KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > org > alfresco > repo > webdav > auth > NTLMAuthenticationFilter


1 /*
2  * Copyright (C) 2006 Alfresco, Inc.
3  *
4  * Licensed under the Mozilla Public License version 1.1
5  * with a permitted attribution clause. You may obtain a
6  * copy of the License at
7  *
8  * http://www.alfresco.org/legal/license.txt
9  *
10  * Unless required by applicable law or agreed to in writing,
11  * software distributed under the License is distributed on an
12  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
13  * either express or implied. See the License for the specific
14  * language governing permissions and limitations under the
15  * License.
16  */

17 package org.alfresco.repo.webdav.auth;
18
19 import java.io.IOException JavaDoc;
20 import java.net.InetAddress JavaDoc;
21 import java.net.UnknownHostException JavaDoc;
22 import java.security.NoSuchAlgorithmException JavaDoc;
23 import java.util.ArrayList JavaDoc;
24 import java.util.List JavaDoc;
25 import java.util.Random JavaDoc;
26
27 import javax.servlet.Filter JavaDoc;
28 import javax.servlet.FilterChain JavaDoc;
29 import javax.servlet.FilterConfig JavaDoc;
30 import javax.servlet.ServletContext JavaDoc;
31 import javax.servlet.ServletException JavaDoc;
32 import javax.servlet.ServletRequest JavaDoc;
33 import javax.servlet.ServletResponse JavaDoc;
34 import javax.servlet.http.HttpServletRequest JavaDoc;
35 import javax.servlet.http.HttpServletResponse JavaDoc;
36 import javax.servlet.http.HttpSession JavaDoc;
37 import javax.transaction.UserTransaction JavaDoc;
38
39 import org.alfresco.filesys.server.auth.PasswordEncryptor;
40 import org.alfresco.filesys.server.auth.ntlm.NTLM;
41 import org.alfresco.filesys.server.auth.ntlm.NTLMLogonDetails;
42 import org.alfresco.filesys.server.auth.ntlm.NTLMMessage;
43 import org.alfresco.filesys.server.auth.ntlm.TargetInfo;
44 import org.alfresco.filesys.server.auth.ntlm.Type1NTLMMessage;
45 import org.alfresco.filesys.server.auth.ntlm.Type2NTLMMessage;
46 import org.alfresco.filesys.server.auth.ntlm.Type3NTLMMessage;
47 import org.alfresco.filesys.server.config.ServerConfiguration;
48 import org.alfresco.filesys.util.DataPacker;
49 import org.alfresco.model.ContentModel;
50 import org.alfresco.repo.security.authentication.AuthenticationComponent;
51 import org.alfresco.repo.security.authentication.AuthenticationException;
52 import org.alfresco.repo.security.authentication.MD4PasswordEncoder;
53 import org.alfresco.repo.security.authentication.MD4PasswordEncoderImpl;
54 import org.alfresco.repo.security.authentication.NTLMMode;
55 import org.alfresco.repo.security.authentication.ntlm.NTLMPassthruToken;
56 import org.alfresco.service.ServiceRegistry;
57 import org.alfresco.service.cmr.repository.NodeRef;
58 import org.alfresco.service.cmr.repository.NodeService;
59 import org.alfresco.service.cmr.security.AuthenticationService;
60 import org.alfresco.service.cmr.security.PersonService;
61 import org.alfresco.service.transaction.TransactionService;
62 import org.apache.commons.codec.binary.Base64;
63 import org.apache.commons.logging.Log;
64 import org.apache.commons.logging.LogFactory;
65 import org.springframework.web.context.WebApplicationContext;
66 import org.springframework.web.context.support.WebApplicationContextUtils;
67
68 /**
69  * NTLM Authentication Filter Class
70  *
71  * @author GKSpencer
72  */

73 public class NTLMAuthenticationFilter implements Filter JavaDoc
74 {
75     // NTLM authentication session object names
76

