tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jason Bainbridge <ja...@jblinux.org>
Subject Re: Request parameters are all 'null' after using NTLM login-code
Date Thu, 05 Jun 2003 14:27:49 GMT
NTLM is a bit of a nightmare to create custom code for, I recommend you either 
plug Tomcat into IIS and use IIS's authentication and then use 
request.getRemoteUser() to get the details or my preferred method is to use 
the filter available with JCIFS (http://jcifs.samba.org), just change a few 
things in your web.xml file, drop in the .jar file and everything will start 
working automagically.

Regards,
-- 
Jason Bainbridge
http://jblinux.org

On Thu, 5 Jun 2003 22:22, Friso Geerlings wrote:
> Hello,
>
> I've been working on an Intranet site in JSP, and one of the requirements
> was an NTLM-login based authorisation. NTLM is a closed Microsoft protocol
> that sends the username and domain from Internet Explorer tot a Microsoft
> webserver. We've been able to implement this in JSP using information about
> the protocol found on the Internet. The NTLM-authentication works fine,
> however, there is a very strange side-effect: after the NTLM-login sequence
> has completed, Tomcat seems to be unable to work with request-parameters
> anymore. All request-parameters, for example sent using forms or encoded in
> the URL using '?' end up being 'null' when I try to get them using
> request.getParameter. Even when I forward to another page and then again
> another (or redi-- 
Jason Bainbridge
http://jblinux.orgrect), still, those pages cannot read any
> request-parameters anymore. Very strange...
>
> The NTLM-code we use is included below. Maybe any of you can spot an error
> in it that causes this effect, or knows more about his mistake/bug?
>
> Tomcat version: latest stable release of Tomcat 4
> Operating system: Redhat Linux 6.2
>
> Thanx in advance for any imput you can provide!
>
> --Friso Geerlings
>
> ----------------------------------------------------------
> *** Login_ntlm.jsp ***
> ----------------------------------------------------------
>
> <jsp:useBean id="credentials" scope="session"
> class="primeline_intranet.IntranetCredentialsBean" /> <%
> boolean ok = false; //user not logged in jet
>
> String auth = request.getHeader("Authorization");
> if (auth == null)
> {
>    response.setContentLength(0);
>    response.setStatus(response.SC_UNAUTHORIZED);
>    response.setHeader("WWW-Authenticate", "NTLM");
>    response.flushBuffer();
>   return;
> }
> if (auth.startsWith("NTLM "))
> {
>   byte[] msg = new
> sun.misc.BASE64Decoder().decodeBuffer(auth.substring(5)); int off = 0,
> length, offset;
>   if (msg[8] == 1)
>   {
>     byte z = 0;
>     byte[] msg1 = {(byte)'N', (byte)'T', (byte)'L', (byte)'M', (byte)'S',
> (byte)'S', (byte)'P', z,(byte)2, z, z, z, z, z, z, z,(byte)40, z, z, z,
>       (byte)1, (byte)130, z, z,z, (byte)2, (byte)2,
>       (byte)2, z, z, z, z, z, z, z, z, z, z, z, z};
>
>  response.setContentLength(0);
>     response.setS-- 
Jason Bainbridge
http://jblinux.orgtatus(response.SC_UNAUTHORIZED);
>     response.setHeader("WWW-Authenticate", "NTLM " + new
> sun.misc.BASE64Encoder().encodeBuffer(msg1).trim());
> response.flushBuffer();
>
>     return;
>   }
>   else if (msg[8] == 3)
>   {
>     off = 30;
>
>     length = msg[off+17]*256 + msg[off+16];
>     offset = msg[off+19]*256 + msg[off+18];
>     String remoteHost = new String(msg, offset, length);
>
>     length = msg[off+1]*256 + msg[off];
>     offset = msg[off+3]*256 + msg[off+2];
>     String domain = new String(msg, offset, length);
>
>     length = msg[off+9]*256 + msg[off+8];
>     offset = msg[off+11]*256 + msg[off+10];
>     String username = new String(msg, offset, length);
>
>
>     ok = credentials.login(username);
>     //this returns true if the username can be found in a database
>   }
> }
>
> if (!ok) {
>
>  String paginaParameter = "login.jsp?message=autologin unsuccesfull";
>  String rootPath = request.getScheme()+"://" +
>      request.getServerName() + ":" + request.getServerPort() +
>      request.getContextPath() + "/";
>  response.sendRedirect(rootPath + paginaParameter);
>
> } else {
>         //login is ok, so we're forwarding to the main page
>         %>
>   <jsp:forward page="index.jsp">
>   </jsp:forward>
> <% } %>


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message