Update of
/var/cvs/contributions/CMSContainer_Modules/knownvisitor-ntlm/src/java/com/finalist/cmsc/knownvisitor/ntlm
In directory
james.mmbase.org:/tmp/cvs-serv21601/knownvisitor-ntlm/src/java/com/finalist/cmsc/knownvisitor/ntlm
Modified Files:
Tag: b1_5
NtlmKnownVisitorModule.java NtlmVisitorFilter.java
Log Message:
CMSC-1194 NtlmVisitorFilter for Almere has code which is not in CVS
See also:
http://cvs.mmbase.org/viewcvs/contributions/CMSContainer_Modules/knownvisitor-ntlm/src/java/com/finalist/cmsc/knownvisitor/ntlm
See also: http://www.mmbase.org/jira/browse/CMSC-1194
Index: NtlmKnownVisitorModule.java
===================================================================
RCS file:
/var/cvs/contributions/CMSContainer_Modules/knownvisitor-ntlm/src/java/com/finalist/cmsc/knownvisitor/ntlm/NtlmKnownVisitorModule.java,v
retrieving revision 1.6.2.1
retrieving revision 1.6.2.2
diff -u -b -r1.6.2.1 -r1.6.2.2
--- NtlmKnownVisitorModule.java 22 Jan 2009 12:41:43 -0000 1.6.2.1
+++ NtlmKnownVisitorModule.java 22 Jan 2009 14:33:27 -0000 1.6.2.2
@@ -19,18 +19,24 @@
private static final String SESSION_ATTRIBUTE = "NtlmVisitor";
- public static final String PROPERTY_DOMAIN_CONTROLLER =
"knownvisitor-ntlm.domaincontroller";
public static final String PROPERTY_ENABLED = "knownvisitor-ntlm.enabled";
+ public static final String PROPERTY_DOMAIN_CONTROLLER =
"knownvisitor-ntlm.domaincontroller";
+ public static final String PROPERTY_DOMAIN = "knownvisitor-ntlm.domain";
+ public static final String PROPERTY_IPEXCEPTIONS =
"knownvisitor-ntlm.ipexceptions";
+ public static final String PROPERTY_BASIC_AUTH =
"knownvisitor-ntlm.basic-authentication";
+
public static final String PROPERTY_FIELD_EMAIL =
"knownvisitor-ntlm.field.email";
public static final String PROPERTY_FIELD_REALNAME =
"knownvisitor-ntlm.field.realname";
public static final String PROPERTY_FIELD_USERNAME =
"knownvisitor-ntlm.field.username";
public static final String PROPERTY_LOGONNAME =
"knownvisitor-ntlm.logonname";
public static final String PROPERTY_LOGONPASSWORD =
"knownvisitor-ntlm.logonpassword";
public static final String PROPERTY_SEARCHDN = "knownvisitor-ntlm.searchDN";
- public static final String PROPERTY_DOMAIN = "knownvisitor-ntlm.domain";
+
+
public NtlmKnownVisitorModule() {
+ // nothing
}
@@ -69,9 +75,9 @@
// Make a directory context by connecting with the above details.
try {
ctx = new InitialDirContext(env);
- NamingEnumeration answer = ctx.search("ldap://"; + server + "/" +
searchDN, query, null);
+ NamingEnumeration<SearchResult> answer = ctx.search("ldap://"; +
server + "/" + searchDN, query, null);
if (answer.hasMoreElements()) {
- SearchResult result = (SearchResult) answer.next();
+ SearchResult result = answer.next();
Attribute values =
result.getAttributes().get(getProperty(PROPERTY_FIELD_REALNAME));
if (values.size() > 0) {
visitor.setDisplayName((String) values.get(0));
Index: NtlmVisitorFilter.java
===================================================================
RCS file:
/var/cvs/contributions/CMSContainer_Modules/knownvisitor-ntlm/src/java/com/finalist/cmsc/knownvisitor/ntlm/NtlmVisitorFilter.java,v
retrieving revision 1.7.2.1
retrieving revision 1.7.2.2
diff -u -b -r1.7.2.1 -r1.7.2.2
--- NtlmVisitorFilter.java 22 Jan 2009 12:41:44 -0000 1.7.2.1
+++ NtlmVisitorFilter.java 22 Jan 2009 14:33:27 -0000 1.7.2.2
@@ -1,24 +1,18 @@
package com.finalist.cmsc.knownvisitor.ntlm;
-import jcifs.http.NtlmSsp;
-import jcifs.smb.NtlmPasswordAuthentication;
-import jcifs.smb.SmbSession;
-import jcifs.smb.SmbAuthException;
-import jcifs.UniAddress;
+import java.io.IOException;
+import java.util.*;
+
+import javax.servlet.*;
+import javax.servlet.http.*;
+
import jcifs.Config;
+import jcifs.UniAddress;
+import jcifs.http.NtlmSsp;
+import jcifs.smb.*;
