Search in sources :

Example 1 with Type2NTLMMessage

use of org.alfresco.jlan.server.auth.ntlm.Type2NTLMMessage in project alfresco-remote-api by Alfresco.

the class BaseNTLMAuthenticationFilter method processType1.

/**
 * Process a type 1 NTLM message
 *
 * @param type1Msg Type1NTLMMessage
 * @param req HttpServletRequest
 * @param res HttpServletResponse
 * @exception IOException
 */
protected void processType1(Type1NTLMMessage type1Msg, HttpServletRequest req, HttpServletResponse res) throws IOException {
    if (getLogger().isDebugEnabled())
        getLogger().debug("Received type1 " + type1Msg);
    // Get the existing NTLM details
    NTLMLogonDetails ntlmDetails = null;
    HttpSession session = req.getSession();
    ntlmDetails = (NTLMLogonDetails) session.getAttribute(NTLM_AUTH_DETAILS);
    // Check if cached logon details are available
    if (ntlmDetails != null && ntlmDetails.hasType2Message() && ((nltmAuthenticator.getNTLMMode() == NTLMMode.PASS_THROUGH && ntlmDetails.hasAuthenticationToken()) || !ntlmDetails.hasAuthenticationToken())) {
        // Get the authentication server type2 response
        Type2NTLMMessage cachedType2 = ntlmDetails.getType2Message();
        byte[] type2Bytes = cachedType2.getBytes();
        String ntlmBlob = "NTLM " + new String(Base64.encodeBase64(type2Bytes));
        if (getLogger().isDebugEnabled())
            getLogger().debug("Sending cached NTLM type2 to client - " + cachedType2);
        // Send back a request for NTLM authentication
        res.setHeader(WWW_AUTHENTICATE, ntlmBlob);
        res.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
        res.flushBuffer();
    } else {
        // Clear any cached logon details
        session.removeAttribute(NTLM_AUTH_DETAILS);
        // Set the 8 byte challenge for the new logon request
        byte[] challenge = null;
        NTLMPassthruToken authToken = null;
        if (nltmAuthenticator.getNTLMMode() == NTLMMode.MD4_PROVIDER) {
            // Generate a random 8 byte challenge
            challenge = new byte[8];
            DataPacker.putIntelLong(m_random.nextLong(), challenge, 0);
        } else {
            // Get the client domain
            String domain = type1Msg.getDomain();
            if (domain == null || domain.length() == 0) {
                domain = mapClientAddressToDomain(req.getRemoteAddr());
            }
            if (getLogger().isDebugEnabled())
                getLogger().debug("Client domain " + domain);
            // Create an authentication token for the new logon
            authToken = new NTLMPassthruToken(domain);
            // Run the first stage of the passthru authentication to get the challenge
            nltmAuthenticator.authenticate(authToken);
            // Get the challenge from the token
            if (authToken.getChallenge() != null) {
                challenge = authToken.getChallenge().getBytes();
            }
        }
        // Get the flags from the client request and mask out unsupported features
        int ntlmFlags = type1Msg.getFlags() & m_ntlmFlags;
        // Build a type2 message to send back to the client, containing the challenge
        List<TargetInfo> tList = new ArrayList<TargetInfo>();
        String srvName = getServerName();
        tList.add(new TargetInfo(NTLM.TargetServer, srvName));
        Type2NTLMMessage type2Msg = new Type2NTLMMessage();
        type2Msg.buildType2(ntlmFlags, srvName, challenge, null, tList);
        // Store the NTLM logon details, cache the type2 message, and token if using passthru
        ntlmDetails = new NTLMLogonDetails();
        ntlmDetails.setType2Message(type2Msg);
        ntlmDetails.setAuthenticationToken(authToken);
        session.setAttribute(NTLM_AUTH_DETAILS, ntlmDetails);
        if (getLogger().isDebugEnabled())
            getLogger().debug("Sending NTLM type2 to client - " + type2Msg);
        // Send back a request for NTLM authentication
        byte[] type2Bytes = type2Msg.getBytes();
        String ntlmBlob = "NTLM " + new String(Base64.encodeBase64(type2Bytes));
        res.setHeader(WWW_AUTHENTICATE, ntlmBlob);
        res.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
        res.flushBuffer();
    }
}
Also used : TargetInfo(org.alfresco.jlan.server.auth.ntlm.TargetInfo) NTLMLogonDetails(org.alfresco.jlan.server.auth.ntlm.NTLMLogonDetails) HttpSession(javax.servlet.http.HttpSession) ArrayList(java.util.ArrayList) NTLMPassthruToken(org.alfresco.repo.security.authentication.ntlm.NTLMPassthruToken) Type2NTLMMessage(org.alfresco.jlan.server.auth.ntlm.Type2NTLMMessage)

Aggregations

ArrayList (java.util.ArrayList)1 HttpSession (javax.servlet.http.HttpSession)1 NTLMLogonDetails (org.alfresco.jlan.server.auth.ntlm.NTLMLogonDetails)1 TargetInfo (org.alfresco.jlan.server.auth.ntlm.TargetInfo)1 Type2NTLMMessage (org.alfresco.jlan.server.auth.ntlm.Type2NTLMMessage)1 NTLMPassthruToken (org.alfresco.repo.security.authentication.ntlm.NTLMPassthruToken)1