You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@struts.apache.org by dgv123 <de...@gmail.com> on 2008/03/13 18:28:29 UTC
Struts 2 Weblogic and NTLM
I am attaching a WAR file which uses code to obtain the user id via NTLM.
This code works fine on Tomcat and Weblogic 9.2 on unix (if i do not use
<s:form/> in the Home.jsp - I do not know why that breaks
http://www.nabble.com/file/p16032835/NTLM1.war NTLM1.war )
This WAR does not work on Weblogic 9.2 Windows 2000 as i get the following
error
Header:WWW-Authenticate Cannot contain CRLF Charcters
Here is the code in the Action class.
*******************************************
package com.dgv.actions;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.struts2.interceptor.ServletRequestAware;
import org.apache.struts2.interceptor.ServletResponseAware;
import org.apache.struts2.interceptor.SessionAware;
import com.dgv.security.NTLMLogin;
import com.dgv.util.Util;
import com.opensymphony.xwork2.ActionSupport;
import com.opensymphony.xwork2.Preparable;
public class BaseAction extends ActionSupport
implements SessionAware, ServletRequestAware, ServletResponseAware,
Preparable{
private Map session;
private HttpServletRequest request;
private HttpServletResponse response;
public void setSession(Map arg0) {
this.session = arg0;
}
public void setServletRequest(HttpServletRequest arg0) {
// TODO Auto-generated method stub
this.request = arg0;
}
public HttpServletRequest getServletRequest() {
// TODO Auto-generated method stub
return request;
}
public void prepare() throws Exception {
System.out.println("Entered Prepare Method");
String auth = request.getHeader("Authorization");
if (auth == null) {
System.out.println("Inside Null");
response.setStatus(response.SC_UNAUTHORIZED);
response.setHeader("WWW-Authenticate", "NTLM");
return;
}
System.out.println("outside Null");
if (auth.startsWith("NTLM ")) {
byte[] msg = new
sun.misc.BASE64Decoder().decodeBuffer(auth.substring(5));
int off = 30, length=0, offset;
String s;
if (msg[8] == 1) { // first step of authentication
off = 18;
// this part is for full hand-shaking, just tested, didn't care about
result passwords
byte z = 0;
byte[] msg1 = {(byte)'N', (byte)'T', (byte)'L', (byte)'M', (byte)'S',
(byte)'S', (byte)'P', z,
(byte)2, z, z, z, z, z, z, z,
(byte)40, z, z, z, (byte)1, (byte)130, z, z,
z, (byte)2, (byte)2, (byte)2, z, z, z, z, // this line is 'nonce'
z, z, z, z, z, z, z, z};
// remove next lines if you want see the result of first step
response.setStatus(response.SC_UNAUTHORIZED);
System.out.println("Before Setting Header");
response.setHeader("WWW-Authenticate", "NTLM " + new
sun.misc.BASE64Encoder().encodeBuffer(msg1));
System.out.println("Header:"+ request.getHeader("WWW-Authenticate"));
return;
} else
//return;
length = msg[off+9]*256 + msg[off+8];
offset = msg[off+11]*256 + msg[off+10];
s = new String(msg, offset, length);
System.out.println("**USER**** "+s + "");
}
}
public void setServletResponse(HttpServletResponse arg0) {
this.response = arg0;
}
public HttpServletResponse getServletResponse() {
return response;
}
}
**********************************************
Any help would be greatly appreciated.
--
View this message in context: http://www.nabble.com/Struts-2-Weblogic-and-NTLM-tp16032835p16032835.html
Sent from the Struts - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: Struts 2 Weblogic and NTLM
Posted by Sunil Netra <su...@bankofamerica.com>.
There must be extra white space.
Try trim:
response.setHeader("WWW-Authenticate", "NTLM " + new
sun.misc.BASE64Encoder().encodeBuffer(msg1).trim());
--
View this message in context: http://old.nabble.com/Struts-2-Weblogic-and-NTLM-tp16032835p27369873.html
Sent from the Struts - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org
Re: Struts 2 Weblogic and NTLM
Posted by dgv123 <de...@gmail.com>.
Ok i found out what was going wrong.
