Return-Path: Delivered-To: apmail-jakarta-tomcat-user-archive@apache.org Received: (qmail 55412 invoked from network); 5 Jun 2003 14:28:29 -0000 Received: from exchange.sun.com (192.18.33.10) by daedalus.apache.org with SMTP; 5 Jun 2003 14:28:29 -0000 Received: (qmail 18522 invoked by uid 97); 5 Jun 2003 14:30:44 -0000 Delivered-To: qmlist-jakarta-archive-tomcat-user@nagoya.betaversion.org Received: (qmail 18514 invoked from network); 5 Jun 2003 14:30:43 -0000 Received: from daedalus.apache.org (HELO apache.org) (208.185.179.12) by nagoya.betaversion.org with SMTP; 5 Jun 2003 14:30:43 -0000 Received: (qmail 53744 invoked by uid 500); 5 Jun 2003 14:28:03 -0000 Mailing-List: contact tomcat-user-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Tomcat Users List" Reply-To: "Tomcat Users List" Delivered-To: mailing list tomcat-user@jakarta.apache.org Received: (qmail 53729 invoked from network); 5 Jun 2003 14:28:03 -0000 Received: from hosting-132-150.phpwebhosting.com (HELO flow.phpwebhosting.com) (64.72.132.150) by daedalus.apache.org with SMTP; 5 Jun 2003 14:28:03 -0000 Received: (qmail 17967 invoked by uid 508); 5 Jun 2003 14:28:23 -0000 Received: from unknown (HELO 192.168.0.169) (203.15.140.99) by hosting-132-150.phpwebhosting.com with SMTP; 5 Jun 2003 14:28:23 -0000 From: Jason Bainbridge Organization: jblinux.org To: "Tomcat Users List" Subject: Re: Request parameters are all 'null' after using NTLM login-code Date: Thu, 5 Jun 2003 22:27:49 +0800 User-Agent: KMail/1.5.9 References: <001e01c32b6d$f719aaf0$1701a8c0@PCDEBBIE> In-Reply-To: <001e01c32b6d$f719aaf0$1701a8c0@PCDEBBIE> MIME-Version: 1.0 Content-Disposition: inline Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <200306052227.50202.jason@jblinux.org> X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N NTLM is a bit of a nightmare to create custom code for, I recommend you either plug Tomcat into IIS and use IIS's authentication and then use request.getRemoteUser() to get the details or my preferred method is to use the filter available with JCIFS (http://jcifs.samba.org), just change a few things in your web.xml file, drop in the .jar file and everything will start working automagically. Regards, -- Jason Bainbridge http://jblinux.org On Thu, 5 Jun 2003 22:22, Friso Geerlings wrote: > Hello, > > I've been working on an Intranet site in JSP, and one of the requirements > was an NTLM-login based authorisation. NTLM is a closed Microsoft protocol > that sends the username and domain from Internet Explorer tot a Microsoft > webserver. We've been able to implement this in JSP using information about > the protocol found on the Internet. The NTLM-authentication works fine, > however, there is a very strange side-effect: after the NTLM-login sequence > has completed, Tomcat seems to be unable to work with request-parameters > anymore. All request-parameters, for example sent using forms or encoded in > the URL using '?' end up being 'null' when I try to get them using > request.getParameter. Even when I forward to another page and then again > another (or redi-- Jason Bainbridge http://jblinux.orgrect), still, those pages cannot read any > request-parameters anymore. Very strange... > > The NTLM-code we use is included below. Maybe any of you can spot an error > in it that causes this effect, or knows more about his mistake/bug? > > Tomcat version: latest stable release of Tomcat 4 > Operating system: Redhat Linux 6.2 > > Thanx in advance for any imput you can provide! > > --Friso Geerlings > > ---------------------------------------------------------- > *** Login_ntlm.jsp *** > ---------------------------------------------------------- > > class="primeline_intranet.IntranetCredentialsBean" /> <% > boolean ok = false; //user not logged in jet > > String auth = request.getHeader("Authorization"); > if (auth == null) > { > response.setContentLength(0); > response.setStatus(response.SC_UNAUTHORIZED); > response.setHeader("WWW-Authenticate", "NTLM"); > response.flushBuffer(); > return; > } > if (auth.startsWith("NTLM ")) > { > byte[] msg = new > sun.misc.BASE64Decoder().decodeBuffer(auth.substring(5)); int off = 0, > length, offset; > if (msg[8] == 1) > { > byte z = 0; > byte[] msg1 = {(byte)'N', (byte)'T', (byte)'L', (byte)'M', (byte)'S', > (byte)'S', (byte)'P', z,(byte)2, z, z, z, z, z, z, z,(byte)40, z, z, z, > (byte)1, (byte)130, z, z,z, (byte)2, (byte)2, > (byte)2, z, z, z, z, z, z, z, z, z, z, z, z}; > > response.setContentLength(0); > response.setS-- Jason Bainbridge http://jblinux.orgtatus(response.SC_UNAUTHORIZED); > response.setHeader("WWW-Authenticate", "NTLM " + new > sun.misc.BASE64Encoder().encodeBuffer(msg1).trim()); > response.flushBuffer(); > > return; > } > else if (msg[8] == 3) > { > off = 30; > > length = msg[off+17]*256 + msg[off+16]; > offset = msg[off+19]*256 + msg[off+18]; > String remoteHost = new String(msg, offset, length); > > length = msg[off+1]*256 + msg[off]; > offset = msg[off+3]*256 + msg[off+2]; > String domain = new String(msg, offset, length); > > length = msg[off+9]*256 + msg[off+8]; > offset = msg[off+11]*256 + msg[off+10]; > String username = new String(msg, offset, length); > > > ok = credentials.login(username); > //this returns true if the username can be found in a database > } > } > > if (!ok) { > > String paginaParameter = "login.jsp?message=autologin unsuccesfull"; > String rootPath = request.getScheme()+"://" + > request.getServerName() + ":" + request.getServerPort() + > request.getContextPath() + "/"; > response.sendRedirect(rootPath + paginaParameter); > > } else { > //login is ok, so we're forwarding to the main page > %> > > > <% } %> --------------------------------------------------------------------- To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org For additional commands, e-mail: tomcat-user-help@jakarta.apache.org