Re: [Wicket-user] NTLM Authentication
Ok, found out that this problem actually relates to Internet Explorer... one more grief to my MS black list of sorrows! ;) Fixed it by using JCIFS library, which implements a servlet filter in the same way mine was doing, with just a little difference: their works! (Got to remember to never reinvent the wheel too). Now I am able to get current user this way inside my code: HttpServletRequest request = ((WebRequest) RequestCycle.get() .getRequest()).getHttpServletRequest(); username = request.getRemoteUser(); And everything is working nicely again. Now finally off to implement my apps authentication and authorization, by adapting databinder library's functionalities. Regards, Zenrique Steckelberg wrote: > > Hi all, > > I work in a windows mostly environment, thus decided to use NTLM > authentication so I wouldn't need to store and check users passwords. On > each WebRequest and WebResponse I check if the user is identified or not, > and if not I go through NTLM's request/response procedure in order to get > user's login from ie browser (and thus windows). What happens is that > after changing newWebRequest and newWebResponse methods to get the > authentication, my application stops working, and no image or submit > button works anymore. If I comment out both newWeb Request/Response > methods, everything works fine. I am using Databinder for some of the > authorization features and other db stuff, but I think this relates > particularly to wicket. > > Here's the code: > > public class ConfServApp extends AuthDataApplication { > private String auth; > > private String remoteHost; > > private String domain; > > private String username; > > @Override > protected WebRequest newWebRequest(HttpServletRequest servletRequest) > { > WebRequest request = (WebRequest) > super.newWebRequest(servletRequest); > > > auth = (String) request.getHttpServletRequest().getHeader( > "Authorization"); > > return request; > } > > @Override > protected WebResponse newWebResponse(HttpServletResponse > servletResponse) { > WebResponse response = (WebResponse) super > .newWebResponse(servletResponse); > if (username == null) { > if (auth == null) { > response.setHeader("WWW-Authenticate", "NTLM"); > try { > response.getHttpServletResponse().sendError( > HttpServletResponse.SC_UNAUTHORIZED); > } catch (Exception e) { > System.out.println(e.getMessage()); > e.printStackTrace(); > } > } else if (auth.startsWith("NTLM ")) { > byte[] msg = null; > try { > msg = new sun.misc.BASE64Decoder().decodeBuffer(auth > .substring(5)); > } catch (Exception e) { > System.out.println(e.getMessage()); > e.printStackTrace(); > } > int off = 0, length, offset; > if (msg[8] == 1) { > byte z = 0; > byte[] msg1 = { (byte) 'N', (byte) 'T', (byte) 'L', > (byte) 'M', (byte) 'S', (byte) 'S', (byte) > 'P', z, > (byte) 2, z, z, z, z, z, z, z, (byte) 40, z, > z, z, > (byte) 2, (byte) 130, z, z, z, (byte) 2, > (byte) 2, > (byte) 2, z, z, z, z, z, z, z, z, z, z, z, z > }; > response.setHeader("WWW-Authenticate", "NTLM " > + new > sun.misc.BASE64Encoder().encodeBuffer(msg1) > .trim()); > try { > response.getHttpServletResponse().sendError( > HttpServletResponse.SC_UNAUTHORIZED); > } catch (Exception e) { > System.out.println(e.getMessage()); > e.printStackTrace(); > } > } else if (msg[8] == 3) { > off = 30; > > length = msg[off + 17] * 256 + msg[off + 16]; > offset = msg[off + 19] * 256 + msg[off + 18]; > remoteHost = new String(msg, offset, length); > > length = msg[off + 1] * 256 + msg[off]; > offset = msg[off + 3] * 256 + msg[off + 2]; > domain = new String(msg, offset, length); > > length = msg[off + 9] * 256 + msg[off + 8]; > offset = msg[off + 11] * 256 + msg[off + 10]; > username = new String(msg, offset, length); > > System.out.println("Username:" + username); > System.out.println("RemoteHost:" + re
Re: [Wicket-user] NTLM Authentication
