NtlmSsp


1   /* jcifs smb client library in Java
2    * Copyright (C) 2002  "Michael B. Allen" <jcifs at samba dot org>
3    *                   "Eric Glass" <jcifs at samba dot org>
4    *                   "Jason Pugsley" <jcifs at samba dot org>
5    *                   "skeetz" <jcifs at samba dot org>
6    *
7    * This library is free software; you can redistribute it and/or
8    * modify it under the terms of the GNU Lesser General Public
9    * License as published by the Free Software Foundation; either
10   * version 2.1 of the License, or (at your option) any later version.
11   *
12   * This library is distributed in the hope that it will be useful,
13   * but WITHOUT ANY WARRANTY; without even the implied warranty of
14   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
15   * Lesser General Public License for more details.
16   *
17   * You should have received a copy of the GNU Lesser General Public
18   * License along with this library; if not, write to the Free Software
19   * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
20   */
21  
22  package com.knowgate.jcifs.http;
23  
24  import java.io.IOException  ;
25  
26  import javax.servlet.ServletException  ;
27  
28  import javax.servlet.http.HttpServletRequest  ;
29  import javax.servlet.http.HttpServletResponse  ;
30  
31  import com.knowgate.jcifs.smb.NtlmPasswordAuthentication;
32  
33  import com.knowgate.misc.Base64Decoder;
34  import com.knowgate.misc.Base64Encoder;
35  
36  import com.knowgate.jcifs.ntlmssp.NtlmFlags;
37  import com.knowgate.jcifs.ntlmssp.Type1Message;
38  import com.knowgate.jcifs.ntlmssp.Type2Message;
39  import com.knowgate.jcifs.ntlmssp.Type3Message;
40  
41  /**
42   * This class is used internally by <tt>NtlmHttpFilter</tt>,
43   * <tt>NtlmServlet</tt>, and <tt>NetworkExplorer</tt> to negiotiate password
44   * hashes via NTLM SSP with MSIE. It might also be used directly by servlet
45   * containers to incorporate similar functionality.
46   * <p>
47   * How NTLMSSP is used in conjunction with HTTP and MSIE clients is
48   * described in an <A HREF="http://www.innovation.ch/java/ntlm.html">NTLM
49   * Authentication Scheme for HTTP</A>.  <p> Also, read <a
50   * HREF="../../../ntlmhttpauth.html">jCIFS NTLM HTTP Authentication and
51   * the Network Explorer Servlet</a> related information.
52   * @version 0.9.1
53   */
54  
55  public class NtlmSsp implements NtlmFlags {
56  
57      /**
58       * Calls the static {@link #authenticate(HttpServletRequest,
59       * HttpServletResponse, byte[])} method to perform NTLM authentication
60       * for the specified servlet request.
61       *
62       * @param req The request being serviced.
63       * @param resp The response.
64       * @param challenge The domain controller challenge.
65       * @throws IOException If an IO error occurs.
66       * @throws ServletException If an error occurs.
67       */
68      public NtlmPasswordAuthentication doAuthentication(
69              HttpServletRequest   req, HttpServletResponse   resp, byte[] challenge)
70                      throws IOException  , ServletException   {
71          return authenticate(req, resp, challenge);
72      }
73  
74      /**
75       * Performs NTLM authentication for the servlet request.
76       *
77       * @param req The request being serviced.
78       * @param resp The response.
79       * @param challenge The domain controller challenge.
80       * @throws IOException If an IO error occurs.
81       * @throws ServletException If an error occurs.
82       */
83      public static NtlmPasswordAuthentication authenticate(
84              HttpServletRequest   req, HttpServletResponse   resp, byte[] challenge)
85                      throws IOException  , ServletException   {
86          String   msg = req.getHeader("Authorization");
87          if (msg != null && msg.startsWith("NTLM ")) {
88              byte[] src = Base64Decoder.decodeToBytes(msg.substring(5));
89              if (src[8] == 1) {
90                  Type1Message type1 = new Type1Message(src);
91                  Type2Message type2 = new Type2Message(type1, challenge, null);
92                  msg = Base64Encoder.encode(type2.toByteArray());
93                  resp.setHeader( "WWW-Authenticate", "NTLM " + msg );
94              } else if (src[8] == 3) {
95                  Type3Message type3 = new Type3Message(src);
96                  byte[] lmResponse = type3.getLMResponse();
97                  if (lmResponse == null) lmResponse = new byte[0];
98                  byte[] ntResponse = type3.getNTResponse();
99                  if (ntResponse == null) ntResponse = new byte[0];
100                 return new NtlmPasswordAuthentication(type3.getDomain(),
101                         type3.getUser(), challenge, lmResponse, ntResponse);
102             }
103         } else {
104             resp.setHeader("WWW-Authenticate", "NTLM");
105             resp.setHeader("Connection", "close");
106         }
107         resp.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
108         resp.setContentLength( 0 );
109         resp.flushBuffer();
110         return null;
111     }
112 
113 }
114 
115
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags