use of org.alfresco.jlan.server.auth.ntlm.Type3NTLMMessage in project alfresco-remote-api by Alfresco.
the class BaseNTLMAuthenticationFilter method authenticateRequest.
public boolean authenticateRequest(ServletContext context, HttpServletRequest sreq, HttpServletResponse sresp) throws IOException, ServletException {
// Check if there is an authorization header with an NTLM security blob
String authHdr = sreq.getHeader(AUTHORIZATION);
boolean reqAuth = false;
if (authHdr != null) {
if (authHdr.startsWith(AUTH_NTLM))
reqAuth = true;
else if (authHdr.startsWith("Negotiate")) {
if (getLogger().isDebugEnabled())
getLogger().debug("Received 'Negotiate' from client, may be SPNEGO/Kerberos logon");
// Restart the authentication
restartLoginChallenge(context, sreq, sresp);
return false;
} else if (isFallbackEnabled()) {
return performFallbackAuthentication(context, sreq, sresp);
}
}
// Check if the user is already authenticated
SessionUser user = getSessionUser(context, sreq, sresp, true);
// the next filter
if (user != null && reqAuth == false) {
// Filter validate hook
onValidate(context, sreq, sresp, new TicketCredentials(user.getTicket()));
if (getLogger().isDebugEnabled())
getLogger().debug("Authentication not required (user), chaining ...");
// Chain to the next filter
return true;
}
// Check if the login page is being accessed, do not intercept the login page
if (hasLoginPage() && sreq.getRequestURI().endsWith(getLoginPage()) == true) {
if (getLogger().isDebugEnabled())
getLogger().debug("Login page requested, chaining ...");
// Chain to the next filter
return true;
}
// Check if the browser is Opera, if so then display the login page as Opera does not
// support NTLM and displays an error page if a request to use NTLM is sent to it
String userAgent = sreq.getHeader("user-agent");
if (userAgent != null && userAgent.indexOf("Opera ") != -1) {
if (getLogger().isDebugEnabled())
getLogger().debug("Opera detected, redirecting to login page");
if (hasLoginPage())
redirectToLoginPage(sreq, sresp);
else
restartLoginChallenge(context, sreq, sresp);
return false;
}
// Check the authorization header
if (authHdr == null) {
if (allowsTicketLogons()) {
if (checkForTicketParameter(context, sreq, sresp)) {
// Authentication was bypassed using a ticket parameter
return true;
}
}
if (getLogger().isDebugEnabled())
getLogger().debug("New NTLM auth request from " + sreq.getRemoteHost() + " (" + sreq.getRemoteAddr() + ":" + sreq.getRemotePort() + ") SID:" + sreq.getSession().getId());
// Send back a request for NTLM authentication
restartLoginChallenge(context, sreq, sresp);
return false;
} else {
HttpSession session = sreq.getSession();
Object sessionMutex = WebUtils.getSessionMutex(session);
// Decode the received NTLM blob and validate
final byte[] ntlmByts = Base64.decodeBase64(authHdr.substring(5).getBytes());
int ntlmTyp = NTLMMessage.isNTLMType(ntlmByts);
if (ntlmTyp == NTLM.Type1) {
// Process the type 1 NTLM message
Type1NTLMMessage type1Msg = new Type1NTLMMessage(ntlmByts);
synchronized (sessionMutex) {
processType1(type1Msg, sreq, sresp);
}
return false;
} else if (ntlmTyp == NTLM.Type3) {
// Process the type 3 NTLM message
Type3NTLMMessage type3Msg = new Type3NTLMMessage(ntlmByts);
synchronized (sessionMutex) {
return processType3(type3Msg, context, sreq, sresp);
}
} else {
if (getLogger().isDebugEnabled())
getLogger().debug("NTLM blob not handled, redirecting to login page.");
if (hasLoginPage())
redirectToLoginPage(sreq, sresp);
else
restartLoginChallenge(context, sreq, sresp);
return false;
}
}
}
Aggregations