Re: [Wicket-user] NTLM Authentication
Ok, found out that this problem actually relates to Internet Explorer... one
more grief to my MS black list of sorrows! ;)
Fixed it by using JCIFS library, which implements a servlet filter in the
same way mine was doing, with just a little difference: their works! (Got to
remember to never reinvent the wheel too). Now I am able to get current user
this way inside my code:
HttpServletRequest request = ((WebRequest) RequestCycle.get()
.getRequest()).getHttpServletRequest();
username = request.getRemoteUser();
And everything is working nicely again. Now finally off to implement my apps
authentication and authorization, by adapting databinder library's
functionalities.
Regards,
Zenrique Steckelberg wrote:
>
> Hi all,
>
> I work in a windows mostly environment, thus decided to use NTLM
> authentication so I wouldn't need to store and check users passwords. On
> each WebRequest and WebResponse I check if the user is identified or not,
> and if not I go through NTLM's request/response procedure in order to get
> user's login from ie browser (and thus windows). What happens is that
> after changing newWebRequest and newWebResponse methods to get the
> authentication, my application stops working, and no image or submit
> button works anymore. If I comment out both newWeb Request/Response
> methods, everything works fine. I am using Databinder for some of the
> authorization features and other db stuff, but I think this relates
> particularly to wicket.
>
> Here's the code:
>
> public class ConfServApp extends AuthDataApplication {
> private String auth;
>
> private String remoteHost;
>
> private String domain;
>
> private String username;
>
> @Override
> protected WebRequest newWebRequest(HttpServletRequest servletRequest)
> {
> WebRequest request = (WebRequest)
> super.newWebRequest(servletRequest);
>
>
> auth = (String) request.getHttpServletRequest().getHeader(
> "Authorization");
>
> return request;
> }
>
> @Override
> protected WebResponse newWebResponse(HttpServletResponse
> servletResponse) {
> WebResponse response = (WebResponse) super
> .newWebResponse(servletResponse);
> if (username == null) {
> if (auth == null) {
> response.setHeader("WWW-Authenticate", "NTLM");
> try {
> response.getHttpServletResponse().sendError(
> HttpServletResponse.SC_UNAUTHORIZED);
> } catch (Exception e) {
> System.out.println(e.getMessage());
> e.printStackTrace();
> }
> } else if (auth.startsWith("NTLM ")) {
> byte[] msg = null;
> try {
> msg = new sun.misc.BASE64Decoder().decodeBuffer(auth
> .substring(5));
> } catch (Exception e) {
> System.out.println(e.getMessage());
> e.printStackTrace();
> }
> int off = 0, length, offset;
> if (msg[8] == 1) {
> byte z = 0;
> byte[] msg1 = { (byte) 'N', (byte) 'T', (byte) 'L',
> (byte) 'M', (byte) 'S', (byte) 'S', (byte)
> 'P', z,
> (byte) 2, z, z, z, z, z, z, z, (byte) 40, z,
> z, z,
> (byte) 2, (byte) 130, z, z, z, (byte) 2,
> (byte) 2,
> (byte) 2, z, z, z, z, z, z, z, z, z, z, z, z
> };
> response.setHeader("WWW-Authenticate", "NTLM "
> + new
> sun.misc.BASE64Encoder().encodeBuffer(msg1)
> .trim());
> try {
> response.getHttpServletResponse().sendError(
> HttpServletResponse.SC_UNAUTHORIZED);
> } catch (Exception e) {
> System.out.println(e.getMessage());
> e.printStackTrace();
> }
> } else if (msg[8] == 3) {
> off = 30;
>
> length = msg[off + 17] * 256 + msg[off + 16];
> offset = msg[off + 19] * 256 + msg[off + 18];
> remoteHost = new String(msg, offset, length);
>
> length = msg[off + 1] * 256 + msg[off];
> offset = msg[off + 3] * 256 + msg[off + 2];
> domain = new String(msg, offset, length);
>
> length = msg[off + 9] * 256 + msg[off + 8];
> offset = msg[off + 11] * 256 + msg[off + 10];
> username = new String(msg, offset, length);
>
> System.out.println("Username:" + username);
> System.out.println("RemoteHost:" + re
Re: [Wicket-user] NTLM Authentication
Hi,
What I have found out until now is that somehow some request parameters
disappear when I use NTLM authentication procedure. I have changed my app to
use a servlet filter to do the NTLM conversation only once upon first app
access by a user, and even managed to not create a session in the filter
code, but I keep getting this problem. The request parameters are the
following when I click on a image button, for example, when no NTLM is used
and app works ok:
userRow:0:edit.x=5
deleteForm:hf:0=
userRow:0:edit.y=3
wicket:interface=:1:deleteForm::IFormSubmitListener
But when I change app to use NTLM, I ger these request parameters in the
exact same situation:
wicket:interface=:3:deleteForm::IFormSubmitListener
So I off now to investigate wicket's response generation code. If anyone has
any tip regarding why parameters could disappear like this, I'd be grateful.
