shuber 2005/08/23 14:57:25 CEST
Modified files:
core jahia.iml
core/src/java/org/jahia/bin JahiaConfigurationWizard.java
core/src/webapp/WEB-INF web.xml
Added files:
core/src/java/org/jahia/bin/filters/ntlm NtlmHttpFilter.java
NtlmHttpServletRequest.java
Log:
- Fix bug in configuration wizard, because of rename of spring configuration
files
- Implemented our own versions of the NtlmHttpFilter, that has a configurable
strict NTLM authentification through the init parameter
jcifs.http.skipAuthentification
- Updated IDEA module to add jcifs dependency.
Revision Changes Path
1.10 +14 -0 jahia/core/jahia.iml
http://jahia.mine.nu:8080/cgi-bin/cvsweb.cgi/jahia/core/jahia.iml.diff?r1=1.9&r2=1.10&f=h
1.18 +2 -2
jahia/core/src/java/org/jahia/bin/JahiaConfigurationWizard.java
http://jahia.mine.nu:8080/cgi-bin/cvsweb.cgi/jahia/core/src/java/org/jahia/bin/JahiaConfigurationWizard.java.diff?r1=1.17&r2=1.18&f=h
1.1 +265 -0
jahia/core/src/java/org/jahia/bin/filters/ntlm/NtlmHttpFilter.java (new)
http://jahia.mine.nu:8080/cgi-bin/cvsweb.cgi/jahia/core/src/java/org/jahia/bin/filters/ntlm/NtlmHttpFilter.java?rev=1.1&content-type=text/plain
1.1 +43 -0
jahia/core/src/java/org/jahia/bin/filters/ntlm/NtlmHttpServletRequest.java (new)
http://jahia.mine.nu:8080/cgi-bin/cvsweb.cgi/jahia/core/src/java/org/jahia/bin/filters/ntlm/NtlmHttpServletRequest.java?rev=1.1&content-type=text/plain
1.22 +6 -2 jahia/core/src/webapp/WEB-INF/web.xml
http://jahia.mine.nu:8080/cgi-bin/cvsweb.cgi/jahia/core/src/webapp/WEB-INF/web.xml.diff?r1=1.21&r2=1.22&f=h
Index: jahia.iml
===================================================================
RCS file: /home/cvs/repository/jahia/core/jahia.iml,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- jahia.iml 21 Aug 2005 16:13:41 -0000 1.9
+++ jahia.iml 23 Aug 2005 12:57:24 -0000 1.10
@@ -1216,6 +1216,15 @@
<SOURCES />
</library>
</orderEntry>
+ <orderEntry type="module-library">
+ <library>
+ <CLASSES>
+ <root url="jar://$maven-rep$/jcifs/jars/jcifs-1.2.1.jar!/" />
+ </CLASSES>
+ <JAVADOC />
+ <SOURCES />
+ </library>
+ </orderEntry>
<orderEntryProperties />
</component>
<component name="WebModuleBuildComponent">
@@ -1450,6 +1459,11 @@
</containerElement>
<containerElement type="library" level="module">
<attribute name="method" value="1" />
+ <attribute name="URI" value="/WEB-INF/lib/jcifs-1.2.1.jar" />
+ <url>jar://$maven-rep$/jcifs/jars/jcifs-1.2.1.jar!/</url>
+ </containerElement>
+ <containerElement type="library" level="module">
+ <attribute name="method" value="1" />
<attribute name="URI" value="/WEB-INF/lib/jdom-1.0.jar" />
<url>jar://$maven-rep$/jdom/jars/jdom-1.0.jar!/</url>
</containerElement>
Index: JahiaConfigurationWizard.java
===================================================================
RCS file:
/home/cvs/repository/jahia/core/src/java/org/jahia/bin/JahiaConfigurationWizard.java,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -r1.17 -r1.18
--- JahiaConfigurationWizard.java 8 Aug 2005 16:31:45 -0000 1.17
+++ JahiaConfigurationWizard.java 23 Aug 2005 12:57:24 -0000 1.18
@@ -1,4 +1,4 @@
-// $Id: JahiaConfigurationWizard.java,v 1.17 2005/08/08 16:31:45 shuber Exp $
+// $Id: JahiaConfigurationWizard.java,v 1.18 2005/08/23 12:57:24 shuber Exp $
//
// ____.
// __/\ ______| |__/\. _______
@@ -1255,7 +1255,7 @@
}
private void configureHibernateDialect(ServletContext context, HashMap
values) {
- String hibernateSpringFile =
context.getRealPath("/WEB-INF/etc/spring/applicationContext-hibernate.xml");
+ String hibernateSpringFile =
context.getRealPath("/WEB-INF/etc/spring/applicationcontext-hibernate.xml");
SAXReader reader = new SAXReader();
try {
Index: web.xml
===================================================================
RCS file: /home/cvs/repository/jahia/core/src/webapp/WEB-INF/web.xml,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -r1.21 -r1.22
--- web.xml 22 Aug 2005 08:40:37 -0000 1.21
+++ web.xml 23 Aug 2005 12:57:25 -0000 1.22
@@ -9,9 +9,10 @@
<!--
Configure the following filters to use NTLM Domain authentification.
