Hi all, I work in a windows mostly environment, thus decided to use NTLM authentication so I wouldn't need to store and check users passwords. On each WebRequest and WebResponse I check if the user is identified or not, and if not I go through NTLM's request/response procedure in order to get user's login from ie browser (and thus windows). What happens is that after changing newWebRequest and newWebResponse methods to get the authentication, my application stops working, and no image or submit button works anymore. If I comment out both newWeb Request/Response methods, everything works fine. I am using Databinder for some of the authorization features and other db stuff, but I think this relates particularly to wicket.
Here's the code: public class ConfServApp extends AuthDataApplication { private String auth; private String remoteHost; private String domain; private String username; @Override protected WebRequest newWebRequest(HttpServletRequest servletRequest) { WebRequest request = (WebRequest) super.newWebRequest(servletRequest); auth = (String) request.getHttpServletRequest().getHeader( "Authorization"); return request; } @Override protected WebResponse newWebResponse(HttpServletResponse servletResponse) { WebResponse response = (WebResponse) super .newWebResponse(servletResponse); if (username == null) { if (auth == null) { response.setHeader("WWW-Authenticate", "NTLM"); try { response.getHttpServletResponse().sendError( HttpServletResponse.SC_UNAUTHORIZED); } catch (Exception e) { System.out.println(e.getMessage()); e.printStackTrace(); } } else if (auth.startsWith("NTLM ")) { byte[] msg = null; try { msg = new sun.misc.BASE64Decoder().decodeBuffer(auth .substring(5)); } catch (Exception e) { System.out.println(e.getMessage()); e.printStackTrace(); } int off = 0, length, offset; if (msg[8] == 1) { byte z = 0; byte[] msg1 = { (byte) 'N', (byte) 'T', (byte) 'L', (byte) 'M', (byte) 'S', (byte) 'S', (byte) 'P', z, (byte) 2, z, z, z, z, z, z, z, (byte) 40, z, z, z, (byte) 2, (byte) 130, z, z, z, (byte) 2, (byte) 2, (byte) 2, z, z, z, z, z, z, z, z, z, z, z, z }; response.setHeader("WWW-Authenticate", "NTLM " + new sun.misc.BASE64Encoder().encodeBuffer(msg1) .trim()); try { response.getHttpServletResponse().sendError( HttpServletResponse.SC_UNAUTHORIZED); } catch (Exception e) { System.out.println(e.getMessage()); e.printStackTrace(); } } else if (msg[8] == 3) { off = 30; length = msg[off + 17] * 256 + msg[off + 16]; offset = msg[off + 19] * 256 + msg[off + 18]; remoteHost = new String(msg, offset, length); length = msg[off + 1] * 256 + msg[off]; offset = msg[off + 3] * 256 + msg[off + 2]; domain = new String(msg, offset, length); length = msg[off + 9] * 256 + msg[off + 8]; offset = msg[off + 11] * 256 + msg[off + 10]; username = new String(msg, offset, length); System.out.println("Username:" + username); System.out.println("RemoteHost:" + remoteHost); System.out.println("Domain:" + domain); } } } return response; } /** * @return Page to display when no specific page is requested */ @Override public Class getHomePage() { return EditMobilityExceptionPage.class; } /** * Add annotated classes to config, leaving the call to super-implementation * in most cases. * * @param config * Hibernate configuration */ @Override protected void configureHibernate(AnnotationConfiguration config) { super.configureHibernate(config); config.addAnnotatedClass(MobilityException.class); } @Override public byte[] getSalt() { return "xxxxxx".getBytes(); } @Override public Class<? extends IUser> getUserClass() { return ConfServUser.class; } @Override public Class<? extends WebPage> getSignInPageClass() { return ConfServSignInPage.class; } } -- View this message in context: http://www.nabble.com/NTLM-Authentication-tf3602872.html#a10065119 Sent from the Wicket - User mailing list archive at Nabble.com. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Wicket-user mailing list Wicket-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/wicket-user