KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > com > knowgate > jcifs > http > NtlmHttpFilter


1 /* jcifs smb client library in Java
2  * Copyright (C) 2002 "Michael B. Allen" <jcifs at samba dot org>
3  * "Jason Pugsley" <jcifs at samba dot org>
4  * "skeetz" <jcifs at samba dot org>
5  * "Eric Glass" <jcifs at samba dot org>
6  *
7  * This library is free software; you can redistribute it and/or
8  * modify it under the terms of the GNU Lesser General Public
9  * License as published by the Free Software Foundation; either
10  * version 2.1 of the License, or (at your option) any later version.
11  *
12  * This library is distributed in the hope that it will be useful,
13  * but WITHOUT ANY WARRANTY; without even the implied warranty of
14  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
15  * Lesser General Public License for more details.
16  *
17  * You should have received a copy of the GNU Lesser General Public
18  * License along with this library; if not, write to the Free Software
19  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
20  */
21
22 package com.knowgate.jcifs.http;
23
24 import java.io.*;
25 import java.util.Enumeration JavaDoc;
26 import java.net.UnknownHostException JavaDoc;
27 import javax.servlet.*;
28 import javax.servlet.http.*;
29
30 import com.knowgate.jcifs.Config;
31 import com.knowgate.jcifs.UniAddress;
32 import com.knowgate.jcifs.smb.SmbSession;
33 import com.knowgate.jcifs.smb.NtlmPasswordAuthentication;
34 import com.knowgate.jcifs.smb.SmbAuthException;
35 import com.knowgate.jcifs.netbios.NbtAddress;
36
37 import com.knowgate.misc.Base64Decoder;
38
39 /**
40  * This servlet Filter can be used to negotiate password hashes with
41  * MSIE clients using NTLM SSP. This is similar to <tt>Authentication:
42  * BASIC</tt> but weakly encrypted and without requiring the user to re-supply
43  * authentication credentials.
44  * <p>
45  * Read <a HREF="../../../ntlmhttpauth.html">jCIFS NTLM HTTP Authentication and the Network Explorer Servlet</a> for complete details.
46  * @version 0.9.1
47  */
48
49 public class NtlmHttpFilter implements Filter {
50
51
52     protected String JavaDoc defaultDomain;
53     protected String JavaDoc domainController;
54     protected boolean loadBalance;
55     protected boolean enableBasic;
56     protected boolean insecureBasic;
57     protected String JavaDoc realm;
58
59     public void init( FilterConfig filterConfig ) throws ServletException {
60         String JavaDoc name;
61
62         /* Set jcifs properties we know we want; soTimeout and cachePolicy to 10min.
63          */
64         Config.setProperty( "jcifs.smb.client.soTimeout", "300000" );
65         Config.setProperty( "jcifs.netbios.cachePolicy", "600" );
66
67         Enumeration JavaDoc e = filterConfig.getInitParameterNames();
68         while( e.hasMoreElements() ) {
69             name = (String JavaDoc)e.nextElement();
70             if( name.startsWith( "jcifs." )) {
71                 Config.setProperty( name, filterConfig.getInitParameter( name ));
72             }
73         }
74         defaultDomain = Config.getProperty("jcifs.smb.client.domain");
75         domainController = Config.getProperty( "jcifs.http.domainController" );
76         if( domainController == null ) {
77             domainController = defaultDomain;
78             loadBalance = Config.getBoolean( "jcifs.http.loadBalance", true );
79         }
80         enableBasic = Boolean.valueOf(
81                 Config.getProperty("jcifs.http.enableBasic")).booleanValue();
82         insecureBasic = Boolean.valueOf(
83                 Config.getProperty("jcifs.http.insecureBasic")).booleanValue();
84         realm = Config.getProperty("jcifs.http.basicRealm");
85         if (realm == null) realm = "jCIFS";
86     }
87
88     public void destroy() {
89     }
90
91     public void doFilter( ServletRequest request,ServletResponse response, FilterChain chain )
92         throws IOException, ServletException {
93
94         HttpServletRequest req;
95         HttpServletResponse resp;
96         UniAddress dc;
97         String JavaDoc msg;
98
99         NtlmPasswordAuthentication ntlm = null;
