Hi all,
I work in a windows mostly environment, thus decided to use NTLM
authentication so I wouldn't need to store and check users passwords. On
each WebRequest and WebResponse I check if the user is identified or not,
and if not I go through NTLM's request/response procedure in order to get
user's login from ie browser (and thus windows). What happens is that after
changing newWebRequest and newWebResponse methods to get the authentication,
my application stops working, and no image or submit button works anymore.
If I comment out both newWeb Request/Response methods, everything works
fine. I am using Databinder for some of the authorization features and other
db stuff, but I think this relates particularly to wicket.
Here's the code:
public class ConfServApp extends AuthDataApplication {
private String auth;
private String remoteHost;
private String domain;
private String username;
@Override
protected WebRequest newWebRequest(HttpServletRequest servletRequest) {
WebRequest request = (WebRequest)
super.newWebRequest(servletRequest);
auth = (String) request.getHttpServletRequest().getHeader(
"Authorization");
return request;
}
@Override
protected WebResponse newWebResponse(HttpServletResponse
servletResponse) {
WebResponse response = (WebResponse) super
.newWebResponse(servletResponse);
if (username == null) {
if (auth == null) {
response.setHeader("WWW-Authenticate", "NTLM");
try {
response.getHttpServletResponse().sendError(
HttpServletResponse.SC_UNAUTHORIZED);
} catch (Exception e) {
System.out.println(e.getMessage());
e.printStackTrace();
}
} else if (auth.startsWith("NTLM ")) {
byte[] msg = null;
try {
msg = new sun.misc.BASE64Decoder().decodeBuffer(auth
.substring(5));
} catch (Exception e) {
System.out.println(e.getMessage());
e.printStackTrace();
}
int off = 0, length, offset;
if (msg[8] == 1) {
byte z = 0;
byte[] msg1 = { (byte) 'N', (byte) 'T', (byte) 'L',
(byte) 'M', (byte) 'S', (byte) 'S', (byte) 'P',
z,
(byte) 2, z, z, z, z, z, z, z, (byte) 40, z, z,
z,
(byte) 2, (byte) 130, z, z, z, (byte) 2, (byte)
2,
(byte) 2, z, z, z, z, z, z, z, z, z, z, z, z };
response.setHeader("WWW-Authenticate", "NTLM "
+ new
sun.misc.BASE64Encoder().encodeBuffer(msg1)
.trim());
try {
response.getHttpServletResponse().sendError(
HttpServletResponse.SC_UNAUTHORIZED);
} catch (Exception e) {
System.out.println(e.getMessage());
e.printStackTrace();
}
} else if (msg[8] == 3) {
off = 30;
length = msg[off + 17] * 256 + msg[off + 16];
offset = msg[off + 19] * 256 + msg[off + 18];
remoteHost = new String(msg, offset, length);
length = msg[off + 1] * 256 + msg[off];
offset = msg[off + 3] * 256 + msg[off + 2];
domain = new String(msg, offset, length);
length = msg[off + 9] * 256 + msg[off + 8];
offset = msg[off + 11] * 256 + msg[off + 10];
username = new String(msg, offset, length);
System.out.println("Username:" + username);
System.out.println("RemoteHost:" + remoteHost);
System.out.println("Domain:" + domain);
}
}
}
return response;
}
/**
* @return Page to display when no specific page is requested
*/
@Override
public Class getHomePage() {
return EditMobilityExceptionPage.class;
}
/**
* Add annotated classes to config, leaving the call to
super-implementation
* in most cases.
*
* @param config
* Hibernate configuration
*/
@Override
protected void configureHibernate(AnnotationConfiguration config) {
super.configureHibernate(config);
config.addAnnotatedClass(MobilityException.class);
}
@Override
public byte[] getSalt() {
return "xxxxxx".getBytes();
}
@Override
public Class<? extends IUser> getUserClass() {
return ConfServUser.class;
}
@Override
public Class<? extends WebPage> getSignInPageClass() {
return ConfServSignInPage.class;
}
}
--
View this message in context:
http://www.nabble.com/NTLM-Authentication-tf3602872.html#a10065119
Sent from the Wicket - User mailing list archive at Nabble.com.
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user
