Hi,
I trying to get SSO work in my LAN. I have a simple servlet which on first request
sends response back as 'WWW-Authenticate', the browser responde with a NTLM token,
servlet againg sends something as a part of protocol....blah blah......
Finally it takes the token, parses it and extracts the userid, m/c name,domain etc.
The servlet works fine in tomcat.
When i port it to jboss/server/default/deploy......the communication hangs at a
definite point.
I also extracted the headers in the communication. Could not identify waht is going
wrong exactly.
Down here are the servlet and the header files for the successful and failed
comunication
-------------------------------------------------------------------------------------
import java.io.*;
import java.text.*;
import java.util.*;
import javax.servlet.*;
import javax.servlet.http.*;
import org.ietf.jgss.*;
import org.apache.xerces.impl.dv.util.*;
public class NtlmEmulator extends HttpServlet {
public void doGet(HttpServletRequest request,
HttpServletResponse response)
throws IOException, ServletException
{
String auth = request.getHeader("Authorization");
if (auth == null) {
response.setStatus(response.SC_UNAUTHORIZED);
response.setHeader("WWW-Authenticate", "NTLM");
System.out.println("#####1st step");
response.flushBuffer();
System.out.println("#####1st step comp");
return;
}
if (auth.startsWith("NTLM ")) { byte[] msg = new
sun.misc.BASE64Decoder().decodeBuffer(auth.substring(5));
int off = 0, length, offset;
String s;
if (msg[8] == 1) { // first step of authentication
off = 18;
byte z = 0;
byte[] msg1 = {(byte)'N', (byte)'T', (byte)'L', (byte)'M',
(byte)'S', (byte)'S', (byte)'P', z,
(byte)2, z, z, z, z, z, z, z,
(byte)40, z, z, z, (byte)1, (byte)130, z, z,
z, (byte)2, (byte)2, (byte)2, z, z, z, z, // this line is
'nonce'
z, z, z, z, z, z, z, z};
// remove next lines if you want see the result of first step
response.setStatus(response.SC_UNAUTHORIZED);
response.setHeader("WWW-Authenticate", "NTLM " + new
sun.misc.BASE64Encoder().encodeBuffer(msg1));
System.out.println("#####2nd step");
response.flushBuffer();
System.out.println("#####2nd
complete");
return;
}
else if (msg[8] == 3) { // third step of authentization -
takes long time, nod needed if zou care only for loginname
off = 30;
System.out.println("#####3rd tep
step");
length = msg[off+17]*256 + msg[off+16];
offset = msg[off+19]*256 + msg[off+18];
s = new String(msg, offset, length);
System.out.println(s);
} else{
return;
}
length = msg[off+1]*256 + msg[off];
offset = msg[off+3]*256 + msg[off+2];
s = new String(msg, offset, length);
System.out.println("length is "+s.length()+"
"+(int)s.charAt(0)+"$"+(int)s.charAt(1)+"$"+(int)s.charAt(2)+"$");
StringBuffer sbDomain=new StringBuffer();
char c=(char)0;
char[] charArr=new char[1];
charArr[0]=c;
StringTokenizer st = new StringTokenizer(s,new
String(charArr));
while (st.hasMoreTokens()) {
// String token=st.nextToken();
// System.out.println("token "+token);
sbDomain.append(st.nextToken());
}
System.out.println(sbDomain);
length = msg[off+9]*256 + msg[off+8];
offset = msg[off+11]*256 + msg[off+10];
s = new String(msg, offset, length);
StringBuffer sbUserName=new StringBuffer();
StringTokenizer st1 = new StringTokenizer(s,new
String(charArr));
while (st1.hasMoreTokens()) {
sbUserName.append(st1.nextToken());
}
System.out.println(sbUserName);
}
}//doget
}
-------------------------------------------------------------------------------------
SUCCESSFUL COMMUNICATION HEADERS
GET /ntlm/ntlmservlet HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/x-shockwave-flash, application/vnd.ms-excel,
application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: localhost:8080
Connection: Keep-Alive
HTTP/1.1 401 Unauthorized
WWW-Authenticate: NTLM
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Transfer-Encoding: chunked
Date: Tue, 11 May 2004 05:42:09 GMT
Server: Apache Coyote/1.0
GET /ntlm/ntlmservlet HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/x-shockwave-flash, application/vnd.ms-excel,
application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: localhost:8080
Connection: Keep-Alive
Authorization: NTLM
TlRMTVNTUAABAAAAB7IIoAYABgAvAAAADwAPACAAAABJTkQtU1BaNERYUDAwNDdNQVNURUs=
HTTP/1.1 401 Unauthorized
WWW-Authenticate: NTLM TlRMTVNTUAACAAAAAAAAACgAAAABggAAAAICAgAAAAAAAAAAAAAAAA==
GET /ntlm/ntlmservlet HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/x-shockwave-flash, application/vnd.ms-excel,
application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: localhost:8080
Connection: Keep-Alive
Authorization: NTLM