77     public static final String JavaDoc NTLM_AUTH_SESSION = "_alfNTLMAuthSess";
78     public static final String JavaDoc NTLM_AUTH_DETAILS = "_alfNTLMDetails";
79
80     // Authenticated user session object name
81

82     public final static String JavaDoc AUTHENTICATION_USER = "_alfDAVAuthTicket";
83     
84     // NTLM flags mask, used to mask out features that are not supported
85

86     private static final int NTLM_FLAGS = NTLM.Flag56Bit + NTLM.FlagLanManKey + NTLM.FlagNegotiateNTLM +
87                                           NTLM.FlagNegotiateOEM + NTLM.FlagNegotiateUnicode;
88     
89     // Debug logging
90

91     private static Log logger = LogFactory.getLog(NTLMAuthenticationFilter.class);
92     
93     // Servlet context, required to get authentication service
94

95     private ServletContext JavaDoc m_context;
96     
97     // File server configuration
98

99     private ServerConfiguration m_srvConfig;
100     
101     // Various services required by NTLM authenticator
102

103     private AuthenticationService m_authService;
104     private AuthenticationComponent m_authComponent;
105     private PersonService m_personService;
106     private NodeService m_nodeService;
107     private TransactionService m_transactionService;
108     
109     // Password encryptor
110

111     private PasswordEncryptor m_encryptor = new PasswordEncryptor();
112     
113     // Allow guest access
114

115     private boolean m_allowGuest;
116     
117     // Login page address
118

119     private String JavaDoc m_loginPage;
120
121     // Random number generator used to generate challenge keys
122

123     private Random JavaDoc m_random = new Random JavaDoc(System.currentTimeMillis());
124     
125     // MD4 hash decoder
126

127     private MD4PasswordEncoder m_md4Encoder = new MD4PasswordEncoderImpl();
128     
129     // Local server name, from either the file servers config or DNS host name
130

131     private String JavaDoc m_srvName;
132     
133     /**
134      * Initialize the filter
135      *
136      * @param args FilterConfig
137      * @exception ServletException
138      */

139     public void init(FilterConfig JavaDoc args) throws ServletException JavaDoc
140     {
141         // Save the servlet context, needed to get hold of the authentication service
142

143         m_context = args.getServletContext();
144
145         // Setup the authentication context
146

147         WebApplicationContext ctx = WebApplicationContextUtils.getRequiredWebApplicationContext(m_context);
148         
149         ServiceRegistry serviceRegistry = (ServiceRegistry) ctx.getBean(ServiceRegistry.SERVICE_REGISTRY);
150         m_nodeService = serviceRegistry.getNodeService();
151         m_transactionService = serviceRegistry.getTransactionService();
152
153         m_authService = (AuthenticationService) ctx.getBean("authenticationService");
154         m_authComponent = (AuthenticationComponent) ctx.getBean("authenticationComponent");
155         m_personService = (PersonService) ctx.getBean("personService");
156         
157         m_srvConfig = (ServerConfiguration) ctx.getBean(ServerConfiguration.SERVER_CONFIGURATION);
158         
159         // Check that the authentication component supports the required mode
160

161         if ( m_authComponent.getNTLMMode() != NTLMMode.MD4_PROVIDER &&
162                 m_authComponent.getNTLMMode() != NTLMMode.PASS_THROUGH)
163         {
164             throw new ServletException JavaDoc("Required authentication mode not available");
165         }
166         
167         // Get the local server name, try the file server config first
168

169         if ( m_srvConfig != null)
170         {
171             m_srvName = m_srvConfig.getLocalServerName( true);
172         }
173         else
174         {
175             // Get the host name
176

177             try
178             {
179                 // Get the local host name
180

181                 m_srvName = InetAddress.getLocalHost().getHostName();
182                 
183                 // Strip any domain name
184

185                 int pos = m_srvName.indexOf(".");
186                 if ( pos != -1)
187                     m_srvName = m_srvName.substring(0, pos - 1);
188             }
189             catch (UnknownHostException JavaDoc ex)
190             {
191                 // Log the error
192