Hi, What I have found out until now is that somehow some request parameters disappear when I use NTLM authentication procedure. I have changed my app to use a servlet filter to do the NTLM conversation only once upon first app access by a user, and even managed to not create a session in the filter code, but I keep getting this problem. The request parameters are the following when I click on a image button, for example, when no NTLM is used and app works ok: userRow:0:edit.x=5 deleteForm:hf:0= userRow:0:edit.y=3 wicket:interface=:1:deleteForm::IFormSubmitListener But when I change app to use NTLM, I ger these request parameters in the exact same situation: wicket:interface=:3:deleteForm::IFormSubmitListener So I off now to investigate wicket's response generation code. If anyone has any tip regarding why parameters could disappear like this, I'd be grateful. Regards, ptrthomas wrote: > > Hi, > > Maybe it is a better idea to do this only once as part of an > AuthorizationStrategy set up in your Application class? Then after > creating > a session everything works like normal until logout. > > Example of a real life AuthorizationStrategy can be found here, in this > particular example there is some code that deals with the request > directly, > e.g. checks for cookies. > > http://fisheye3.cenqua.com/browse/j-trac/trunk/jtrac/src/main/java/info/jtrac/wicket/JtracApplication.java?r=956 > > I am really interested in NTLM authentication in Wicket, do let me know if > you make any progress with this! > > Thanks, > > Peter. > > On 4/19/07, Zenrique Steckelberg <[EMAIL PROTECTED]> wrote: >> >> >> Hi all, >> >> I work in a windows mostly environment, thus decided to use NTLM >> authentication so I wouldn't need to store and check users passwords. On >> each WebRequest and WebResponse I check if the user is identified or not, >> and if not I go through NTLM's request/response procedure in order to get >> user's login from ie browser (and thus windows). What happens is that >> after >> changing newWebRequest and newWebResponse methods to get the >> authentication, >> my application stops working, and no image or submit button works >> anymore. >> If I comment out both newWeb Request/Response methods, everything works >> fine. I am using Databinder for some of the authorization features and >> other >> db stuff, but I think this relates particularly to wicket. >> >> Here's the code: >> >> public class ConfServApp extends AuthDataApplication { >> private String auth; >> >> private String remoteHost; >> >> private String domain; >> >> private String username; >> >> @Override >> protected WebRequest newWebRequest(HttpServletRequest servletRequest) >> { >> WebRequest request = (WebRequest) >> super.newWebRequest(servletRequest); >> >> >> auth = (String) request.getHttpServletRequest().getHeader( >> "Authorization"); >> >> return request; >> } >> >> @Override >> protected WebResponse newWebResponse(HttpServletResponse >> servletResponse) { >> WebResponse response = (WebResponse) super >> .newWebResponse(servletResponse); >> if (username == null) { >> if (auth == null) { >> response.setHeader("WWW-Authenticate", "NTLM"); >> try { >> response.getHttpServletResponse().sendError( >> HttpServletResponse.SC_UNAUTHORIZED); >> } catch (Exception e) { >> System.out.println(e.getMessage()); >> e.printStackTrace(); >> } >> } else if (auth.startsWith("NTLM ")) { >> byte[] msg = null; >> try { >> msg = new sun.misc.BASE64Decoder().decodeBuffer(auth >> .substring(5)); >> } catch (Exception e) { >> System.out.println(e.getMessage()); >> e.printStackTrace(); >> } >> int off = 0, length, offset; >> if (msg[8] == 1) { >> byte z = 0; >> byte[] msg1 = { (byte) 'N', (byte) 'T', (byte) 'L', >> (byte) 'M', (byte) 'S', (byte) 'S', (byte) >> 'P', >> z, >> (byte) 2, z, z, z, z, z, z, z, (byte) 40, z, >> z, >> z, >> (byte) 2, (byte) 130, z, z, z, (byte) 2, >> (byte) >> 2, >> (byte) 2, z, z, z, z, z, z, z, z, z, z, z, z >> }; >> response.setHeader("WWW-Authenticate", "NTLM " >> + new >> sun.misc.BASE64Encoder().encodeBuffer(msg1) >> .trim()); >> try { >> response.getHttpServletResponse().sendError( >> HttpServletResponse.SC_UNAUTHORIZED); >> } catch