TlRMTVNTUAADAAAAGAAYAHoAAAAYABgAkgAAAAwADABAAAAAEAAQAEwAAAAeAB4AXAAAAAAAAACqAAAABYIAAE0AQQBTAFQARQBLAGsAcwBoAGkAdABpAGoAdQBJAE4ARAAtAFMAUABaADQARABYAFAAMAAwADQANwCbmhyFIdpmwOZWt640fv/CyRrW6CyUUhM4L2b6rZrP0U5MnsVusnCubZqH4HrHf6o=
GET /ntlm/ntlmservlet HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/x-shockwave-flash, application/vnd.ms-excel,
application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: localhost:8080
Connection: Keep-Alive
Authorization: NTLM
TlRMTVNTUAADAAAAGAAYAHoAAAAYABgAkgAAAAwADABAAAAAEAAQAEwAAAAeAB4AXAAAAAAAAACqAAAABYIAAE0AQQBTAFQARQBLAGsAcwBoAGkAdABpAGoAdQBJAE4ARAAtAFMAUABaADQARABYAFAAMAAwADQANwCbmhyFIdpmwOZWt640fv/CyRrW6CyUUhM4L2b6rZrP0U5MnsVusnCubZqH4HrHf6o=
HTTP/1.1 200 OK
Content-Type: text/plain
Content-Length: 0
Date: Tue, 11 May 2004 05:42:29 GMT
Server: Apache Coyote/1.0
GET
http://in.update.companion.yahoo.com/slv/v4/2.html?.pc=&.a=0&.ta=cgnone,ccnone,ciin,cv5_1_6,cp&.cv=1&.cs=p,dc2ef32fc4fb2885&t=349482546
HTTP/1.1
Accept: */*
Cookie: B=0qqakq909k912&b=2; CP=v=50106&br=i
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: in.update.companion.yahoo.com
Proxy-Connection: Keep-Alive
Pragma: no-cache
HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires authorization to
fulfill the request. Access to the Web Proxy service is denied. )
Via:1.1 IND-SPZ7PXY001
Proxy-Authenticate: NTLM
Proxy-Authenticate: Basic realm="ind-spz7pxy001.XYZ.com"
Proxy-Authenticate: Kerberos
Proxy-Authenticate: Negotiate
Connection: close
Proxy-Connection: close
Pragma: no-cache
Cache-Control: no-cache
Content-Type: text/html
Content-Length: 2376
GET
http://in.update.companion.yahoo.com/slv/v4/2.html?.pc=&.a=0&.ta=cgnone,ccnone,ciin,cv5_1_6,cp&.cv=1&.cs=p,dc2ef32fc4fb2885&t=349482546
HTTP/1.1
Accept: */*
Cookie: B=0qqakq909k912&b=2; CP=v=50106&br=i
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: in.update.companion.yahoo.com
Proxy-Connection: Keep-Alive
Pragma: no-cache
Proxy-Authorization: NTLM
TlRMTVNTUAABAAAAB7IIoAYABgAvAAAADwAPACAAAABJTkQtU1BaNERYUDAwNDdNQVNURUv=
HTTP/1.1 407 Proxy Authentication Required ( Access is denied. )
Via:1.1 IND-SPZ7PXY001
Proxy-Authenticate: NTLM
TlRMTVNTUAACAAAADAAMADgAAAAFgomirDHW4jxzDKcAAAAAAAAAAIIAggBEAAAABQCTCAAAAA9NAEEAUwBUAEUASwACAAwATQBBAFMAVABFAEsAAQAcAEkATgBEAC0AUwBQAFoANwBQAFgAWQAwADAAMQAEABQAbQBhAHMAdABlAGsALgBjAG8AbQADADIAaQBuAGQALQBzAHAAegA3AHAAeAB5ADAAMAAxAC4AbQBhAHMAdABlAGsALgBjAG8AbQAAAAAA
Pragma: no-cache
Cache-Control: no-cache
Content-Type: text/html
Content-Length: 0 GET
http://in.update.companion.yahoo.com/slv/v4/2.html?.pc=&.a=0&.ta=cgnone,ccnone,ciin,cv5_1_6,cp&.cv=1&.cs=p,dc2ef32fc4fb2885&t=349482546
HTTP/1.1
Accept: */*
Proxy-Authorization: NTLM
TlRMTVNTUAADAAAAGAAYAHoAAAAYABgAkgAAAAwADABAAAAAEAAQAEwAAAAeAB4AXAAAAAAAAACqAAAABYKIoG0AYQBzAHQAZQBrAGsAcwBoAGkAdABpAGoAdQBJAE4ARAAtAFMAUABaADQARABYAFAAMAAwADQANwDdaxsGGOW+MQAAAAAAAAAAAAAAAAAAAADzvIrM0li+Ew/iJqtpMB7UFKPF45yl64M=
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: in.update.companion.yahoo.com
Proxy-Connection: Keep-Alive
Pragma: no-cache
Cookie: B=0qqakq909k912&b=2; CP=v=50106&br=i
HTTP/1.1 200 OK
Via: 1.0 IND-SPZ7PXY001
Connection: close
Proxy-Connection: close
Date: Tue, 11 May 2004 05:41:50 GMT
Content-Type: text/html
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml";, CP="CAO DSP COR CUR ADM DEV TAI PSA
PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM
NAV INT DEM CNT STA POL HEA PRE GOV"
Cache-Control: private
-------------------------------------------------------------------------------------
FAILED COMMUNICATION HEADERS
GET /ntlm/ntlmservlet HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/x-shockwave-flash, application/vnd.ms-excel,
application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: localhost:8080
Connection: Keep-Alive
HTTP/1.1 401 Unauthorized
WWW-Authenticate: NTLM
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Transfer-Encoding: chunked
Date: Tue, 11 May 2004 05:33:26 GMT
Server: Apache Coyote/1.0
GET /ntlm/ntlmservlet HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/x-shockwave-flash, application/vnd.ms-excel,
application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: localhost:8080
Connection: Keep-Alive
Authorization: NTLM
TlRMTVNTUAABAAAAB7IIoAYABgAvAAAADwAPACAAAABJTkQtU1BaNERYUDAwNDdNQVNURUs=
HTTP/1.1 401 Unauthorized
WWW-Authenticate: NTLM TlRMTVNTUAACAAAAAAAAACgAAAABggAAAAICAgAAAAAAAAAAAAAAAA==
-------------------------------------------------------------------------------------
-theone
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3834407#3834407
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3834407
-------------------------------------------------------
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user
