentication ntlm;
if (msg.startsWith("NTLM ")) {
byte[] challenge = SmbSession.getChallenge(dc);
ntlm = NtlmSsp.authenticate(request, response, challenge);
if (ntlm == null) return;
} else {
String auth = new String(Base64.decode(msg.substring(6)),
"US-ASCII");
int index = auth.indexOf(':");
String user = (index != -1) ? auth.substring(0, index) : auth;
String password = (index != -1) ? auth.substring(index + 1) :
"";
index = user.indexOf('\\");
if (index == -1) index = user.indexOf('/");
String domain = (index != -1) ? user.substring(0, index) :
defaultDomain;
user = (index != -1) ? user.substring(index + 1) : user;
ntlm = new NtlmPasswordAuthentication(domain, user, password);
}
try {
SmbSession.logon(dc, ntlm);
} catch (SmbAuthException sae) {
response.setHeader("WWW-Authenticate", "NTLM");
if (offerBasic) {
response.addHeader("WWW-Authenticate", "Basic realm=\"" +
realm + "\"");
}
response.setHeader("Connection", "close");
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
response.flushBuffer();
return;
}
HttpSession ssn = request.getSession();
ssn.setAttribute("NtlmHttpAuth", ntlm);
ssn.setAttribute( "ntlmdomain", ntlm.getDomain() );
ssn.setAttribute( "ntlmuser", ntlm.getUsername() );
} else {
HttpSession ssn = request.getSession(false);
if (ssn == null || ssn.getAttribute("NtlmHttpAuth") == null) {
response.setHeader("WWW-Authenticate", "NTLM");
if (offerBasic) {
response.addHeader("WWW-Authenticate", "Basic realm=\"" +
realm + "\"");
}
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
response.flushBuffer();
return;
}
}
super.service(request, response);
|
|