100         req = (HttpServletRequest)request;
101         resp = (HttpServletResponse)response;
102         msg = req.getHeader( "Authorization" );
103         boolean offerBasic = enableBasic && (insecureBasic || req.isSecure());
104
105         if( msg != null && (msg.startsWith( "NTLM " ) ||
106                     (offerBasic && msg.startsWith("Basic ")))) {
107             if( loadBalance ) {
108                 dc = new UniAddress( NbtAddress.getByName( domainController, 0x1C, null ));
109             } else {
110                 dc = UniAddress.getByName( domainController, true );
111             }
112             if (msg.startsWith("NTLM ")) {
113                 req.getSession();
114                 byte[] challenge = SmbSession.getChallenge( dc );
115                 if(( ntlm = NtlmSsp.authenticate( req, resp, challenge )) == null ) {
116                     return;
117                 }
118             } else {
119                 String JavaDoc auth = new String JavaDoc(Base64Decoder.decodeToBytes(msg.substring(6)), "US-ASCII");
120                 int index = auth.indexOf(':');
121                 String JavaDoc user = (index != -1) ? auth.substring(0, index) : auth;
122                 String JavaDoc password = (index != -1) ? auth.substring(index + 1) :
123                         "";
124                 index = user.indexOf('\\');
125                 if (index == -1) index = user.indexOf('/');
126                 String JavaDoc domain = (index != -1) ? user.substring(0, index) :
127                         defaultDomain;
128                 user = (index != -1) ? user.substring(index + 1) : user;
129                 ntlm = new NtlmPasswordAuthentication(domain, user, password);
130             }
131             try {
132
133                 SmbSession.logon( dc, ntlm );
134
135             } catch( SmbAuthException sae ) {
136                 if( sae.getNtStatus() == sae.NT_STATUS_ACCESS_VIOLATION ) {
137                     /* Server challenge no longer valid for
138                      * externally supplied password hashes.
139                      */
140                     HttpSession ssn = req.getSession(false);
141                     if (ssn != null) {
142                         ssn.removeAttribute( "NtlmHttpAuth" );
143                     }
144                     resp.sendRedirect( req.getRequestURL().toString() );
145                     return;
146                 }
147                 resp.setHeader( "WWW-Authenticate", "NTLM" );
148                 if (offerBasic) {
149                     resp.addHeader( "WWW-Authenticate", "Basic realm=\"" +
150                             realm + "\"");
151                 }
152                 resp.setHeader( "Connection", "close" );
153                 resp.setStatus( HttpServletResponse.SC_UNAUTHORIZED );
154                 resp.flushBuffer();
155                 return;
156             }
157             req.getSession().setAttribute( "NtlmHttpAuth", ntlm );
158         } else {
159             HttpSession ssn = req.getSession(false);
160             if (ssn == null || (ntlm = (NtlmPasswordAuthentication)
161                     ssn.getAttribute("NtlmHttpAuth")) == null) {
162                 resp.setHeader( "WWW-Authenticate", "NTLM" );
163                 if (offerBasic) {
164                     resp.addHeader( "WWW-Authenticate", "Basic realm=\"" +
165                             realm + "\"");
166                 }
167                 resp.setHeader( "Connection", "close" );
168                 resp.setStatus( HttpServletResponse.SC_UNAUTHORIZED );
169                 resp.flushBuffer();
170                 return;
171             }
172         }
173
174         chain.doFilter( new NtlmHttpServletRequest( req, ntlm ), response );
175     }
176
177     // Added by cgross to work with weblogic 6.1.
178 public void setFilterConfig( FilterConfig f ) {
179         try {
180             init( f );
181         } catch( Exception JavaDoc e ) {
182             e.printStackTrace();
183         }
184     }
185     public FilterConfig getFilterConfig() {
186         return null;
187     }
188 }
189
190
Popular Tags