svn commit: [jahia] r14885 - in /trunk/core/src: java/org/jahia/bin/filters/ntlm/NtlmHttpFilter.java webapp/WEB-INF/web.xml

Thu, 10 Aug 2006 06:51:34 -0700 

Author: shuber
Date: Thu Aug 10 15:51:33 2006
New Revision: 14885

URL: https://svndev.jahia.net/websvn/listing.php?sc=1&rev=14885&repname=jahia
Log:
SIG-2 : allow BASIC authentification to go directly to Jahia. 
Backported HTTP auth valve to Jahia 4.

Modified:
    trunk/core/src/java/org/jahia/bin/filters/ntlm/NtlmHttpFilter.java
    trunk/core/src/webapp/WEB-INF/web.xml

Modified: trunk/core/src/java/org/jahia/bin/filters/ntlm/NtlmHttpFilter.java
URL: 
https://svndev.jahia.net/websvn/diff.php?path=/trunk/core/src/java/org/jahia/bin/filters/ntlm/NtlmHttpFilter.java&rev=14885&repname=jahia
==============================================================================
--- trunk/core/src/java/org/jahia/bin/filters/ntlm/NtlmHttpFilter.java 
(original)
+++ trunk/core/src/java/org/jahia/bin/filters/ntlm/NtlmHttpFilter.java Thu Aug 
10 15:51:33 2006
@@ -79,6 +79,7 @@
     private String domainController;
     private boolean loadBalance;
     private boolean enableBasic;
+    private boolean useBasic;
     private boolean insecureBasic;
     private String realm;
     private boolean skipAuthentification;
@@ -107,6 +108,8 @@
         }
         enableBasic = Boolean.valueOf(
                 Config.getProperty("jcifs.http.enableBasic")).booleanValue();
+        useBasic = Boolean.valueOf(
+                Config.getProperty("jcifs.http.useBasic")).booleanValue();
         insecureBasic = Boolean.valueOf(
                 Config.getProperty("jcifs.http.insecureBasic")).booleanValue();
         realm = Config.getProperty("jcifs.http.basicRealm");
@@ -147,10 +150,22 @@
             }
         }
 
-        if (ntlm == null) {
-            chain.doFilter(req, response);   
-        } else {
+        Boolean isBasicBool = (Boolean) request.getAttribute("isBasic");
+        if (isBasicBool == null) {
+            isBasicBool = new Boolean(false);
+        }
+        boolean useNtlmRequest = false;
+        if (ntlm != null) {
+            useNtlmRequest = true;
+        }
+        if (isBasicBool.booleanValue() && !useBasic) {
+            useNtlmRequest = false;
+        }
+
+        if (useNtlmRequest) {
             chain.doFilter( new NtlmHttpServletRequest( req, ntlm ), response 
);
+        } else {
+            chain.doFilter(req, response);
         }
     }
 
@@ -173,6 +188,7 @@
         NtlmPasswordAuthentication ntlm = null;
         msg = req.getHeader( "Authorization" );
         boolean offerBasic = enableBasic && (insecureBasic || req.isSecure());
+        boolean isBasic = false;
 
         if( msg != null && (msg.startsWith( "NTLM " ) ||
                     (offerBasic && msg.startsWith("Basic ")))) {
@@ -199,6 +215,8 @@
                 /* negotiation complete, remove the challenge object */
                 ssn.removeAttribute( "NtlmHttpChal" );
             } else {
+                req.setAttribute("isBasic", new Boolean(true));
+                isBasic = true;
                 String auth = new String(Base64.decode(msg.substring(6)),
                         "US-ASCII");
                 int index = auth.indexOf(':');
@@ -214,7 +232,9 @@
                 dc = UniAddress.getByName( domainController, true );
             }
             try {
-
+                if ((isBasic) && (!useBasic)) {
+                    return ntlm;
+                }
                 SmbSession.logon( dc, ntlm );
 
                 if( log.level > 2 ) {

Modified: trunk/core/src/webapp/WEB-INF/web.xml
URL: 
https://svndev.jahia.net/websvn/diff.php?path=/trunk/core/src/webapp/WEB-INF/web.xml&rev=14885&repname=jahia
==============================================================================
--- trunk/core/src/webapp/WEB-INF/web.xml (original)
+++ trunk/core/src/webapp/WEB-INF/web.xml Thu Aug 10 15:51:33 2006
@@ -65,9 +65,37 @@
             <param-value>192.168.2.3</param-value>
         </init-param>
         <init-param>
+          <!-- Use this parameter to deactivate NTLM authentification. If
+               NTLM authentification is activated, you will only be able 
+               to log on using this method, or by using Basic authentification
+               if the enableBasic parameter is set to true.
+          -->
             <param-name>jcifs.http.skipAuthentification</param-name>
             <param-value>true</param-value>
         </init-param>
+        <init-param>
+          <!-- Activates HTTP Basic authentification if NTLM is not available
+          -->
+            <param-name>jcifs.http.enableBasic</param-name>
+            <param-value>true</param-value>
+        </init-param>
+        <init-param>
+          <!-- If this parameter is true, it means we will allow BASIC 
authentification
+               over regular HTTP connections. If it is false, this means that 
only 
+               HTTPS session will be accepted for BASIC authentification.
+          -->
+            <param-name>jcifs.http.insecureBasic</param-name>
+            <param-value>true</param-value>
+        </init-param>
+        <init-param>
+          <!-- This parameter controls whether the detected BASIC 
authentification passed
+               over to the filter will be used to do an SMB login. Set this to 
true if 
+               you want to use BASIC authentification to login on your domain 
controller, 
+               and set to false if you want Jahia to handle the basic 
authentification.
+          -->
+            <param-name>jcifs.http.useBasic</param-name>
+            <param-value>false</param-value>
+        </init-param>
     </filter>
 
     <!-- Filter for displaytag export options -->

Reply via email to