+ -->
<filter>
<filter-name>NtlmHttpFilter</filter-name>
- <filter-class>jcifs.http.NtlmHttpFilter</filter-class>
+
<filter-class>org.jahia.bin.filters.ntlm.NtlmHttpFilter</filter-class>
<init-param>
<param-name>jcifs.smb.client.domain</param-name>
@@ -21,13 +22,16 @@
<param-name>jcifs.netbios.wins</param-name>
<param-value>192.168.2.3</param-value>
</init-param>
+ <init-param>
+ <param-name>jcifs.http.skipAuthentification</param-name>
+ <param-value>true</param-value>
+ </init-param>
</filter>
<filter-mapping>
<filter-name>NtlmHttpFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
- -->
<listener>
<listener-class>org.jahia.bin.JahiaWebAppListener</listener-class>
Index: NtlmHttpFilter.java
====================================================================
/* jcifs smb client library in Java
* Copyright (C) 2002 "Michael B. Allen" <jcifs at samba dot org>
* "Jason Pugsley" <jcifs at samba dot org>
* "skeetz" <jcifs at samba dot org>
* "Eric Glass" <jcifs at samba dot org>
* and Marcel, Thomas, ...
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/package org.jahia.bin.filters.ntlm;
import jcifs.Config;
import jcifs.UniAddress;
import jcifs.http.NtlmSsp;
import jcifs.smb.NtlmChallenge;
import jcifs.smb.NtlmPasswordAuthentication;
import jcifs.smb.SmbAuthException;
import jcifs.smb.SmbSession;
import jcifs.util.Base64;
import jcifs.util.LogStream;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
import java.util.Enumeration;
/**
* This servlet Filter can be used to negotiate password hashes with
* MSIE clients using NTLM SSP. This is similar to <tt>Authentication:
* BASIC</tt> but weakly encrypted and without requiring the user to re-supply
* authentication credentials.
* <p>
* Read <a href="../../../ntlmhttpauth.html">jCIFS NTLM HTTP Authentication
and the Network Explorer Servlet</a> for complete details.
*
* This is a slightly modified version from the original to make the
* skipAuthentification parameter configurable, as it was hardcoded
* in the original.
*/
public class NtlmHttpFilter implements Filter {
private static LogStream log = LogStream.getInstance();
private String defaultDomain;
private String domainController;
private boolean loadBalance;
private boolean enableBasic;
private boolean insecureBasic;
private String realm;
private boolean skipAuthentification;
public void init( FilterConfig filterConfig ) throws ServletException {
String name;
int level;
/* Set jcifs properties we know we want; soTimeout and cachePolicy to
10min.
*/
Config.setProperty( "jcifs.smb.client.soTimeout", "300000" );
Config.setProperty( "jcifs.netbios.cachePolicy", "1200" );
Enumeration e = filterConfig.getInitParameterNames();
while( e.hasMoreElements() ) {
name = (String)e.nextElement();
if( name.startsWith( "jcifs." )) {
Config.setProperty( name, filterConfig.getInitParameter( name
));
}
}
defaultDomain = Config.getProperty("jcifs.smb.client.domain");
domainController = Config.getProperty( "jcifs.http.domainController"
);
if( domainController == null ) {
domainController = defaultDomain;
loadBalance = Config.getBoolean( "jcifs.http.loadBalance", true );
}
enableBasic = Boolean.valueOf(
Config.getProperty("jcifs.http.enableBasic")).booleanValue();
insecureBasic = Boolean.valueOf(
Config.getProperty("jcifs.http.insecureBasic")).booleanValue();
realm = Config.getProperty("jcifs.http.basicRealm");
if (realm == null) realm = "jCIFS";
skipAuthentification = Boolean.valueOf(
Config.getProperty("jcifs.http.skipAuthentification")).booleanValue();
if(( level = Config.getInt( "jcifs.util.loglevel", -1 )) != -1 ) {
LogStream.setLevel( level );
}
if( log.level > 2 ) {
try {
Config.store( log, "JCIFS PROPERTIES" );
} catch( IOException ioe ) {
}
}
}
public void destroy() {
}
/**
* This method simply calls <tt>negotiate( req, resp, false )</tt>
* and then <tt>chain.doFilter</tt>. You can override and call
* negotiate manually to achive a variety of different behavior.
*/
public void doFilter( ServletRequest request,
ServletResponse response,
FilterChain chain ) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest)request;
HttpServletResponse resp = (HttpServletResponse)response;
NtlmPasswordAuthentication ntlm;
if ((ntlm = negotiate( req, resp, skipAuthentification )) == null) {
if (!skipAuthentification) {
return;
}
}
if (ntlm == null) {
chain.doFilter(req, response);
} else {
chain.doFilter( new NtlmHttpServletRequest( req, ntlm ), response
);
}
}
/**
* Negotiate password hashes with MSIE clients using NTLM SSP
* @param req The servlet request
* @param resp The servlet response
* @param skipAuthentication If true the negotiation is only done if it is
* initiated by the client (MSIE post requests after successful NTLM SSP
* authentication). If false and the user has not been authenticated yet
* the client will be forced to send an authentication (server sends
* HttpServletResponse.SC_UNAUTHORIZED).