Regards,
ptrthomas wrote:
>
> Hi,
>
> Maybe it is a better idea to do this only once as part of an
> AuthorizationStrategy set up in your Application class? Then after
> creating
> a session everything works like normal until logout.
>
> Example of a real life AuthorizationStrategy can be found here, in this
> particular example there is some code that deals with the request
> directly,
> e.g. checks for cookies.
>
> http://fisheye3.cenqua.com/browse/j-trac/trunk/jtrac/src/main/java/info/jtrac/wicket/JtracApplication.java?r=956
>
> I am really interested in NTLM authentication in Wicket, do let me know if
> you make any progress with this!
>
> Thanks,
>
> Peter.
>
> On 4/19/07, Zenrique Steckelberg <[EMAIL PROTECTED]> wrote:
>>
>>
>> Hi all,
>>
>> I work in a windows mostly environment, thus decided to use NTLM
>> authentication so I wouldn't need to store and check users passwords. On
>> each WebRequest and WebResponse I check if the user is identified or not,
>> and if not I go through NTLM's request/response procedure in order to get
>> user's login from ie browser (and thus windows). What happens is that
>> after
>> changing newWebRequest and newWebResponse methods to get the
>> authentication,
>> my application stops working, and no image or submit button works
>> anymore.
>> If I comment out both newWeb Request/Response methods, everything works
>> fine. I am using Databinder for some of the authorization features and
>> other
>> db stuff, but I think this relates particularly to wicket.
>>
>> Here's the code:
>>
>> public class ConfServApp extends AuthDataApplication {
>> private String auth;
>>
>> private String remoteHost;
>>
>> private String domain;
>>
>> private String username;
>>
>> @Override
>> protected WebRequest newWebRequest(HttpServletRequest servletRequest)
>> {
>> WebRequest request = (WebRequest)
>> super.newWebRequest(servletRequest);
>>
>>
>> auth = (String) request.getHttpServletRequest().getHeader(
>> "Authorization");
>>
>> return request;
>> }
>>
>> @Override
>> protected WebResponse newWebResponse(HttpServletResponse
>> servletResponse) {
>> WebResponse response = (WebResponse) super
>> .newWebResponse(servletResponse);
>> if (username == null) {
>> if (auth == null) {
>> response.setHeader("WWW-Authenticate", "NTLM");
>> try {
>> response.getHttpServletResponse().sendError(
>> HttpServletResponse.SC_UNAUTHORIZED);
>> } catch (Exception e) {
>> System.out.println(e.getMessage());
>> e.printStackTrace();
>> }
>> } else if (auth.startsWith("NTLM ")) {
>> byte[] msg = null;
>> try {
>> msg = new sun.misc.BASE64Decoder().decodeBuffer(auth
>> .substring(5));
>> } catch (Exception e) {
>> System.out.println(e.getMessage());
>> e.printStackTrace();
>> }
>> int off = 0, length, offset;
>> if (msg[8] == 1) {
>> byte z = 0;
>> byte[] msg1 = { (byte) 'N', (byte) 'T', (byte) 'L',
>> (byte) 'M', (byte) 'S', (byte) 'S', (byte)
>> 'P',
>> z,
>> (byte) 2, z, z, z, z, z, z, z, (byte) 40, z,
>> z,
>> z,
>> (byte) 2, (byte) 130, z, z, z, (byte) 2,
>> (byte)
>> 2,
>> (byte) 2, z, z, z, z, z, z, z, z, z, z, z, z
>> };
>> response.setHeader("WWW-Authenticate", "NTLM "
>> + new
>> sun.misc.BASE64Encoder().encodeBuffer(msg1)
>> .trim());
>> try {
>> response.getHttpServletResponse().sendError(
>> HttpServletResponse.SC_UNAUTHORIZED);
>> } catch
Re: [Wicket-user] NTLM Authentication
Hi,
Maybe it is a better idea to do this only once as part of an
AuthorizationStrategy set up in your Application class? Then after creating
a session everything works like normal until logout.