193                 if ( logger.isErrorEnabled())
194                     logger.error("NTLM filter, error getting local host name", ex);
195             }
196             
197         }
198         
199         // Check if the server name is valid
200

201         if ( m_srvName == null || m_srvName.length() == 0)
202             throw new ServletException JavaDoc("Failed to get local server name");
203         
204         // Check if guest access is to be allowed
205

206         String JavaDoc guestAccess = args.getInitParameter("AllowGuest");
207         if ( guestAccess != null)
208         {
209             m_allowGuest = Boolean.parseBoolean(guestAccess);
210             
211             // Debug
212

213             if ( logger.isDebugEnabled() && m_allowGuest)
214                 logger.debug("NTLM filter guest access allowed");
215         }
216     }
217
218     /**
219      * Run the filter
220      *
221      * @param sreq ServletRequest
222      * @param sresp ServletResponse
223      * @param chain FilterChain
224      * @exception IOException
225      * @exception ServletException
226      */

227     public void doFilter(ServletRequest JavaDoc sreq, ServletResponse JavaDoc sresp, FilterChain JavaDoc chain) throws IOException JavaDoc,
228             ServletException JavaDoc
229     {
230         // Get the HTTP request/response/session
231

232         HttpServletRequest JavaDoc req = (HttpServletRequest JavaDoc) sreq;
233         HttpServletResponse JavaDoc resp = (HttpServletResponse JavaDoc) sresp;
234         
235         HttpSession JavaDoc httpSess = req.getSession(true);
236
237         // Check if there is an authorization header with an NTLM security blob
238

239         String JavaDoc authHdr = req.getHeader("Authorization");
240         boolean reqAuth = false;
241         
242         if ( authHdr != null && authHdr.startsWith("NTLM"))
243             reqAuth = true;
244         
245         // Check if the user is already authenticated
246

247         WebDAVUser user = (WebDAVUser) httpSess.getAttribute(AUTHENTICATION_USER);
248         
249         if ( user != null && reqAuth == false)
250         {
251             try
252             {
253                 // Debug
254

255                 if ( logger.isDebugEnabled())
256                     logger.debug("User " + user.getUserName() + " validate ticket");
257                 
258                 // Validate the user ticket
259

260                 m_authService.validate( user.getTicket());
261                 reqAuth = false;
262             }
263             catch (AuthenticationException ex)
264             {
265                 if ( logger.isErrorEnabled())
266                     logger.error("Failed to validate user " + user.getUserName(), ex);
267                 
268                 reqAuth = true;
269             }
270         }
271
272         // If the user has been validated and we do not require re-authentication then continue to
273
// the next filter
274

275         if ( reqAuth == false && user != null)
276         {
277             // Debug
278

279             if ( logger.isDebugEnabled())
280                 logger.debug("Authentication not required, chaining ...");
281             
282             // Chain to the next filter
283

284             chain.doFilter(sreq, sresp);
285             return;
286         }
287
288         // Check the authorization header
289

290         if ( authHdr == null) {
291
292             // Debug
293

294             if ( logger.isDebugEnabled())
295                 logger.debug("New NTLM auth request from " + req.getRemoteHost() + " (" +
296                         req.getRemoteAddr() + ":" + req.getRemotePort() + ")");
297             
298             // Send back a request for NTLM authentication
299

300             resp.setHeader("WWW-Authenticate", "NTLM");
301             resp.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
302             
303             resp.flushBuffer();
304             return;
305         }
306         else {
307             
308             // Get the existing NTLM details
309

310             NTLMLogonDetails ntlmDetails = null;
311             
312             if ( httpSess != null)
313             {
314                 ntlmDetails = (NTLMLogonDetails) httpSess.getAttribute(NTLM_AUTH_DETAILS);
315             }
316                 
317             // Decode the received NTLM blob and validate
318

