Thanks Piccoli.
> > String strAuth = request.getHeader("Authorization");
> > if (strAuth == null)
> > {
> > response.setStatus(response.SC_UNAUTHORIZED);
> > response.setHeader("WWW-Authenticate", "NTLM");
> > return;
> > }
> > If i return a JSP page with status UNAUTHORIZED, then subsequent POST
> > request will quit working.
>
> I don't follow what you are doing. Below is a sample NTLM handshake.
>
> 1) C -> S GET ...
>
> 2) S -> C 401 Unauthorized
> WWW-Authenticate: NTLM
>
> 3) C -> S GET ...
> Authorization: NTLM
> TlRMTVNTUAABAAAAA7IAAAoACgApAAAACQAJACAAAABMSUdIVENJVFlVUlNBLU1JTk9S
>
> 4) S -> C 401 Unauthorized
> WWW-Authenticate: NTLM
> TlRMTVNTUAACAAAAAAAAACgAAAABggAAU3J2Tm9uY2UAAAAAAAAAAA==
>
> 5) C -> S GET ...
> Authorization: NTLM
> TlRMTVNTUAADAAAAGAAYAHIAAAAYABgAigAAABQAFABAAAAADAAMAFQAAAASABIAYAAAAAAA
> AACiAAAAAYIAAFUAUgBTAEEALQBNAEkATgBPAFIAWgBhAHAAaABvAGQATABJAEcASABUAEMA
> SQBUAFkArYfKbe/jRoW5xDxHeoxC1gBmfWiS5+iX4OAN4xBKG/IFPwfH3agtPEia6YnhsADT
>
> 6) S -> C 200 Ok
>
>
> Is the code that you showed was implementing step 2? If so then how have
> you already authenticated the client, as it the hash is not sent until
> step 5.
Yes, the following code is for step2
String strAuth = request.getHeader("Authorization"); //Check for
authorization header
if (strAuth == null)
{
response.setStatus(response.SC_UNAUTHORIZED); //Set the response header
to 401 UNAUTHORIZED
response.setHeader("WWW-Authenticate", "NTLM"); //Set WWW-Authenticate
to NTLM
return;
}
The above code is equalant to
S -> C 401 Unauthorized
WWW-Authenticate: NTLM
If i do the above step, client returns NTLM authorization header and client
is authenticated at step 6.
After identifying client name and his domain name, I will display a FORM to
a user (partially filled),he will fill the remaining entries and submit the
form but the problem is im not receiving the data.
The main problem is in step 2 part of the code. Just forget about the
authentication(step 3 to Step 6), after doing step 2 if i try to do a POST
request then it won't work.
Regards
Ganesh
>
> Please clarify what step of the NTLM handshake the code is attempting to
> implement.
>
> Better still can you provide the HTTP trace of the conversation between
> the client and the server. This can be obtained using a TCP sniffer from
> the Jakarta axis project. OK!
>
> -lp
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
> Disclaimer :- This e-mail message including any attachment may contain
confidential, proprietary or legally privileged information.It should not be
used by who is not the original intended recipient.If you have erroneously
received this message,you are notified that you are strictly prohibited from
using, coping, altering or disclosing the content of this message.Please
delete it immediatly and notify the sender. Newgen Software Technologies Ltd
and / or its subsidiary Companies accept no responsibility for loss or
damage arising from the use of the information transmitted by this email
including damage from virus and further acknowledges that any views
expressed in this message are those of the individual sender and no binding
nature of the message shall be implied or assumed unless the sender does so
expressly with due authority of Newgen Software Technologies Ltd and / or
its subsidiary Companies, as applicable.
>
>
>
>
>
>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
