works on tomcat not on jboss
theone May 11, 2004 5:10 AMHi,
I trying to get SSO work in my LAN. I have a simple servlet which on first request sends response back as 'WWW-Authenticate', the browser responde with a NTLM token, servlet againg sends something as a part of protocol....blah blah......
Finally it takes the token, parses it and extracts the userid, m/c name,domain etc.
The servlet works fine in tomcat.
When i port it to jboss/server/default/deploy......the communication hangs at a definite point.
I also extracted the headers in the communication. Could not identify waht is going wrong exactly.
Down here are the servlet and the header files for the successful and failed comunication
-------------------------------------------------------------------------------------
import java.io.*;
import java.text.*;
import java.util.*;
import javax.servlet.*;
import javax.servlet.http.*;
import org.ietf.jgss.*;
import org.apache.xerces.impl.dv.util.*;
public class NtlmEmulator extends HttpServlet {
public void doGet(HttpServletRequest request,
HttpServletResponse response)
throws IOException, ServletException
{
String auth = request.getHeader("Authorization");
if (auth == null) {
response.setStatus(response.SC_UNAUTHORIZED);
response.setHeader("WWW-Authenticate", "NTLM");
System.out.println("#####1st step");
response.flushBuffer();
System.out.println("#####1st step comp");
return;
}
if (auth.startsWith("NTLM ")) { byte[] msg = new sun.misc.BASE64Decoder().decodeBuffer(auth.substring(5));
int off = 0, length, offset;
String s;
if (msg[8] == 1) { // first step of authentication
off = 18;
byte z = 0;
byte[] msg1 = {(byte)'N', (byte)'T', (byte)'L', (byte)'M', (byte)'S', (byte)'S', (byte)'P', z,
(byte)2, z, z, z, z, z, z, z,
(byte)40, z, z, z, (byte)1, (byte)130, z, z,
z, (byte)2, (byte)2, (byte)2, z, z, z, z, // this line is 'nonce'
z, z, z, z, z, z, z, z};
// remove next lines if you want see the result of first step
response.setStatus(response.SC_UNAUTHORIZED);
response.setHeader("WWW-Authenticate", "NTLM " + new sun.misc.BASE64Encoder().encodeBuffer(msg1));
System.out.println("#####2nd step");
response.flushBuffer();
System.out.println("#####2nd complete");
return;
}
else if (msg[8] == 3) { // third step of authentization - takes long time, nod needed if zou care only for loginname
off = 30;
System.out.println("#####3rd tep step");
length = msg[off+17]*256 + msg[off+16];
offset = msg[off+19]*256 + msg[off+18];
s = new String(msg, offset, length);
System.out.println(s);
} else{
return;
}
length = msg[off+1]*256 + msg[off];
offset = msg[off+3]*256 + msg[off+2];
s = new String(msg, offset, length);
System.out.println("length is "+s.length()+" "+(int)s.charAt(0)+"$"+(int)s.charAt(1)+"$"+(int)s.charAt(2)+"$");
StringBuffer sbDomain=new StringBuffer();
char c=(char)0;
char[] charArr=new char[1];
charArr[0]=c;
StringTokenizer st = new StringTokenizer(s,new String(charArr));
while (st.hasMoreTokens()) {
// String token=st.nextToken();
// System.out.println("token "+token);
sbDomain.append(st.nextToken());
}
System.out.println(sbDomain);
length = msg[off+9]*256 + msg[off+8];
offset = msg[off+11]*256 + msg[off+10];
s = new String(msg, offset, length);
StringBuffer sbUserName=new StringBuffer();
StringTokenizer st1 = new StringTokenizer(s,new String(charArr));
while (st1.hasMoreTokens()) {
sbUserName.append(st1.nextToken());
}
System.out.println(sbUserName);
}
}//doget
}
-------------------------------------------------------------------------------------
SUCCESSFUL COMMUNICATION HEADERS
GET /ntlm/ntlmservlet HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: localhost:8080
Connection: Keep-Alive
HTTP/1.1 401 Unauthorized
WWW-Authenticate: NTLM
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Transfer-Encoding: chunked
Date: Tue, 11 May 2004 05:42:09 GMT
Server: Apache Coyote/1.0
GET /ntlm/ntlmservlet HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: localhost:8080
Connection: Keep-Alive
Authorization: NTLM TlRMTVNTUAABAAAAB7IIoAYABgAvAAAADwAPACAAAABJTkQtU1BaNERYUDAwNDdNQVNURUs=
HTTP/1.1 401 Unauthorized
WWW-Authenticate: NTLM TlRMTVNTUAACAAAAAAAAACgAAAABggAAAAICAgAAAAAAAAAAAAAAAA==