319             byte[] ntlmByts = Base64.decodeBase64( authHdr.substring(5).getBytes());
320             int ntlmTyp = NTLMMessage.isNTLMType(ntlmByts);
321          
322             if ( ntlmTyp == NTLM.Type1)
323             {
324                 // Process the type 1 NTLM message
325

326                 Type1NTLMMessage type1Msg = new Type1NTLMMessage(ntlmByts);
327                 processType1(type1Msg, req, resp, httpSess);
328                 return;
329             }
330             else if ( ntlmTyp == NTLM.Type3)
331             {
332                 // Process the type 3 NTLM message
333

334                 Type3NTLMMessage type3Msg = new Type3NTLMMessage(ntlmByts);
335                 processType3(type3Msg, req, resp, httpSess, chain);
336             }
337         }
338
339         // Remove any existing session and NTLM details from the session
340

341         httpSess.removeAttribute(NTLM_AUTH_SESSION);
342         httpSess.removeAttribute(NTLM_AUTH_DETAILS);
343         
344         // Force the logon to start again
345

346         resp.setHeader("WWW-Authenticate", "NTLM");
347         resp.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
348         
349         resp.flushBuffer();
350     }
351
352     /**
353      * Determine if guest access is allowed
354      *
355      * @return boolean
356      */

357     private final boolean allowsGuest()
358     {
359         return m_allowGuest;
360     }
361
362     /**
363      * Delete the servlet filter
364      */

365     public void destroy()
366     {
367     }
368     
369     /**
370      * Process a type 1 NTLM message
371      *
372      * @param type1Msg Type1NTLMMessage
373      * @param req HttpServletRequest
374      * @param resp HttpServletResponse
375      * @param httpSess HttpSession
376      * @exception IOException
377      */

378     private void processType1(Type1NTLMMessage type1Msg, HttpServletRequest JavaDoc req, HttpServletResponse JavaDoc resp,
379             HttpSession JavaDoc httpSess) throws IOException JavaDoc
380     {
381         // Debug
382

383         if ( logger.isDebugEnabled())
384             logger.debug("Received type1 " + type1Msg);
385         
386         // Get the existing NTLM details
387

388         NTLMLogonDetails ntlmDetails = null;
389         
390         if ( httpSess != null)
391         {
392             ntlmDetails = (NTLMLogonDetails) httpSess.getAttribute(NTLM_AUTH_DETAILS);
393         }
394         
395         // Check if cached logon details are available
396

397         if ( ntlmDetails != null && ntlmDetails.hasType2Message() && ntlmDetails.hasNTLMHashedPassword() &&
398                 ntlmDetails.hasAuthenticationToken())
399         {
400             // Get the authentication server type2 response
401

402             Type2NTLMMessage cachedType2 = ntlmDetails.getType2Message();
403
404             byte[] type2Bytes = cachedType2.getBytes();
405             String JavaDoc ntlmBlob = "NTLM " + new String JavaDoc(Base64.encodeBase64(type2Bytes));
406
407             // Debug
408

409             if ( logger.isDebugEnabled())
410                 logger.debug("Sending cached NTLM type2 to client - " + cachedType2);
411             
412             // Send back a request for NTLM authentication
413

414             resp.setHeader("WWW-Authenticate", ntlmBlob);
415             resp.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
416             
417             resp.flushBuffer();
418             return;
419         }
420         else
421         {
422             // Clear any cached logon details
423

424             httpSess.removeAttribute(NTLM_AUTH_DETAILS);
425
426             // Set the 8 byte challenge for the new logon request
427

428             byte[] challenge = null;
429             NTLMPassthruToken authToken = null;
430             
431             if ( m_authComponent.getNTLMMode() == NTLMMode.MD4_PROVIDER)
432             {
433                 // Generate a random 8 byte challenge
434

435                 challenge = new byte[8];
436                 DataPacker.putIntelLong(m_random.nextLong(), challenge, 0);
437             }
438             else
439             {
440                 // Create an authentication token for the new logon
441