Re: [Wicket-user] NTLM Authentication
Hi, Maybe it is a better idea to do this only once as part of an AuthorizationStrategy set up in your Application class? Then after creating a session everything works like normal until logout. Example of a real life AuthorizationStrategy can be found here, in this particular example there is some code that deals with the request directly, e.g. checks for cookies. http://fisheye3.cenqua.com/browse/j-trac/trunk/jtrac/src/main/java/info/jtrac/wicket/JtracApplication.java?r=956 I am really interested in NTLM authentication in Wicket, do let me know if you make any progress with this! Thanks, Peter. On 4/19/07, Zenrique Steckelberg <[EMAIL PROTECTED]> wrote: Hi all, I work in a windows mostly environment, thus decided to use NTLM authentication so I wouldn't need to store and check users passwords. On each WebRequest and WebResponse I check if the user is identified or not, and if not I go through NTLM's request/response procedure in order to get user's login from ie browser (and thus windows). What happens is that after changing newWebRequest and newWebResponse methods to get the authentication, my application stops working, and no image or submit button works anymore. If I comment out both newWeb Request/Response methods, everything works fine. I am using Databinder for some of the authorization features and other db stuff, but I think this relates particularly to wicket. Here's the code: public class ConfServApp extends AuthDataApplication { private String auth; private String remoteHost; private String domain; private String username; @Override protected WebRequest newWebRequest(HttpServletRequest servletRequest) { WebRequest request = (WebRequest) super.newWebRequest(servletRequest); auth = (String) request.getHttpServletRequest().getHeader( "Authorization"); return request; } @Override protected WebResponse newWebResponse(HttpServletResponse servletResponse) { WebResponse response = (WebResponse) super .newWebResponse(servletResponse); if (username == null) { if (auth == null) { response.setHeader("WWW-Authenticate", "NTLM"); try { response.getHttpServletResponse().sendError( HttpServletResponse.SC_UNAUTHORIZED); } catch (Exception e) { System.out.println(e.getMessage()); e.printStackTrace(); } } else if (auth.startsWith("NTLM ")) { byte[] msg = null; try { msg = new sun.misc.BASE64Decoder().decodeBuffer(auth .substring(5)); } catch (Exception e) { System.out.println(e.getMessage()); e.printStackTrace(); } int off = 0, length, offset; if (msg[8] == 1) { byte z = 0; byte[] msg1 = { (byte) 'N', (byte) 'T', (byte) 'L', (byte) 'M', (byte) 'S', (byte) 'S', (byte) 'P', z, (byte) 2, z, z, z, z, z, z, z, (byte) 40, z, z, z, (byte) 2, (byte) 130, z, z, z, (byte) 2, (byte) 2, (byte) 2, z, z, z, z, z, z, z, z, z, z, z, z }; response.setHeader("WWW-Authenticate", "NTLM " + new sun.misc.BASE64Encoder().encodeBuffer(msg1) .trim()); try { response.getHttpServletResponse().sendError( HttpServletResponse.SC_UNAUTHORIZED); } catch (Exception e) { System.out.println(e.getMessage()); e.printStackTrace(); } } else if (msg[8] == 3) { off = 30; length = msg[off + 17] * 256 + msg[off + 16]; offset = msg[off + 19] * 256 + msg[off + 18]; remoteHost = new String(msg, offset, length); length = msg[off + 1] * 256 + msg[off]; offset = msg[off + 3] * 256 + msg[off + 2]; domain = new String(msg, offset, length); length = msg[off + 9] * 256 + msg[off + 8]; offset = msg[off + 11] * 256 + msg[off + 10]; username = new String(msg, offset, length); System.out.println("Username:" + username); System.out.println("RemoteHost:" + remoteHost); System.out.println("Domain:" + domain); } } } return response; } /** * @return Page to display when no specific page is requested */ @Override public Class getHomePage() { return