I used the sun package to encode "new
sun.misc.BASE64Encoder().encodeBuffer(msg1)"
I replaced it with a class I got from http://iharder.net/base64 and it works
fine now. I did not know sun.* apis are not supposed to be used....
dgv123 wrote:
>
> I am attaching a WAR file which uses code to obtain the user id via NTLM.
> This code works fine on Tomcat and Weblogic 9.2 on unix (if i do not use
> <s:form/> in the Home.jsp - I do not know why that breaks
> http://www.nabble.com/file/p16032835/NTLM1.war NTLM1.war )
>
> This WAR does not work on Weblogic 9.2 Windows 2000 as i get the following
> error
> Header:WWW-Authenticate Cannot contain CRLF Charcters
>
> Here is the code in the Action class.
> *******************************************
> package com.dgv.actions;
>
> import java.util.Map;
>
> import javax.servlet.http.HttpServletRequest;
> import javax.servlet.http.HttpServletResponse;
>
> import org.apache.struts2.interceptor.ServletRequestAware;
> import org.apache.struts2.interceptor.ServletResponseAware;
> import org.apache.struts2.interceptor.SessionAware;
>
> import com.dgv.security.NTLMLogin;
> import com.dgv.util.Util;
> import com.opensymphony.xwork2.ActionSupport;
> import com.opensymphony.xwork2.Preparable;
>
> public class BaseAction extends ActionSupport
> implements SessionAware, ServletRequestAware, ServletResponseAware,
> Preparable{
>
> private Map session;
> private HttpServletRequest request;
> private HttpServletResponse response;
>
> public void setSession(Map arg0) {
> this.session = arg0;
> }
>
>
>
> public void setServletRequest(HttpServletRequest arg0) {
> // TODO Auto-generated method stub
> this.request = arg0;
> }
> public HttpServletRequest getServletRequest() {
> // TODO Auto-generated method stub
> return request;
> }
>
>
>
> public void prepare() throws Exception {
>
> System.out.println("Entered Prepare Method");
> String auth = request.getHeader("Authorization");
> if (auth == null) {
> System.out.println("Inside Null");
> response.setStatus(response.SC_UNAUTHORIZED);
> response.setHeader("WWW-Authenticate", "NTLM");
> return;
> }
> System.out.println("outside Null");
> if (auth.startsWith("NTLM ")) {
> byte[] msg = new
> sun.misc.BASE64Decoder().decodeBuffer(auth.substring(5));
> int off = 30, length=0, offset;
> String s;
>
> if (msg[8] == 1) { // first step of authentication
> off = 18;
>
> // this part is for full hand-shaking, just tested, didn't care about
> result passwords
> byte z = 0;
> byte[] msg1 = {(byte)'N', (byte)'T', (byte)'L', (byte)'M', (byte)'S',
> (byte)'S', (byte)'P', z,
> (byte)2, z, z, z, z, z, z, z,
> (byte)40, z, z, z, (byte)1, (byte)130, z, z,
> z, (byte)2, (byte)2, (byte)2, z, z, z, z, // this line is 'nonce'
> z, z, z, z, z, z, z, z};
> // remove next lines if you want see the result of first step
> response.setStatus(response.SC_UNAUTHORIZED);
> System.out.println("Before Setting Header");
> response.setHeader("WWW-Authenticate", "NTLM " + new
> sun.misc.BASE64Encoder().encodeBuffer(msg1));
> System.out.println("Header:"+ request.getHeader("WWW-Authenticate"));
> return;
>
>
> } else
> //return;
>
>
> length = msg[off+9]*256 + msg[off+8];
> offset = msg[off+11]*256 + msg[off+10];
> s = new String(msg, offset, length);
> System.out.println("**USER**** "+s + "");
> }
>
> }
> public void setServletResponse(HttpServletResponse arg0) {
> this.response = arg0;
>
> }
>
>
>
> public HttpServletResponse getServletResponse() {
> return response;
> }
>
> }
>
>
>
> **********************************************
> Any help would be greatly appreciated.
>
--
View this message in context: http://www.nabble.com/Struts-2-Weblogic-and-NTLM-tp16032835p16037640.html
Sent from the Struts - User mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscribe@struts.apache.org
For additional commands, e-mail: user-help@struts.apache.org