0 Replies Latest reply on May 11, 2004 5:10 AM by theone

    works on tomcat not on jboss

    theone Newbie

      Hi,
      I trying to get SSO work in my LAN. I have a simple servlet which on first request sends response back as 'WWW-Authenticate', the browser responde with a NTLM token, servlet againg sends something as a part of protocol....blah blah......
      Finally it takes the token, parses it and extracts the userid, m/c name,domain etc.
      The servlet works fine in tomcat.
      When i port it to jboss/server/default/deploy......the communication hangs at a definite point.
      I also extracted the headers in the communication. Could not identify waht is going wrong exactly.

      Down here are the servlet and the header files for the successful and failed comunication
      -------------------------------------------------------------------------------------
      import java.io.*;
      import java.text.*;
      import java.util.*;
      import javax.servlet.*;
      import javax.servlet.http.*;
      import org.ietf.jgss.*;
      import org.apache.xerces.impl.dv.util.*;

      public class NtlmEmulator extends HttpServlet {


      public void doGet(HttpServletRequest request,
      HttpServletResponse response)
      throws IOException, ServletException
      {
      String auth = request.getHeader("Authorization");
      if (auth == null) {
      response.setStatus(response.SC_UNAUTHORIZED);
      response.setHeader("WWW-Authenticate", "NTLM");
      System.out.println("#####1st step");
      response.flushBuffer();
      System.out.println("#####1st step comp");
      return;
      }
      if (auth.startsWith("NTLM ")) { byte[] msg = new sun.misc.BASE64Decoder().decodeBuffer(auth.substring(5));
      int off = 0, length, offset;
      String s;
      if (msg[8] == 1) { // first step of authentication
      off = 18;
      byte z = 0;
      byte[] msg1 = {(byte)'N', (byte)'T', (byte)'L', (byte)'M', (byte)'S', (byte)'S', (byte)'P', z,
      (byte)2, z, z, z, z, z, z, z,
      (byte)40, z, z, z, (byte)1, (byte)130, z, z,
      z, (byte)2, (byte)2, (byte)2, z, z, z, z, // this line is 'nonce'
      z, z, z, z, z, z, z, z};
      // remove next lines if you want see the result of first step
      response.setStatus(response.SC_UNAUTHORIZED);
      response.setHeader("WWW-Authenticate", "NTLM " + new sun.misc.BASE64Encoder().encodeBuffer(msg1));
      System.out.println("#####2nd step");
      response.flushBuffer();
      System.out.println("#####2nd complete");
      return;
      }
      else if (msg[8] == 3) { // third step of authentization - takes long time, nod needed if zou care only for loginname
      off = 30;
      System.out.println("#####3rd tep step");
      length = msg[off+17]*256 + msg[off+16];
      offset = msg[off+19]*256 + msg[off+18];
      s = new String(msg, offset, length);
      System.out.println(s);
      } else{
      return;
      }
      length = msg[off+1]*256 + msg[off];
      offset = msg[off+3]*256 + msg[off+2];
      s = new String(msg, offset, length);
      System.out.println("length is "+s.length()+" "+(int)s.charAt(0)+"$"+(int)s.charAt(1)+"$"+(int)s.charAt(2)+"$");
      StringBuffer sbDomain=new StringBuffer();
      char c=(char)0;
      char[] charArr=new char[1];
      charArr[0]=c;
      StringTokenizer st = new StringTokenizer(s,new String(charArr));
      while (st.hasMoreTokens()) {
      // String token=st.nextToken();
      // System.out.println("token "+token);
      sbDomain.append(st.nextToken());
      }
      System.out.println(sbDomain);
      length = msg[off+9]*256 + msg[off+8];
      offset = msg[off+11]*256 + msg[off+10];
      s = new String(msg, offset, length);
      StringBuffer sbUserName=new StringBuffer();
      StringTokenizer st1 = new StringTokenizer(s,new String(charArr));
      while (st1.hasMoreTokens()) {
      sbUserName.append(st1.nextToken());
      }
      System.out.println(sbUserName);

      }

      }//doget
      }
      -------------------------------------------------------------------------------------
      SUCCESSFUL COMMUNICATION HEADERS
      GET /ntlm/ntlmservlet HTTP/1.1
      Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
      Accept-Language: en-us
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
      Host: localhost:8080
      Connection: Keep-Alive


      HTTP/1.1 401 Unauthorized
      WWW-Authenticate: NTLM
      Content-Type: text/html;charset=ISO-8859-1
      Content-Language: en-US
      Transfer-Encoding: chunked
      Date: Tue, 11 May 2004 05:42:09 GMT
      Server: Apache Coyote/1.0

      GET /ntlm/ntlmservlet HTTP/1.1
      Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
      Accept-Language: en-us
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
      Host: localhost:8080
      Connection: Keep-Alive
      Authorization: NTLM TlRMTVNTUAABAAAAB7IIoAYABgAvAAAADwAPACAAAABJTkQtU1BaNERYUDAwNDdNQVNURUs=


