Ok, found out that this problem actually relates to Internet Explorer... one
more grief to my MS black list of sorrows! ;)
Fixed it by using JCIFS library, which implements a servlet filter in the
same way mine was doing, with just a little difference: their works! (Got to
remember to never reinvent the wheel too). Now I am able to get current user
this way inside my code:
HttpServletRequest request = ((WebRequest) RequestCycle.get()
.getRequest()).getHttpServletRequest();
username = request.getRemoteUser();
And everything is working nicely again. Now finally off to implement my apps
authentication and authorization, by adapting databinder library's
functionalities.
Regards,
Zenrique Steckelberg wrote:
>
> Hi all,
>
> I work in a windows mostly environment, thus decided to use NTLM
> authentication so I wouldn't need to store and check users passwords. On
> each WebRequest and WebResponse I check if the user is identified or not,
> and if not I go through NTLM's request/response procedure in order to get
> user's login from ie browser (and thus windows). What happens is that
> after changing newWebRequest and newWebResponse methods to get the
> authentication, my application stops working, and no image or submit
> button works anymore. If I comment out both newWeb Request/Response
> methods, everything works fine. I am using Databinder for some of the
> authorization features and other db stuff, but I think this relates
> particularly to wicket.
>
> Here's the code:
>
> public class ConfServApp extends AuthDataApplication {
> private String auth;
>
> private String remoteHost;
>
> private String domain;
>
> private String username;
>
> @Override
> protected WebRequest newWebRequest(HttpServletRequest servletRequest)
> {
> WebRequest request = (WebRequest)
> super.newWebRequest(servletRequest);
>
>
> auth = (String) request.getHttpServletRequest().getHeader(
> "Authorization");
>
> return request;
> }
>
> @Override
> protected WebResponse newWebResponse(HttpServletResponse
> servletResponse) {
> WebResponse response = (WebResponse) super
> .newWebResponse(servletResponse);
> if (username == null) {
> if (auth == null) {
> response.setHeader("WWW-Authenticate", "NTLM");
> try {
> response.getHttpServletResponse().sendError(
> HttpServletResponse.SC_UNAUTHORIZED);
> } catch (Exception e) {
> System.out.println(e.getMessage());
> e.printStackTrace();
> }
> } else if (auth.startsWith("NTLM ")) {
> byte[] msg = null;
> try {
> msg = new sun.misc.BASE64Decoder().decodeBuffer(auth
> .substring(5));
> } catch (Exception e) {
> System.out.println(e.getMessage());
> e.printStackTrace();
> }
> int off = 0, length, offset;
> if (msg[8] == 1) {
> byte z = 0;
> byte[] msg1 = { (byte) 'N', (byte) 'T', (byte) 'L',
> (byte) 'M', (byte) 'S', (byte) 'S', (byte)
> 'P', z,
> (byte) 2, z, z, z, z, z, z, z, (byte) 40, z,
> z, z,
> (byte) 2, (byte) 130, z, z, z, (byte) 2,
> (byte) 2,
> (byte) 2, z, z, z, z, z, z, z, z, z, z, z, z
> };
> response.setHeader("WWW-Authenticate", "NTLM "
> + new
> sun.misc.BASE64Encoder().encodeBuffer(msg1)
> .trim());
> try {
> response.getHttpServletResponse().sendError(
> HttpServletResponse.SC_UNAUTHORIZED);
> } catch (Exception e) {
> System.out.println(e.getMessage());
> e.printStackTrace();
> }
> } else if (msg[8] == 3) {
> off = 30;
>
> length = msg[off + 17] * 256 + msg[off + 16];
> offset = msg[off + 19] * 256 + msg[off + 18];
> remoteHost = new String(msg, offset, length);
>
> length = msg[off + 1] * 256 + msg[off];
> offset = msg[off + 3] * 256 + msg[off + 2];
> domain = new String(msg, offset, length);
>
> length = msg[off + 9] * 256 + msg[off + 8];
> offset = msg[off + 11] * 256 + msg[off + 10];
> username = new String(msg, offset, length);
>
> System.out.println("Username:" + username);
> System.out.println("RemoteHost:" + remoteHost);
> System.out.println("Domain:" + domain);
> }
> }
> }
> return response;
> }
>
> /**
> * @return Page to display when no specific page is requested
> */
> @Override
> public Class getHomePage() {
> return EditMobilityExceptionPage.class;
> }
>
> /**
> * Add annotated classes to config, leaving the call to
> super-implementation
> * in most cases.
> *
> * @param config
> * Hibernate configuration
> */
> @Override
> protected void configureHibernate(AnnotationConfiguration config) {
> super.configureHibernate(config);
> config.addAnnotatedClass(MobilityException.class);
> }
>
> @Override
> public byte[] getSalt() {
> return "xxxxxx".getBytes();
> }
>
> @Override
> public Class<? extends IUser> getUserClass() {
> return ConfServUser.class;
> }
>
> @Override
> public Class<? extends WebPage> getSignInPageClass() {
> return ConfServSignInPage.class;
> }
> }
>
>
--
View this message in context:
http://www.nabble.com/NTLM-Authentication-tf3602872.html#a10101964
Sent from the Wicket - User mailing list archive at Nabble.com.
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Wicket-user mailing list
Wicket-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/wicket-user