442                 authToken = new NTLMPassthruToken();
443                 
444                 // Run the first stage of the passthru authentication to get the challenge
445

446                 m_authComponent.authenticate( authToken);
447                 
448                 // Get the challenge from the token
449

450                 if ( authToken.getChallenge() != null)
451                     challenge = authToken.getChallenge().getBytes();
452             }
453             
454             // Get the flags from the client request and mask out unsupported features
455

456             int ntlmFlags = type1Msg.getFlags() & NTLM_FLAGS;
457             
458             // Build a type2 message to send back to the client, containing the challenge
459

460             List JavaDoc<TargetInfo> tList = new ArrayList JavaDoc<TargetInfo>();
461             tList.add(new TargetInfo(NTLM.TargetServer, m_srvName));
462             
463             Type2NTLMMessage type2Msg = new Type2NTLMMessage();
464             type2Msg.buildType2(ntlmFlags, m_srvName, challenge, null, tList);
465             
466             // Store the NTLM logon details, cache the type2 message, and token if using passthru
467

468             ntlmDetails = new NTLMLogonDetails();
469             ntlmDetails.setType2Message( type2Msg);
470             ntlmDetails.setAuthenticationToken(authToken);
471             
472             httpSess.setAttribute(NTLM_AUTH_DETAILS, ntlmDetails);
473             
474             // Debug
475

476             if ( logger.isDebugEnabled())
477                 logger.debug("Sending NTLM type2 to client - " + type2Msg);
478             
479             // Send back a request for NTLM authentication
480

481             byte[] type2Bytes = type2Msg.getBytes();
482             String JavaDoc ntlmBlob = "NTLM " + new String JavaDoc(Base64.encodeBase64(type2Bytes));
483
484             resp.setHeader("WWW-Authenticate", ntlmBlob);
485             resp.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
486             
487             resp.flushBuffer();
488             return;
489         }
490     }
491     
492     /**
493      * Process a type 3 NTLM message
494      *
495      * @param type3Msg Type3NTLMMessage
496      * @param req HttpServletRequest
497      * @param resp HttpServletResponse
498      * @param httpSess HttpSession
499      * @param chain FilterChain
500      * @exception IOException
501      * @exception ServletException
502      */

503     private void processType3(Type3NTLMMessage type3Msg, HttpServletRequest JavaDoc req, HttpServletResponse JavaDoc resp,
504             HttpSession JavaDoc httpSess, FilterChain JavaDoc chain) throws IOException JavaDoc, ServletException JavaDoc
505     {
506         // Debug
507

508         if ( logger.isDebugEnabled())
509             logger.debug("Received type3 " + type3Msg);
510         
511         // Get the existing NTLM details
512

513         NTLMLogonDetails ntlmDetails = null;
514         WebDAVUser user = null;
515         
516         if ( httpSess != null)
517         {
518             ntlmDetails = (NTLMLogonDetails) httpSess.getAttribute(NTLM_AUTH_DETAILS);
519             user = (WebDAVUser) httpSess.getAttribute(AUTHENTICATION_USER);
520         }
521         
522         // Get the NTLM logon details
523

524         String JavaDoc userName = type3Msg.getUserName();
525         String JavaDoc workstation = type3Msg.getWorkstation();
526         String JavaDoc domain = type3Msg.getDomain();
527         
528         boolean authenticated = false;
529         boolean useNTLM = true;
530         
531         // Check if we are using cached details for the authentication
532

533         if ( user != null && ntlmDetails != null && ntlmDetails.hasNTLMHashedPassword())
534         {
535             // Check if the received NTLM hashed password matches the cached password
536

537             byte[] ntlmPwd = type3Msg.getNTLMHash();
538             byte[] cachedPwd = ntlmDetails.getNTLMHashedPassword();
539             
540             if ( ntlmPwd != null)
541             {
542                 if ( ntlmPwd.length == cachedPwd.length)
543                 {
544                     authenticated = true;
545                     for ( int i = 0; i < ntlmPwd.length; i++)
546                     {
547                         if ( ntlmPwd[i] != cachedPwd[i])
548                             authenticated = false;
549                     }
550                 }
551             }
552             
553             // Debug
554