Example of a real life AuthorizationStrategy can be found here, in this
particular example there is some code that deals with the request directly,
e.g. checks for cookies.
http://fisheye3.cenqua.com/browse/j-trac/trunk/jtrac/src/main/java/info/jtrac/wicket/JtracApplication.java?r=956
I am really interested in NTLM authentication in Wicket, do let me know if
you make any progress with this!
Thanks,
Peter.
On 4/19/07, Zenrique Steckelberg <[EMAIL PROTECTED]> wrote:
Hi all,
I work in a windows mostly environment, thus decided to use NTLM
authentication so I wouldn't need to store and check users passwords. On
each WebRequest and WebResponse I check if the user is identified or not,
and if not I go through NTLM's request/response procedure in order to get
user's login from ie browser (and thus windows). What happens is that
after
changing newWebRequest and newWebResponse methods to get the
authentication,
my application stops working, and no image or submit button works anymore.
If I comment out both newWeb Request/Response methods, everything works
fine. I am using Databinder for some of the authorization features and
other
db stuff, but I think this relates particularly to wicket.
Here's the code:
public class ConfServApp extends AuthDataApplication {
private String auth;
private String remoteHost;
private String domain;
private String username;
@Override
protected WebRequest newWebRequest(HttpServletRequest servletRequest)
{
WebRequest request = (WebRequest)
super.newWebRequest(servletRequest);
auth = (String) request.getHttpServletRequest().getHeader(
"Authorization");
return request;
}
@Override
protected WebResponse newWebResponse(HttpServletResponse
servletResponse) {
WebResponse response = (WebResponse) super
.newWebResponse(servletResponse);
if (username == null) {
if (auth == null) {
response.setHeader("WWW-Authenticate", "NTLM");
try {
response.getHttpServletResponse().sendError(
HttpServletResponse.SC_UNAUTHORIZED);
} catch (Exception e) {
System.out.println(e.getMessage());
e.printStackTrace();
}
} else if (auth.startsWith("NTLM ")) {
byte[] msg = null;
try {
msg = new sun.misc.BASE64Decoder().decodeBuffer(auth
.substring(5));
} catch (Exception e) {
System.out.println(e.getMessage());
e.printStackTrace();
}
int off = 0, length, offset;
if (msg[8] == 1) {
byte z = 0;
byte[] msg1 = { (byte) 'N', (byte) 'T', (byte) 'L',
(byte) 'M', (byte) 'S', (byte) 'S', (byte)
'P',
z,
(byte) 2, z, z, z, z, z, z, z, (byte) 40, z,
z,
z,
(byte) 2, (byte) 130, z, z, z, (byte) 2,
(byte)
2,
(byte) 2, z, z, z, z, z, z, z, z, z, z, z, z
};
response.setHeader("WWW-Authenticate", "NTLM "
+ new
sun.misc.BASE64Encoder().encodeBuffer(msg1)
.trim());
try {
response.getHttpServletResponse().sendError(
HttpServletResponse.SC_UNAUTHORIZED);
} catch (Exception e) {
System.out.println(e.getMessage());
e.printStackTrace();
}
} else if (msg[8] == 3) {
off = 30;
length = msg[off + 17] * 256 + msg[off + 16];
offset = msg[off + 19] * 256 + msg[off + 18];
remoteHost = new String(msg, offset, length);
length = msg[off + 1] * 256 + msg[off];
offset = msg[off + 3] * 256 + msg[off + 2];
domain = new String(msg, offset, length);
length = msg[off + 9] * 256 + msg[off + 8];
offset = msg[off + 11] * 256 + msg[off + 10];
username = new String(msg, offset, length);
System.out.println("Username:" + username);
System.out.println("RemoteHost:" + remoteHost);
System.out.println("Domain:" + domain);
}
}
}
return response;
}
/**
* @return Page to display when no specific page is requested
*/
@Override
public Class getHomePage() {
return
[Wicket-user] NTLM Authentication
Hi all,
I work in a windows mostly environment, thus decided to use NTLM
authentication so I wouldn't need to store and check users passwords. On
each WebRequest and WebResponse I check if the user is identified or not,
and if not I go through NTLM's request/response procedure in order to get
user's login from ie browser (and thus windows). What happens is that after
changing newWebRequest and newWebResponse methods to get the authentication,
my application stops working, and no image or submit button works anymore.