GET /ntlm/ntlmservlet HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: localhost:8080
Connection: Keep-Alive
Authorization: NTLM TlRMTVNTUAADAAAAGAAYAHoAAAAYABgAkgAAAAwADABAAAAAEAAQAEwAAAAeAB4AXAAAAAAAAACqAAAABYIAAE0AQQBTAFQARQBLAGsAcwBoAGkAdABpAGoAdQBJAE4ARAAtAFMAUABaADQARABYAFAAMAAwADQANwCbmhyFIdpmwOZWt640fv/CyRrW6CyUUhM4L2b6rZrP0U5MnsVusnCubZqH4HrHf6o=
GET /ntlm/ntlmservlet HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: localhost:8080
Connection: Keep-Alive
Authorization: NTLM TlRMTVNTUAADAAAAGAAYAHoAAAAYABgAkgAAAAwADABAAAAAEAAQAEwAAAAeAB4AXAAAAAAAAACqAAAABYIAAE0AQQBTAFQARQBLAGsAcwBoAGkAdABpAGoAdQBJAE4ARAAtAFMAUABaADQARABYAFAAMAAwADQANwCbmhyFIdpmwOZWt640fv/CyRrW6CyUUhM4L2b6rZrP0U5MnsVusnCubZqH4HrHf6o=
HTTP/1.1 200 OK
Content-Type: text/plain
Content-Length: 0
Date: Tue, 11 May 2004 05:42:29 GMT
Server: Apache Coyote/1.0
GET http://in.update.companion.yahoo.com/slv/v4/2.html?.pc=&.a=0&.ta=cgnone,ccnone,ciin,cv5_1_6,cp&.cv=1&.cs=p,dc2ef32fc4fb2885&t=349482546 HTTP/1.1
Accept: */*
Cookie: B=0qqakq909k912&b=2; CP=v=50106&br=i
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: in.update.companion.yahoo.com
Proxy-Connection: Keep-Alive
Pragma: no-cache
HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy service is denied. )
Via:1.1 IND-SPZ7PXY001
Proxy-Authenticate: NTLM
Proxy-Authenticate: Basic realm="ind-spz7pxy001.XYZ.com"
Proxy-Authenticate: Kerberos
Proxy-Authenticate: Negotiate
Connection: close
Proxy-Connection: close
Pragma: no-cache
Cache-Control: no-cache
Content-Type: text/html
Content-Length: 2376
GET http://in.update.companion.yahoo.com/slv/v4/2.html?.pc=&.a=0&.ta=cgnone,ccnone,ciin,cv5_1_6,cp&.cv=1&.cs=p,dc2ef32fc4fb2885&t=349482546 HTTP/1.1
Accept: */*
Cookie: B=0qqakq909k912&b=2; CP=v=50106&br=i
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: in.update.companion.yahoo.com
Proxy-Connection: Keep-Alive
Pragma: no-cache
Proxy-Authorization: NTLM TlRMTVNTUAABAAAAB7IIoAYABgAvAAAADwAPACAAAABJTkQtU1BaNERYUDAwNDdNQVNURUv=
HTTP/1.1 407 Proxy Authentication Required ( Access is denied. )
Via:1.1 IND-SPZ7PXY001
Proxy-Authenticate: NTLM TlRMTVNTUAACAAAADAAMADgAAAAFgomirDHW4jxzDKcAAAAAAAAAAIIAggBEAAAABQCTCAAAAA9NAEEAUwBUAEUASwACAAwATQBBAFMAVABFAEsAAQAcAEkATgBEAC0AUwBQAFoANwBQAFgAWQAwADAAMQAEABQAbQBhAHMAdABlAGsALgBjAG8AbQADADIAaQBuAGQALQBzAHAAegA3AHAAeAB5ADAAMAAxAC4AbQBhAHMAdABlAGsALgBjAG8AbQAAAAAA
Pragma: no-cache
Cache-Control: no-cache
Content-Type: text/html
Content-Length: 0 GET http://in.update.companion.yahoo.com/slv/v4/2.html?.pc=&.a=0&.ta=cgnone,ccnone,ciin,cv5_1_6,cp&.cv=1&.cs=p,dc2ef32fc4fb2885&t=349482546 HTTP/1.1
Accept: */*
Proxy-Authorization: NTLM TlRMTVNTUAADAAAAGAAYAHoAAAAYABgAkgAAAAwADABAAAAAEAAQAEwAAAAeAB4AXAAAAAAAAACqAAAABYKIoG0AYQBzAHQAZQBrAGsAcwBoAGkAdABpAGoAdQBJAE4ARAAtAFMAUABaADQARABYAFAAMAAwADQANwDdaxsGGOW+MQAAAAAAAAAAAAAAAAAAAADzvIrM0li+Ew/iJqtpMB7UFKPF45yl64M=
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: in.update.companion.yahoo.com
Proxy-Connection: Keep-Alive
Pragma: no-cache
Cookie: B=0qqakq909k912&b=2; CP=v=50106&br=i
HTTP/1.1 200 OK
Via: 1.0 IND-SPZ7PXY001
Connection: close
Proxy-Connection: close
Date: Tue, 11 May 2004 05:41:50 GMT
Content-Type: text/html
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Cache-Control: private
-------------------------------------------------------------------------------------
FAILED COMMUNICATION HEADERS
GET /ntlm/ntlmservlet HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: localhost:8080
Connection: Keep-Alive
HTTP/1.1 401 Unauthorized
WWW-Authenticate: NTLM
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Transfer-Encoding: chunked
Date: Tue, 11 May 2004 05:33:26 GMT
Server: Apache Coyote/1.0
GET /ntlm/ntlmservlet HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Host: localhost:8080
Connection: Keep-Alive
Authorization: NTLM TlRMTVNTUAABAAAAB7IIoAYABgAvAAAADwAPACAAAABJTkQtU1BaNERYUDAwNDdNQVNURUs=
HTTP/1.1 401 Unauthorized
WWW-Authenticate: NTLM TlRMTVNTUAACAAAAAAAAACgAAAABggAAAAICAgAAAAAAAAAAAAAAAA==
-------------------------------------------------------------------------------------
-theone