555             if ( logger.isDebugEnabled())
556                 logger.debug("Using cached NTLM hash, authenticated = " + authenticated);
557             
558             try
559             {
560                 // Debug
561

562                 if ( logger.isDebugEnabled())
563                     logger.debug("User " + user.getUserName() + " validate ticket");
564                 
565                 // Validate the user ticket
566

567                 m_authService.validate( user.getTicket());
568             }
569             catch (AuthenticationException ex)
570             {
571                 if ( logger.isErrorEnabled())
572                     logger.error("Failed to validate user " + user.getUserName(), ex);
573                 
574                 // Restart the authentication
575

576                 httpSess.removeAttribute(NTLM_AUTH_SESSION);
577                 httpSess.removeAttribute(NTLM_AUTH_DETAILS);
578                 
579                 // Force the logon to start again
580

581                 resp.setHeader("WWW-Authenticate", "NTLM");
582                 resp.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
583                 
584                 resp.flushBuffer();
585                 return;
586             }
587             
588             // Allow the user to access the requested page
589

590             chain.doFilter( req, resp);
591             return;
592         }
593         else
594         {
595             // Cehck if we are using local MD4 password hashes or passthru authentication
596

597             if ( m_authComponent.getNTLMMode() == NTLMMode.MD4_PROVIDER)
598             {
599                 // Get the stored MD4 hashed password for the user, or null if the user does not exist
600

601                 String JavaDoc md4hash = m_authComponent.getMD4HashedPassword(userName);
602                 
603                 if ( md4hash != null)
604                 {
605                     // Generate the local encrypted password using the challenge that was sent to the client
606

607                     byte[] p21 = new byte[21];
608                     byte[] md4byts = m_md4Encoder.decodeHash(md4hash);
609                     System.arraycopy(md4byts, 0, p21, 0, 16);
610                     
611                     // Generate the local hash of the password using the same challenge
612

613                     byte[] localHash = null;
614                     
615                     try
616                     {
617                         localHash = m_encryptor.doNTLM1Encryption(p21, ntlmDetails.getChallengeKey());
618                     }
619                     catch (NoSuchAlgorithmException JavaDoc ex)
620                     {
621                     }
622                     
623                     // Validate the password
624

625                     byte[] clientHash = type3Msg.getNTLMHash();
626
627                     if ( clientHash != null && localHash != null && clientHash.length == localHash.length)
628                     {
629                         int i = 0;
630
631                         while ( i < clientHash.length && clientHash[i] == localHash[i])
632                             i++;
633                         
634                         if ( i == clientHash.length)
635                             authenticated = true;
636                     }
637                 }
638                 else
639                 {
640                     // Debug
641

642                     if ( logger.isDebugEnabled())
643                         logger.debug("User " + userName + " does not have Alfresco account");
644                     
645                     // Bypass NTLM authentication and display the logon screen, user account does not
646
// exist in Alfresco
647

648                     authenticated = false;
649                 }
650             }
651             else
652             {
653                 // Passthru mode, send the hashed password details to the passthru authentication server
654

655                 NTLMPassthruToken authToken = (NTLMPassthruToken) ntlmDetails.getAuthenticationToken();
656                 authToken.setUserAndPassword( type3Msg.getUserName(), type3Msg.getNTLMHash(), PasswordEncryptor.NTLM1);
657                 
658                 try
659                 {
660                     // Run the second stage of the passthru authentication
661

662                     m_authComponent.authenticate(authToken);
663                     authenticated = true;
664                 }
665                 catch (AuthenticationException ex)
666                 {
667                     // Debug
668

