Re: Struts 2 Weblogic and NTLM
Ok i found out what was going wrong.
I used the sun package to encode "new
sun.misc.BASE64Encoder().encodeBuffer(msg1)"
I replaced it with a class I got from http://iharder.net/base64 and it works
fine now. I did not know sun.* apis are not supposed to be used
dgv123 wrote:
>
> I am attaching a WAR file which uses code to obtain the user id via NTLM.
> This code works fine on Tomcat and Weblogic 9.2 on unix (if i do not use
> in the Home.jsp - I do not know why that breaks
> http://www.nabble.com/file/p16032835/NTLM1.war NTLM1.war )
>
> This WAR does not work on Weblogic 9.2 Windows 2000 as i get the following
> error
> Header:WWW-Authenticate Cannot contain CRLF Charcters
>
> Here is the code in the Action class.
> ***
> package com.dgv.actions;
>
> import java.util.Map;
>
> import javax.servlet.http.HttpServletRequest;
> import javax.servlet.http.HttpServletResponse;
>
> import org.apache.struts2.interceptor.ServletRequestAware;
> import org.apache.struts2.interceptor.ServletResponseAware;
> import org.apache.struts2.interceptor.SessionAware;
>
> import com.dgv.security.NTLMLogin;
> import com.dgv.util.Util;
> import com.opensymphony.xwork2.ActionSupport;
> import com.opensymphony.xwork2.Preparable;
>
> public class BaseAction extends ActionSupport
> implements SessionAware, ServletRequestAware, ServletResponseAware,
> Preparable{
>
>private Map session;
>private HttpServletRequest request;
>private HttpServletResponse response;
>
> public void setSession(Map arg0) {
> this.session = arg0;
> }
>
>
>
> public void setServletRequest(HttpServletRequest arg0) {
> // TODO Auto-generated method stub
> this.request = arg0;
> }
> public HttpServletRequest getServletRequest() {
> // TODO Auto-generated method stub
> return request;
> }
>
>
>
> public void prepare() throws Exception {
>
> System.out.println("Entered Prepare Method");
> String auth = request.getHeader("Authorization");
> if (auth == null) {
> System.out.println("Inside Null");
> response.setStatus(response.SC_UNAUTHORIZED);
> response.setHeader("WWW-Authenticate", "NTLM");
> return;
> }
> System.out.println("outside Null");
> if (auth.startsWith("NTLM ")) {
> byte[] msg = new
> sun.misc.BASE64Decoder().decodeBuffer(auth.substring(5));
> int off = 30, length=0, offset;
> String s;
>
> if (msg[8] == 1) { // first step of authentication
> off = 18;
>
> // this part is for full hand-shaking, just tested, didn't care
> about
> result passwords
> byte z = 0;
> byte[] msg1 = {(byte)'N', (byte)'T', (byte)'L', (byte)'M',
> (byte)'S',
> (byte)'S', (byte)'P', z,
> (byte)2, z, z, z, z, z, z, z,
> (byte)40, z, z, z, (byte)1, (byte)130, z, z,
> z, (byte)2, (byte)2, (byte)2, z, z, z, z, // this line is
> 'nonce'
> z, z, z, z, z, z, z, z};
> // remove next lines if you want see the result of first step
> response.setStatus(response.SC_UNAUTHORIZED);
> System.out.println("Before Setting Header");
> response.setHeader("WWW-Authenticate", "NTLM " + new
> sun.misc.BASE64Encoder().encodeBuffer(msg1));
> System.out.println("Header:"+
> request.getHeader("WWW-Authenticate"));
> return;
>
>
> } else
> //return;
>
>
> length = msg[off+9]*256 + msg[off+8];
> offset = msg[off+11]*256 + msg[off+10];
> s = new String(msg, offset, length);
> System.out.println("**USER "+s + "");
> }
>
> }
> public void setServletResponse(HttpServletResponse arg0) {
> this.response = arg0;
>
> }
>
>
>
> public HttpServletResponse getServletResponse() {
> return response;
> }
>
> }
>
>
>
> **
> Any help would be greatly appreciated.