* @return True if the negotiation is complete, otherwise false
*/
protected NtlmPasswordAuthentication negotiate( HttpServletRequest req,
HttpServletResponse resp,
boolean skipAuthentication ) throws IOException,
ServletException {
UniAddress dc;
String msg;
NtlmPasswordAuthentication ntlm = null;
msg = req.getHeader( "Authorization" );
boolean offerBasic = enableBasic && (insecureBasic || req.isSecure());
if( msg != null && (msg.startsWith( "NTLM " ) ||
(offerBasic && msg.startsWith("Basic ")))) {
if (msg.startsWith("NTLM ")) {
HttpSession ssn = req.getSession();
byte[] challenge;
if( loadBalance ) {
NtlmChallenge chal = (NtlmChallenge)ssn.getAttribute(
"NtlmHttpChal" );
if( chal == null ) {
chal = SmbSession.getChallengeForDomain();
ssn.setAttribute( "NtlmHttpChal", chal );
}
dc = chal.dc;
challenge = chal.challenge;
} else {
dc = UniAddress.getByName( domainController, true );
challenge = SmbSession.getChallenge( dc );
}
if(( ntlm = NtlmSsp.authenticate( req, resp, challenge )) ==
null ) {
return null;
}
/* negotiation complete, remove the challenge object */
ssn.removeAttribute( "NtlmHttpChal" );
} else {
String auth = new String(Base64.decode(msg.substring(6)),
"US-ASCII");
int index = auth.indexOf(':');
String user = (index != -1) ? auth.substring(0, index) : auth;
String password = (index != -1) ? auth.substring(index + 1) :
"";
index = user.indexOf('\\');
if (index == -1) index = user.indexOf('/');
String domain = (index != -1) ? user.substring(0, index) :
defaultDomain;
user = (index != -1) ? user.substring(index + 1) : user;
ntlm = new NtlmPasswordAuthentication(domain, user, password);
dc = UniAddress.getByName( domainController, true );
}
try {
SmbSession.logon( dc, ntlm );
if( log.level > 2 ) {
log.println( "NtlmHttpFilter: " + ntlm +
" successfully authenticated against " + dc );
}
} catch( SmbAuthException sae ) {
if( log.level > 1 ) {
log.println( "NtlmHttpFilter: " + ntlm.getName() +
": 0x" + jcifs.util.Hexdump.toHexString(
sae.getNtStatus(), 8 ) +
": " + sae );
}
if( sae.getNtStatus() == sae.NT_STATUS_ACCESS_VIOLATION ) {
/* Server challenge no longer valid for
* externally supplied password hashes.
*/
HttpSession ssn = req.getSession(false);
if (ssn != null) {
ssn.removeAttribute( "NtlmHttpAuth" );
}
}
resp.setHeader( "WWW-Authenticate", "NTLM" );
if (offerBasic) {
resp.addHeader( "WWW-Authenticate", "Basic realm=\"" +
realm + "\"");
}
resp.setContentLength(0); /* Marcel Feb-15-2005 */
resp.setStatus( HttpServletResponse.SC_UNAUTHORIZED );
resp.flushBuffer();
return null;
}
req.getSession().setAttribute( "NtlmHttpAuth", ntlm );
} else {
if (!skipAuthentication) {
HttpSession ssn = req.getSession(false);
if (ssn == null || (ntlm = (NtlmPasswordAuthentication)
ssn.getAttribute("NtlmHttpAuth")) == null) {
resp.setHeader( "WWW-Authenticate", "NTLM" );
if (offerBasic) {
resp.addHeader( "WWW-Authenticate", "Basic realm=\"" +
realm + "\"");
}
resp.setStatus( HttpServletResponse.SC_UNAUTHORIZED );
resp.flushBuffer();
return null;
}
}
}
return ntlm;
}
// Added by cgross to work with weblogic 6.1.
public void setFilterConfig( FilterConfig f ) {
try {
init( f );
} catch( Exception e ) {
e.printStackTrace();
}
}
public FilterConfig getFilterConfig() {
return null;
}
}
Index: NtlmHttpServletRequest.java
====================================================================
/* jcifs smb client library in Java
* Copyright (C) 2002 "Michael B. Allen" <jcifs at samba dot org>
* "Eric Glass" <jcifs at samba dot org>
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
package org.jahia.bin.filters.ntlm;
import javax.servlet.http.HttpServletRequestWrapper;
import javax.servlet.http.HttpServletRequest;
import java.security.Principal;
class NtlmHttpServletRequest extends HttpServletRequestWrapper {
Principal principal;
NtlmHttpServletRequest( HttpServletRequest req, Principal principal ) {
super( req );
this.principal = principal;
}
public String getRemoteUser() {
return principal.getName();
}
public Principal getUserPrincipal() {
return principal;
}
public String getAuthType() {
return "NTLM";
}
}