[Wicket-user] NTLM Authentication
Hi all, I work in a windows mostly environment, thus decided to use NTLM authentication so I wouldn't need to store and check users passwords. On each WebRequest and WebResponse I check if the user is identified or not, and if not I go through NTLM's request/response procedure in order to get user's login from ie browser (and thus windows). What happens is that after changing newWebRequest and newWebResponse methods to get the authentication, my application stops working, and no image or submit button works anymore. If I comment out both newWeb Request/Response methods, everything works fine. I am using Databinder for some of the authorization features and other db stuff, but I think this relates particularly to wicket. Here's the code: public class ConfServApp extends AuthDataApplication { private String auth; private String remoteHost; private String domain; private String username; @Override protected WebRequest newWebRequest(HttpServletRequest servletRequest) { WebRequest request = (WebRequest) super.newWebRequest(servletRequest); auth = (String) request.getHttpServletRequest().getHeader( "Authorization"); return request; } @Override protected WebResponse newWebResponse(HttpServletResponse servletResponse) { WebResponse response = (WebResponse) super .newWebResponse(servletResponse); if (username == null) { if (auth == null) { response.setHeader("WWW-Authenticate", "NTLM"); try { response.getHttpServletResponse().sendError( HttpServletResponse.SC_UNAUTHORIZED); } catch (Exception e) { System.out.println(e.getMessage()); e.printStackTrace(); } } else if (auth.startsWith("NTLM ")) { byte[] msg = null; try { msg = new sun.misc.BASE64Decoder().decodeBuffer(auth .substring(5)); } catch (Exception e) { System.out.println(e.getMessage()); e.printStackTrace(); } int off = 0, length, offset; if (msg[8] == 1) { byte z = 0; byte[] msg1 = { (byte) 'N', (byte) 'T', (byte) 'L', (byte) 'M', (byte) 'S', (byte) 'S', (byte) 'P', z, (byte) 2, z, z, z, z, z, z, z, (byte) 40, z, z, z, (byte) 2, (byte) 130, z, z, z, (byte) 2, (byte) 2, (byte) 2, z, z, z, z, z, z, z, z, z, z, z, z }; response.setHeader("WWW-Authenticate", "NTLM " + new sun.misc.BASE64Encoder().encodeBuffer(msg1) .trim()); try { response.getHttpServletResponse().sendError( HttpServletResponse.SC_UNAUTHORIZED); } catch (Exception e) { System.out.println(e.getMessage()); e.printStackTrace(); } } else if (msg[8] == 3) { off = 30; length = msg[off + 17] * 256 + msg[off + 16]; offset = msg[off + 19] * 256 + msg[off + 18]; remoteHost = new String(msg, offset, length); length = msg[off + 1] * 256 + msg[off]; offset = msg[off + 3] * 256 + msg[off + 2]; domain = new String(msg, offset, length); length = msg[off + 9] * 256 + msg[off + 8]; offset = msg[off + 11] * 256 + msg[off + 10]; username = new String(msg, offset, length); System.out.println("Username:" + username); System.out.println("RemoteHost:" + remoteHost); System.out.println("Domain:" + domain); } } } return response; } /** * @return Page to display when no specific page is requested */ @Override public Class getHomePage() { return EditMobilityExceptionPage.class; } /** * Add annotated classes to config, leaving the call to super-implementation * in most cases. * * @param config *Hibernate configuration */ @Override protected void configureHibernate(AnnotationConfiguration config) { super.configureHibernate(config); config.addAnnotatedClass(MobilityException.class); } @Override public byte[] getSalt() { return "xx".getBytes(); } @Override public Class getUserClass() { return ConfServUser.class; } @Override public Class getSignInPageClass() { ret