NtlmServlet


1   /* jcifs smb client library in Java
2    * Copyright (C) 2002  "Michael B. Allen" <jcifs at samba dot org>
3    *                   "Eric Glass" <jcifs at samba dot org>
4    *
5    * This library is free software; you can redistribute it and/or
6    * modify it under the terms of the GNU Lesser General Public
7    * License as published by the Free Software Foundation; either
8    * version 2.1 of the License, or (at your option) any later version.
9    *
10   * This library is distributed in the hope that it will be useful,
11   * but WITHOUT ANY WARRANTY; without even the implied warranty of
12   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
13   * Lesser General Public License for more details.
14   *
15   * You should have received a copy of the GNU Lesser General Public
16   * License along with this library; if not, write to the Free Software
17   * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
18   */
19  
20  package com.knowgate.jcifs.http;
21  
22  import java.io.IOException  ;
23  
24  import java.net.UnknownHostException  ;
25  
26  import java.util.Enumeration  ;
27  
28  import javax.servlet.ServletConfig  ;
29  import javax.servlet.ServletException  ;
30  import javax.servlet.UnavailableException  ;
31  
32  import javax.servlet.http.HttpSession  ;
33  import javax.servlet.http.HttpServlet  ;
34  import javax.servlet.http.HttpServletRequest  ;
35  import javax.servlet.http.HttpServletResponse  ;
36  
37  import com.knowgate.jcifs.Config;
38  import com.knowgate.jcifs.UniAddress;
39  
40  import com.knowgate.jcifs.smb.NtlmPasswordAuthentication;
41  import com.knowgate.jcifs.smb.SmbAuthException;
42  import com.knowgate.jcifs.smb.SmbSession;
43  
44  import com.knowgate.misc.Base64Decoder;
45  
46  import com.knowgate.jcifs.netbios.NbtAddress;
47  
48  /**
49   * This servlet may be used with pre-2.3 servlet containers
50   * to protect content with NTLM HTTP Authentication. Servlets that
51   * extend this abstract base class may be authenticatied against an SMB
52   * server or domain controller depending on how the
53   * <tt>jcifs.smb.client.domain</tt> or <tt>jcifs.http.domainController</tt>
54   * properties are be specified. <b>With later containers the
55   * <tt>NtlmHttpFilter</tt> should be used/b>. For custom NTLM HTTP Authentication schemes the <tt>NtlmSsp</tt> may be used.
56   * <p>
57   * Read <a HREF="../../../ntlmhttpauth.html">jCIFS NTLM HTTP Authentication and the Network Explorer Servlet</a> related information.
58   * @version 0.9.1
59   */
60  
61  public abstract class NtlmServlet extends HttpServlet   {
62  
63      private String   defaultDomain;
64  
65      private String   domainController;
66  
67      private boolean loadBalance;
68  
69      private boolean enableBasic;
70  
71      private boolean insecureBasic;
72  
73      private String   realm;
74  
75      public void init(ServletConfig   config) throws ServletException   {
76          super.init(config);
77  
78          /* Set jcifs properties we know we want; soTimeout and cachePolicy to 10min.
79           */
80          Config.setProperty( "jcifs.smb.client.soTimeout", "300000" );
81          Config.setProperty( "jcifs.netbios.cachePolicy", "600" );
82  
83          Enumeration   e = config.getInitParameterNames();
84          String   name;
85          while (e.hasMoreElements()) {
86              name = (String  ) e.nextElement();
87              if (name.startsWith("jcifs.")) {
88                  Config.setProperty(name, config.getInitParameter(name));
89              }
90          }
91          defaultDomain = Config.getProperty("jcifs.smb.client.domain");
92          domainController = Config.getProperty("jcifs.http.domainController");
93          if( domainController == null ) {
94              domainController = defaultDomain;
95              loadBalance = Config.getBoolean( "jcifs.http.loadBalance", true );
96          }
97          enableBasic = Boolean.valueOf(
98                  Config.getProperty("jcifs.http.enableBasic")).booleanValue();
99          insecureBasic = Boolean.valueOf(
100                 Config.getProperty("jcifs.http.insecureBasic")).booleanValue();
101         realm = Config.getProperty("jcifs.http.basicRealm");
102         if (realm == null) realm = "jCIFS";
103     }
104 
105     protected void service(HttpServletRequest   request,
106             HttpServletResponse   response) throws ServletException  , IOException   {
107         UniAddress dc;
108         boolean offerBasic = enableBasic &&
109                 (insecureBasic || request.isSecure());
110         String   msg = request.getHeader("Authorization");
111         if (msg != null && (msg.startsWith("NTLM ") ||
112                     (offerBasic && msg.startsWith("Basic ")))) {
113             if( loadBalance ) {
114                 dc = new UniAddress( NbtAddress.getByName( domainController, 0x1C, null ));
115             } else {
116                 dc = UniAddress.getByName( domainController, true );
117             }
118             NtlmPasswordAuthentication ntlm;
119             if (msg.startsWith("NTLM ")) {
120                 byte[] challenge = SmbSession.getChallenge(dc);
121                 ntlm = NtlmSsp.authenticate(request, response, challenge);
122                 if (ntlm == null) return;
123             } else {
124                 String   auth = new String  (Base64Decoder.decodeToBytes(msg.substring(6)), "US-ASCII");
125                 int index = auth.indexOf(':');
126                 String   user = (index != -1) ? auth.substring(0, index) : auth;
127                 String   password = (index != -1) ? auth.substring(index + 1) :
128                         "";
129                 index = user.indexOf('\\');
130                 if (index == -1) index = user.indexOf('/');
131                 String   domain = (index != -1) ? user.substring(0, index) :
132                         defaultDomain;
133                 user = (index != -1) ? user.substring(index + 1) : user;
134                 ntlm = new NtlmPasswordAuthentication(domain, user, password);
135             }
136             try {
137                 SmbSession.logon(dc, ntlm);
138             } catch (SmbAuthException sae) {
139                 response.setHeader("WWW-Authenticate", "NTLM");
140                 if (offerBasic) {
141                     response.addHeader("WWW-Authenticate", "Basic realm=\"" +
142                             realm + "\"");
143                 }
144                 response.setHeader("Connection", "close");
145                 response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
146                 response.flushBuffer();
147                 return;
148             }
149             HttpSession   ssn = request.getSession();
150             ssn.setAttribute("NtlmHttpAuth", ntlm);
151             ssn.setAttribute( "ntlmdomain", ntlm.getDomain() );
152             ssn.setAttribute( "ntlmuser", ntlm.getUsername() );
153         } else {
154             HttpSession   ssn = request.getSession(false);
155             if (ssn == null || ssn.getAttribute("NtlmHttpAuth") == null) {
156                 response.setHeader("WWW-Authenticate", "NTLM");
157                 if (offerBasic) {
158                     response.addHeader("WWW-Authenticate", "Basic realm=\"" +
159                             realm + "\"");
160                 }
161                 response.setHeader("Connection", "close");
162                 response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
163                 response.flushBuffer();
164                 return;
165             }
166         }
167         super.service(request, response);
168     }
169 }
170 
171
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags