I am attaching a WAR file which uses code to obtain the user id via NTLM.
This code works fine on Tomcat and Weblogic 9.2 on unix (if i do not use
<s:form/> in the Home.jsp - I do not know why that breaks
http://www.nabble.com/file/p16032835/NTLM1.war NTLM1.war )
This WAR does not work on Weblogic 9.2 Windows 2000 as i get the following
error
Header:WWW-Authenticate Cannot contain CRLF Charcters
Here is the code in the Action class.
*******************************************
package com.dgv.actions;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.struts2.interceptor.ServletRequestAware;
import org.apache.struts2.interceptor.ServletResponseAware;
import org.apache.struts2.interceptor.SessionAware;
import com.dgv.security.NTLMLogin;
import com.dgv.util.Util;
import com.opensymphony.xwork2.ActionSupport;
import com.opensymphony.xwork2.Preparable;
public class BaseAction extends ActionSupport
implements SessionAware, ServletRequestAware, ServletResponseAware,
Preparable{
private Map session;
private HttpServletRequest request;
private HttpServletResponse response;
public void setSession(Map arg0) {
this.session = arg0;
}
public void setServletRequest(HttpServletRequest arg0) {
// TODO Auto-generated method stub
this.request = arg0;
}
public HttpServletRequest getServletRequest() {
// TODO Auto-generated method stub
return request;
}
public void prepare() throws Exception {
System.out.println("Entered Prepare Method");
String auth = request.getHeader("Authorization");
if (auth == null) {
System.out.println("Inside Null");
response.setStatus(response.SC_UNAUTHORIZED);
response.setHeader("WWW-Authenticate", "NTLM");
return;
}
System.out.println("outside Null");
if (auth.startsWith("NTLM ")) {
byte[] msg = new
sun.misc.BASE64Decoder().decodeBuffer(auth.substring(5));
int off = 30, length=0, offset;
String s;
if (msg[8] == 1) { // first step of authentication
off = 18;
// this part is for full hand-shaking, just tested, didn't care
about
result passwords
byte z = 0;
byte[] msg1 = {(byte)'N', (byte)'T', (byte)'L', (byte)'M',
(byte)'S',
(byte)'S', (byte)'P', z,
(byte)2, z, z, z, z, z, z, z,
(byte)40, z, z, z, (byte)1, (byte)130, z, z,
z, (byte)2, (byte)2, (byte)2, z, z, z, z, // this line is
'nonce'
z, z, z, z, z, z, z, z};
// remove next lines if you want see the result of first step
response.setStatus(response.SC_UNAUTHORIZED);
System.out.println("Before Setting Header");
response.setHeader("WWW-Authenticate", "NTLM " + new
sun.misc.BASE64Encoder().encodeBuffer(msg1));
System.out.println("Header:"+
request.getHeader("WWW-Authenticate"));
return;
} else
//return;
length = msg[off+9]*256 + msg[off+8];
offset = msg[off+11]*256 + msg[off+10];
s = new String(msg, offset, length);
System.out.println("**USER**** "+s + "");
}
}
public void setServletResponse(HttpServletResponse arg0) {
this.response = arg0;
}
public HttpServletResponse getServletResponse() {
return response;
}
}
**********************************************
Any help would be greatly appreciated.
--
View this message in context:
http://www.nabble.com/Struts-2-Weblogic-and-NTLM-tp16032835p16032835.html
Sent from the Struts - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
