Exemplo n.º 1
0
  protected NtlmManager getNtlmManager(long companyId) throws SystemException {

    String domain =
        PrefsPropsUtil.getString(companyId, PropsKeys.NTLM_DOMAIN, PropsValues.NTLM_DOMAIN);
    String domainController =
        PrefsPropsUtil.getString(
            companyId, PropsKeys.NTLM_DOMAIN_CONTROLLER, PropsValues.NTLM_DOMAIN_CONTROLLER);
    String domainControllerName =
        PrefsPropsUtil.getString(
            companyId,
            PropsKeys.NTLM_DOMAIN_CONTROLLER_NAME,
            PropsValues.NTLM_DOMAIN_CONTROLLER_NAME);
    String serviceAccount =
        PrefsPropsUtil.getString(
            companyId, PropsKeys.NTLM_SERVICE_ACCOUNT, PropsValues.NTLM_SERVICE_ACCOUNT);
    String servicePassword =
        PrefsPropsUtil.getString(
            companyId, PropsKeys.NTLM_SERVICE_PASSWORD, PropsValues.NTLM_SERVICE_PASSWORD);

    NtlmManager ntlmManager = _ntlmManagers.get(companyId);

    if (ntlmManager == null) {
      ntlmManager =
          new NtlmManager(
              domain, domainController, domainControllerName, serviceAccount, servicePassword);

      _ntlmManagers.put(companyId, ntlmManager);
    } else {
      if (!Validator.equals(ntlmManager.getDomain(), domain)
          || !Validator.equals(ntlmManager.getDomainController(), domainController)
          || !Validator.equals(ntlmManager.getDomainControllerName(), domainControllerName)
          || !Validator.equals(ntlmManager.getServiceAccount(), serviceAccount)
          || !Validator.equals(ntlmManager.getServicePassword(), servicePassword)) {

        ntlmManager.setConfiguration(
            domain, domainController, domainControllerName, serviceAccount, servicePassword);
      }
    }

    return ntlmManager;
  }
Exemplo n.º 2
0
  @Override
  protected void processFilter(
      HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
      throws Exception {

    // Type 1 NTLM requests from browser can (and should) always immediately
    // be replied to with an Type 2 NTLM response, no matter whether we're
    // yet logging in or whether it is much later in the session.

    HttpSession session = request.getSession(false);

    long companyId = PortalInstances.getCompanyId(request);

    String authorization = GetterUtil.getString(request.getHeader(HttpHeaders.AUTHORIZATION));

    if (authorization.startsWith("NTLM")) {
      NtlmManager ntlmManager = getNtlmManager(companyId);

      String portalCacheKey = getPortalCacheKey(request);

      byte[] src = Base64.decode(authorization.substring(5));

      if (src[8] == 1) {
        byte[] serverChallenge = new byte[8];

        _secureRandom.nextBytes(serverChallenge);

        byte[] challengeMessage = ntlmManager.negotiate(src, serverChallenge);

        authorization = Base64.encode(challengeMessage);

        response.setContentLength(0);
        response.setHeader(HttpHeaders.WWW_AUTHENTICATE, "NTLM " + authorization);
        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);

        response.flushBuffer();

        _portalCache.put(portalCacheKey, serverChallenge);

        // Interrupt filter chain, send response. Browser will
        // immediately post a new request.

        return;
      }

      byte[] serverChallenge = _portalCache.get(portalCacheKey);

      if (serverChallenge == null) {
        response.setContentLength(0);
        response.setHeader(HttpHeaders.WWW_AUTHENTICATE, "NTLM");
        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);

        response.flushBuffer();

        return;
      }

      NtlmUserAccount ntlmUserAccount = null;

      try {
        ntlmUserAccount = ntlmManager.authenticate(src, serverChallenge);
      } catch (Exception e) {
        if (_log.isErrorEnabled()) {
          _log.error("Unable to perform NTLM authentication", e);
        }
      } finally {
        _portalCache.remove(portalCacheKey);
      }

      if (ntlmUserAccount == null) {
        response.setContentLength(0);
        response.setHeader(HttpHeaders.WWW_AUTHENTICATE, "NTLM");
        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);

        response.flushBuffer();

        return;
      }

      if (_log.isDebugEnabled()) {
        _log.debug("NTLM remote user " + ntlmUserAccount.getUserName());
      }

      request.setAttribute(WebKeys.NTLM_REMOTE_USER, ntlmUserAccount.getUserName());

      if (session != null) {
        session.setAttribute(WebKeys.NTLM_USER_ACCOUNT, ntlmUserAccount);
      }
    }

    String path = request.getPathInfo();

    if ((path != null) && path.endsWith("/login")) {
      NtlmUserAccount ntlmUserAccount = null;

      if (session != null) {
        ntlmUserAccount = (NtlmUserAccount) session.getAttribute(WebKeys.NTLM_USER_ACCOUNT);
      }

      if (ntlmUserAccount == null) {
        response.setContentLength(0);
        response.setHeader(HttpHeaders.WWW_AUTHENTICATE, "NTLM");
        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);

        response.flushBuffer();

        return;
      } else {
        request.setAttribute(WebKeys.NTLM_REMOTE_USER, ntlmUserAccount.getUserName());
      }
    }

    processFilter(NtlmPostFilter.class, request, response, filterChain);
  }