>
--
View this message in context:
http://www.nabble.com/Struts-2-Weblogic-and-NTLM-tp16032835p16037640.html
Sent from the Struts - User mailing list archive at Nabble.com.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Problem with submitting while using NTLM authentication
Check if works. I had the same issue with this on a UNIX environment(struts 2). When i replaced the tag with the regular tag...it worked fine Tarun Reddy wrote: > > Hi all, > I'm using NTLM authentication to let the user in. After the user gets into > the application, he'll be shown a jsp page, which typically contains an > . After user enters his inputs and submits the > form, the values are not submitted as part of the HTTP Request. If I > modify > the form as, , then everything > works > fine i.e the values are being passed to the action class. If I remove the > NTLM authentication in the first login jsp page, then works > fine > with POST method. So, I feel that this is some issue pertaining to the use > of in conjunction with NTLM authentication. Did any one of you > had experienced this problem? Why the input values entered by user are not > passed as part of HTTP request? I can see the Content-Type of the request > as, application/x-www-form-urlencoded. Everything looks fine. That's what > baffling me. I'm in urgent need of it. I would really appreciate your > help. > > Thanks, > Tarun. > > -- View this message in context: http://www.nabble.com/Problem-with-submitting-%3Chtml%3Aform%3E-while-using-NTLM-authentication-tp3868393p16032992.html Sent from the Struts - User mailing list archive at Nabble.com. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Struts 2 Weblogic and NTLM
I am attaching a WAR file which uses code to obtain the user id via NTLM.
This code works fine on Tomcat and Weblogic 9.2 on unix (if i do not use
in the Home.jsp - I do not know why that breaks
http://www.nabble.com/file/p16032835/NTLM1.war NTLM1.war )
This WAR does not work on Weblogic 9.2 Windows 2000 as i get the following
error
Header:WWW-Authenticate Cannot contain CRLF Charcters
Here is the code in the Action class.
***
package com.dgv.actions;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.struts2.interceptor.ServletRequestAware;
import org.apache.struts2.interceptor.ServletResponseAware;
import org.apache.struts2.interceptor.SessionAware;
import com.dgv.security.NTLMLogin;
import com.dgv.util.Util;
import com.opensymphony.xwork2.ActionSupport;
import com.opensymphony.xwork2.Preparable;
public class BaseAction extends ActionSupport
implements SessionAware, ServletRequestAware, ServletResponseAware,
Preparable{
private Map session;
private HttpServletRequest request;
private HttpServletResponse response;
public void setSession(Map arg0) {
this.session = arg0;
}
public void setServletRequest(HttpServletRequest arg0) {
// TODO Auto-generated method stub
this.request = arg0;
}
public HttpServletRequest getServletRequest() {
// TODO Auto-generated method stub
return request;
}
public void prepare() throws Exception {
System.out.println("Entered Prepare Method");
String auth = request.getHeader("Authorization");
if (auth == null) {
System.out.println("Inside Null");
response.setStatus(response.SC_UNAUTHORIZED);
response.setHeader("WWW-Authenticate", "NTLM");
return;
}
System.out.println("outside Null");
if (auth.startsWith("NTLM ")) {
byte[] msg = new
sun.misc.BASE64Decoder().decodeBuffer(auth.substring(5));
int off = 30, length=0, offset;
String s;
if (msg[8] == 1) { // first step of authentication
off = 18;
// this part is for full hand-shaking, just tested, didn't care
about
result passwords
byte z = 0;
byte[] msg1 = {(byte)'N', (byte)'T', (byte)'L', (byte)'M',
(byte)'S',
(byte)'S', (byte)'P', z,
(byte)2, z, z, z, z, z, z, z,
(byte)40, z, z, z, (byte)1, (byte)130, z, z,
z, (byte)2, (byte)2, (byte)2, z, z, z, z, // this line is
'nonce'
z, z, z, z, z, z, z, z};
// remove next lines if you want see the result of first step
response.setStatus(response.SC_UNAUTHORIZED);
System.out.println("Before Setting Header");
response.setHeader("WWW-Authenticate", "NTLM " + new
sun.misc.BASE64Encoder().encodeBuffer(msg1));
System.out.println("Header:"+
request.getHeader("WWW-Authenticate"));
return;
} else
//return;
length = msg[off+9]*256 + msg[off+8];
offset = msg[off+11]*256 + msg[off+10];
s = new String(msg, offset, length);
System.out.println("**USER "+s + "");
}
}
public void setServletResponse(HttpServletResponse arg0) {
this.response = arg0;
}
public HttpServletResponse getServletResponse() {
return response;
}
}
**
Any help would be greatly appreciated.
--
View this message in context:
http://www.nabble.com/Struts-2-Weblogic-and-NTLM-tp16032835p16032835.html
Sent from the Struts - User mailing list archive at Nabble.com.
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