669                     if ( logger.isDebugEnabled())
670                         logger.debug("Authentication failed, " + ex.getMessage());
671                 }
672                 finally
673                 {
674                     // Clear the authentication token from the NTLM details
675

676                     ntlmDetails.setAuthenticationToken(null);
677                 }
678             }
679             
680             // Check if the user has been authenticated, if so then setup the user environment
681

682             if ( authenticated == true)
683             {
684                 UserTransaction JavaDoc tx = m_transactionService.getUserTransaction();
685                 
686                 try
687                 {
688                     tx.begin();
689
690                     // Get user details for the authenticated user
691
m_authComponent.setCurrentUser(userName.toLowerCase());
692                     
693                     // The user name used may be a different case to the NTLM supplied user name, read the current
694
// user and use that name
695
userName = m_authComponent.getCurrentUserName();
696                     
697                     // Setup User object and Home space ID etc.
698
NodeRef personNodeRef = m_personService.getPerson(userName);
699                     String JavaDoc currentTicket = m_authService.getCurrentTicket();
700                     user = new WebDAVUser(userName, currentTicket, personNodeRef);
701                     
702                     NodeRef homeSpaceRef = (NodeRef) m_nodeService.getProperty(personNodeRef, ContentModel.PROP_HOMEFOLDER);
703                     user.setHomeNode(homeSpaceRef);
704                     
705                     // commit
706
tx.commit();
707                 }
708                 catch (Throwable JavaDoc ex)
709                 {
710                     try
711                     {
712                         tx.rollback();
713                     }
714                     catch (Exception JavaDoc ex2)
715                     {
716                         logger.error("Failed to rollback transaction", ex2);
717                     }
718                     if(ex instanceof RuntimeException JavaDoc)
719                     {
720                         throw (RuntimeException JavaDoc)ex;
721                     }
722                     else if(ex instanceof IOException JavaDoc)
723                     {
724                         throw (IOException JavaDoc)ex;
725                     }
726                     else if(ex instanceof ServletException JavaDoc)
727                     {
728                         throw (ServletException JavaDoc)ex;
729                     }
730                     else
731                     {
732                         throw new RuntimeException JavaDoc("Authentication setup failed", ex);
733                     }
734                 }
735                 
736                 // Store the user
737

738                 httpSess.setAttribute(AUTHENTICATION_USER, user);
739
740                 // Update the NTLM logon details in the session
741

742                 if ( ntlmDetails == null)
743                 {
744                     // No cached NTLM details
745

746                     ntlmDetails = new NTLMLogonDetails( userName, workstation, domain, false, m_srvName);
747                     
748                     httpSess.setAttribute(NTLM_AUTH_DETAILS, ntlmDetails);
749                     
750                     // Debug
751

752                     if ( logger.isDebugEnabled())
753                         logger.debug("No cached NTLM details, created");
754                     
755                 }
756                 else
757                 {
758                     // Update the cached NTLM details
759

760                     ntlmDetails.setDetails(userName, workstation, domain, false, m_srvName);
761                     ntlmDetails.setNTLMHashedPassword(type3Msg.getNTLMHash());
762
763                     // Debug
764

765                     if ( logger.isDebugEnabled())
766                         logger.debug("Updated cached NTLM details");
767                 }
768                 
769                 // Debug
770

771                 if ( logger.isDebugEnabled())
772                     logger.debug("User logged on via NTLM, " + ntlmDetails);
773
774                 // Allow the user to access the requested page
775

776                 chain.doFilter( req, resp);
777                 return;
778             }
779             else
780             {
781                 // Remove any existing session and NTLM details from the session
782

783                 httpSess.removeAttribute(NTLM_AUTH_SESSION);
784                 httpSess.removeAttribute(NTLM_AUTH_DETAILS);
785                 
786                 // Force the logon to start again
787

788                 resp.setHeader("WWW-Authenticate", "NTLM");
789                 resp.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
790                 
791                 resp.flushBuffer();
792                 return;
793             }
794         }
795     }
796 }
797
Popular Tags