import jcifs.util.Base64;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
-import javax.servlet.FilterChain;
-import javax.servlet.Filter;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import javax.servlet.http.HttpSession;
-import java.io.IOException;
-
+import org.apache.commons.lang.StringUtils;
import org.mmbase.util.logging.Logger;
import org.mmbase.util.logging.Logging;
@@ -30,12 +24,13 @@
* @author Jeoffrey Bakker, Finalist IT Group
*/
public class NtlmVisitorFilter implements Filter {
+
private static final String realm = "jCIFS";
private static final Logger log =
Logging.getLoggerInstance(NtlmVisitorFilter.class);
- public void init(FilterConfig filterConfig) throws ServletException {
+ public void init(FilterConfig filterConfig) {
/*
* Set jcifs properties we know we want; soTimeout and cachePolicy to
@@ -47,6 +42,7 @@
public void destroy() {
+ // nothing
}
@@ -60,9 +56,24 @@
final HttpServletRequest req = (HttpServletRequest) request;
final HttpServletResponse resp = (HttpServletResponse) response;
- if (isEnabled() && !negotiate(req, resp, false)) {
+ if (isEnabled()) {
+ List<String> exceptions = getIpExceptions();
+ if (!exceptions.isEmpty()) {
+ String clientIp = req.getHeader("X-Forwarded-For");
+ if (StringUtils.isBlank(clientIp)) {
+ // not behind a proxy or mod_proxy
+ clientIp = request.getRemoteAddr();
+ }
+ if (exceptions.contains(clientIp)) {
+ chain.doFilter(req, resp);
+ return;
+ }
+ }
+
+ if (!negotiate(req, resp, false)) {
return;
}
+ }
chain.doFilter(req, resp);
}
@@ -90,7 +101,7 @@
String msg;
NtlmPasswordAuthentication ntlm = null;
msg = req.getHeader("Authorization");
- boolean offerBasic = req.isSecure();
+ boolean offerBasic = offerBasic(req);
log.debug("Message: " + msg);
if (msg != null && (msg.startsWith("NTLM ") || (offerBasic &&
msg.startsWith("Basic ")))) {
@@ -143,7 +154,7 @@
log.service("NtlmHttpFilter: " + ntlm.getName() + ": 0x"
+ jcifs.util.Hexdump.toHexString(sae.getNtStatus(), 8) +
": " + sae);
}
- if (sae.getNtStatus() ==
SmbAuthException.NT_STATUS_ACCESS_VIOLATION) {
+ if (sae.getNtStatus() == NtStatus.NT_STATUS_ACCESS_VIOLATION) {
/*
* Server challenge no longer valid for externally supplied
* password hashes.
@@ -180,13 +191,44 @@
}
- private boolean isEnabled() {
- return
PropertiesUtil.getProperty(NtlmKnownVisitorModule.PROPERTY_ENABLED).equals("true");
+ private boolean offerBasic(HttpServletRequest req) {
+ boolean offerBasic = req.isSecure();
+ if (!offerBasic) {
+ String basic =
PropertiesUtil.getProperty(NtlmKnownVisitorModule.PROPERTY_BASIC_AUTH);
+ if (StringUtils.isBlank(basic) || "secure".equalsIgnoreCase(basic)) {
+ return false;
+ }
+ else {
+ // basic authentication is not forced to be on secured urls and
the current request is not secured
+ // This does not mean that the url arrived at the webserver was
not secured. The webserver could
+ // proxy the request without using the secured flag.
+ return true;
+ }
}
+ return offerBasic;
+ }
+
+ private boolean isEnabled() {
+ return
Boolean.parseBoolean(PropertiesUtil.getProperty(NtlmKnownVisitorModule.PROPERTY_ENABLED));
+ }
private String getDomainController() {
return
PropertiesUtil.getProperty(NtlmKnownVisitorModule.PROPERTY_DOMAIN_CONTROLLER);
}
+ private List<String> getIpExceptions() {
+ String prop =
PropertiesUtil.getProperty(NtlmKnownVisitorModule.PROPERTY_IPEXCEPTIONS);
+ return convertToList(prop);
+ }
+
+ private static List<String> convertToList(String prop) {
+ List<String> list = new ArrayList<String>();
+ StringTokenizer tokenizer = new StringTokenizer(prop, ", \t\n\r\f");
+ while (tokenizer.hasMoreTokens()) {
+ String str = tokenizer.nextToken();
+ list.add(str);
+ }
+ return list;
+ }
}
_______________________________________________
Cvs mailing list
[email protected]
http://lists.mmbase.org/mailman/listinfo/cvs
