1 21 22 package com.knowgate.jcifs.http; 23 24 import java.io.*; 25 import java.util.Enumeration ; 26 import java.net.UnknownHostException ; 27 import javax.servlet.*; 28 import javax.servlet.http.*; 29 30 import com.knowgate.jcifs.Config; 31 import com.knowgate.jcifs.UniAddress; 32 import com.knowgate.jcifs.smb.SmbSession; 33 import com.knowgate.jcifs.smb.NtlmPasswordAuthentication; 34 import com.knowgate.jcifs.smb.SmbAuthException; 35 import com.knowgate.jcifs.netbios.NbtAddress; 36 37 import com.knowgate.misc.Base64Decoder; 38 39 48 49 public class NtlmHttpFilter implements Filter { 50 51 52 protected String defaultDomain; 53 protected String domainController; 54 protected boolean loadBalance; 55 protected boolean enableBasic; 56 protected boolean insecureBasic; 57 protected String realm; 58 59 public void init( FilterConfig filterConfig ) throws ServletException { 60 String name; 61 62 64 Config.setProperty( "jcifs.smb.client.soTimeout", "300000" ); 65 Config.setProperty( "jcifs.netbios.cachePolicy", "600" ); 66 67 Enumeration e = filterConfig.getInitParameterNames(); 68 while( e.hasMoreElements() ) { 69 name = (String )e.nextElement(); 70 if( name.startsWith( "jcifs." )) { 71 Config.setProperty( name, filterConfig.getInitParameter( name )); 72 } 73 } 74 defaultDomain = Config.getProperty("jcifs.smb.client.domain"); 75 domainController = Config.getProperty( "jcifs.http.domainController" ); 76 if( domainController == null ) { 77 domainController = defaultDomain; 78 loadBalance = Config.getBoolean( "jcifs.http.loadBalance", true ); 79 } 80 enableBasic = Boolean.valueOf( 81 Config.getProperty("jcifs.http.enableBasic")).booleanValue(); 82 insecureBasic = Boolean.valueOf( 83 Config.getProperty("jcifs.http.insecureBasic")).booleanValue(); 84 realm = Config.getProperty("jcifs.http.basicRealm"); 85 if (realm == null) realm = "jCIFS"; 86 } 87 88 public void destroy() { 89 } 90 91 public void doFilter( ServletRequest request,ServletResponse response, FilterChain chain ) 92 throws IOException, ServletException { 93 94 HttpServletRequest req; 95 HttpServletResponse resp; 96 UniAddress dc; 97 String msg; 98 99 NtlmPasswordAuthentication ntlm = null; 100 req = (HttpServletRequest)request; 101 resp = (HttpServletResponse)response; 102 msg = req.getHeader( "Authorization" ); 103 boolean offerBasic = enableBasic && (insecureBasic || req.isSecure()); 104 105 if( msg != null && (msg.startsWith( "NTLM " ) || 106 (offerBasic && msg.startsWith("Basic ")))) { 107 if( loadBalance ) { 108 dc = new UniAddress( NbtAddress.getByName( domainController, 0x1C, null )); 109 } else { 110 dc = UniAddress.getByName( domainController, true ); 111 } 112 if (msg.startsWith("NTLM ")) { 113 req.getSession(); 114 byte[] challenge = SmbSession.getChallenge( dc ); 115 if(( ntlm = NtlmSsp.authenticate( req, resp, challenge )) == null ) { 116 return; 117 } 118 } else { 119 String auth = new String (Base64Decoder.decodeToBytes(msg.substring(6)), "US-ASCII"); 120 int index = auth.indexOf(':'); 121 String user = (index != -1) ? auth.substring(0, index) : auth; 122 String password = (index != -1) ? auth.substring(index + 1) : 123 ""; 124 index = user.indexOf('\\'); 125 if (index == -1) index = user.indexOf('/'); 126 String domain = (index != -1) ? user.substring(0, index) : 127 defaultDomain; 128 user = (index != -1) ? user.substring(index + 1) : user; 129 ntlm = new NtlmPasswordAuthentication(domain, user, password); 130 } 131 try { 132 133 SmbSession.logon( dc, ntlm ); 134 135 } catch( SmbAuthException sae ) { 136 if( sae.getNtStatus() == sae.NT_STATUS_ACCESS_VIOLATION ) { 137 140 HttpSession ssn = req.getSession(false); 141 if (ssn != null) { 142 ssn.removeAttribute( "NtlmHttpAuth" ); 143 } 144 resp.sendRedirect( req.getRequestURL().toString() ); 145 return; 146 } 147 resp.setHeader( "WWW-Authenticate", "NTLM" ); 148 if (offerBasic) { 149 resp.addHeader( "WWW-Authenticate", "Basic realm=\"" + 150 realm + "\""); 151 } 152 resp.setHeader( "Connection", "close" ); 153 resp.setStatus( HttpServletResponse.SC_UNAUTHORIZED ); 154 resp.flushBuffer(); 155 return; 156 } 157 req.getSession().setAttribute( "NtlmHttpAuth", ntlm ); 158 } else { 159 HttpSession ssn = req.getSession(false); 160 if (ssn == null || (ntlm = (NtlmPasswordAuthentication) 161 ssn.getAttribute("NtlmHttpAuth")) == null) { 162 resp.setHeader( "WWW-Authenticate", "NTLM" ); 163 if (offerBasic) { 164 resp.addHeader( "WWW-Authenticate", "Basic realm=\"" + 165 realm + "\""); 166 } 167 resp.setHeader( "Connection", "close" ); 168 resp.setStatus( HttpServletResponse.SC_UNAUTHORIZED ); 169 resp.flushBuffer(); 170 return; 171 } 172 } 173 174 chain.doFilter( new NtlmHttpServletRequest( req, ntlm ), response ); 175 } 176 177 public void setFilterConfig( FilterConfig f ) { 179 try { 180 init( f ); 181 } catch( Exception e ) { 182 e.printStackTrace(); 183 } 184 } 185 public FilterConfig getFilterConfig() { 186 return null; 187 } 188 } 189 190 | Popular Tags |