If I comment out both newWeb Request/Response methods, everything works
fine. I am using Databinder for some of the authorization features and other
db stuff, but I think this relates particularly to wicket.
Here's the code:
public class ConfServApp extends AuthDataApplication {
private String auth;
private String remoteHost;
private String domain;
private String username;
@Override
protected WebRequest newWebRequest(HttpServletRequest servletRequest) {
WebRequest request = (WebRequest)
super.newWebRequest(servletRequest);
auth = (String) request.getHttpServletRequest().getHeader(
"Authorization");
return request;
}
@Override
protected WebResponse newWebResponse(HttpServletResponse
servletResponse) {
WebResponse response = (WebResponse) super
.newWebResponse(servletResponse);
if (username == null) {
if (auth == null) {
response.setHeader("WWW-Authenticate", "NTLM");
try {
response.getHttpServletResponse().sendError(
HttpServletResponse.SC_UNAUTHORIZED);
} catch (Exception e) {
System.out.println(e.getMessage());
e.printStackTrace();
}
} else if (auth.startsWith("NTLM ")) {
byte[] msg = null;
try {
msg = new sun.misc.BASE64Decoder().decodeBuffer(auth
.substring(5));
} catch (Exception e) {
System.out.println(e.getMessage());
e.printStackTrace();
}
int off = 0, length, offset;
if (msg[8] == 1) {
byte z = 0;
byte[] msg1 = { (byte) 'N', (byte) 'T', (byte) 'L',
(byte) 'M', (byte) 'S', (byte) 'S', (byte) 'P',
z,
(byte) 2, z, z, z, z, z, z, z, (byte) 40, z, z,
z,
(byte) 2, (byte) 130, z, z, z, (byte) 2, (byte)
2,
(byte) 2, z, z, z, z, z, z, z, z, z, z, z, z };
response.setHeader("WWW-Authenticate", "NTLM "
+ new
sun.misc.BASE64Encoder().encodeBuffer(msg1)
.trim());
try {
response.getHttpServletResponse().sendError(
HttpServletResponse.SC_UNAUTHORIZED);
} catch (Exception e) {
System.out.println(e.getMessage());
e.printStackTrace();
}
} else if (msg[8] == 3) {
off = 30;
length = msg[off + 17] * 256 + msg[off + 16];
offset = msg[off + 19] * 256 + msg[off + 18];
remoteHost = new String(msg, offset, length);
length = msg[off + 1] * 256 + msg[off];
offset = msg[off + 3] * 256 + msg[off + 2];
domain = new String(msg, offset, length);
length = msg[off + 9] * 256 + msg[off + 8];
offset = msg[off + 11] * 256 + msg[off + 10];
username = new String(msg, offset, length);
System.out.println("Username:" + username);
System.out.println("RemoteHost:" + remoteHost);
System.out.println("Domain:" + domain);
}
}
}
return response;
}
/**
* @return Page to display when no specific page is requested
*/
@Override
public Class getHomePage() {
return EditMobilityExceptionPage.class;
}
/**
* Add annotated classes to config, leaving the call to
super-implementation
* in most cases.
*
* @param config
*Hibernate configuration
*/
@Override
protected void configureHibernate(AnnotationConfiguration config) {
super.configureHibernate(config);
config.addAnnotatedClass(MobilityException.class);
}
@Override
public byte[] getSalt() {
return "xx".getBytes();
}
@Override
public Class getUserClass() {
return ConfServUser.class;
}
@Override
public Class getSignInPageClass() {
ret