      HTTP/1.1 401 Unauthorized
      WWW-Authenticate: NTLM TlRMTVNTUAACAAAAAAAAACgAAAABggAAAAICAgAAAAAAAAAAAAAAAA==

      GET /ntlm/ntlmservlet HTTP/1.1
      Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
      Accept-Language: en-us
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
      Host: localhost:8080
      Connection: Keep-Alive
      Authorization: NTLM TlRMTVNTUAADAAAAGAAYAHoAAAAYABgAkgAAAAwADABAAAAAEAAQAEwAAAAeAB4AXAAAAAAAAACqAAAABYIAAE0AQQBTAFQARQBLAGsAcwBoAGkAdABpAGoAdQBJAE4ARAAtAFMAUABaADQARABYAFAAMAAwADQANwCbmhyFIdpmwOZWt640fv/CyRrW6CyUUhM4L2b6rZrP0U5MnsVusnCubZqH4HrHf6o=
      GET /ntlm/ntlmservlet HTTP/1.1
      Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
      Accept-Language: en-us
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
      Host: localhost:8080
      Connection: Keep-Alive
      Authorization: NTLM TlRMTVNTUAADAAAAGAAYAHoAAAAYABgAkgAAAAwADABAAAAAEAAQAEwAAAAeAB4AXAAAAAAAAACqAAAABYIAAE0AQQBTAFQARQBLAGsAcwBoAGkAdABpAGoAdQBJAE4ARAAtAFMAUABaADQARABYAFAAMAAwADQANwCbmhyFIdpmwOZWt640fv/CyRrW6CyUUhM4L2b6rZrP0U5MnsVusnCubZqH4HrHf6o=
      HTTP/1.1 200 OK
      Content-Type: text/plain
      Content-Length: 0
      Date: Tue, 11 May 2004 05:42:29 GMT
      Server: Apache Coyote/1.0

      GET http://in.update.companion.yahoo.com/slv/v4/2.html?.pc=&.a=0&.ta=cgnone,ccnone,ciin,cv5_1_6,cp&.cv=1&.cs=p,dc2ef32fc4fb2885&t=349482546 HTTP/1.1
      Accept: */*
      Cookie: B=0qqakq909k912&b=2; CP=v=50106&br=i
      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
      Host: in.update.companion.yahoo.com
      Proxy-Connection: Keep-Alive
      Pragma: no-cache


      HTTP/1.1 407 Proxy Authentication Required ( The ISA Server requires authorization to fulfill the request. Access to the Web Proxy service is denied. )
      Via:1.1 IND-SPZ7PXY001
      Proxy-Authenticate: NTLM
      Proxy-Authenticate: Basic realm="ind-spz7pxy001.XYZ.com"
      Proxy-Authenticate: Kerberos
      Proxy-Authenticate: Negotiate
      Connection: close
      Proxy-Connection: close
      Pragma: no-cache
      Cache-Control: no-cache
      Content-Type: text/html
      Content-Length: 2376

      GET http://in.update.companion.yahoo.com/slv/v4/2.html?.pc=&.a=0&.ta=cgnone,ccnone,ciin,cv5_1_6,cp&.cv=1&.cs=p,dc2ef32fc4fb2885&t=349482546 HTTP/1.1
      Accept: */*
      Cookie: B=0qqakq909k912&b=2; CP=v=50106&br=i
      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
      Host: in.update.companion.yahoo.com
      Proxy-Connection: Keep-Alive
      Pragma: no-cache
      Proxy-Authorization: NTLM TlRMTVNTUAABAAAAB7IIoAYABgAvAAAADwAPACAAAABJTkQtU1BaNERYUDAwNDdNQVNURUv=


      HTTP/1.1 407 Proxy Authentication Required ( Access is denied. )
      Via:1.1 IND-SPZ7PXY001
      Proxy-Authenticate: NTLM TlRMTVNTUAACAAAADAAMADgAAAAFgomirDHW4jxzDKcAAAAAAAAAAIIAggBEAAAABQCTCAAAAA9NAEEAUwBUAEUASwACAAwATQBBAFMAVABFAEsAAQAcAEkATgBEAC0AUwBQAFoANwBQAFgAWQAwADAAMQAEABQAbQBhAHMAdABlAGsALgBjAG8AbQADADIAaQBuAGQALQBzAHAAegA3AHAAeAB5ADAAMAAxAC4AbQBhAHMAdABlAGsALgBjAG8AbQAAAAAA
      Pragma: no-cache
      Cache-Control: no-cache
      Content-Type: text/html
      Content-Length: 0 GET http://in.update.companion.yahoo.com/slv/v4/2.html?.pc=&.a=0&.ta=cgnone,ccnone,ciin,cv5_1_6,cp&.cv=1&.cs=p,dc2ef32fc4fb2885&t=349482546 HTTP/1.1
      Accept: */*
      Proxy-Authorization: NTLM TlRMTVNTUAADAAAAGAAYAHoAAAAYABgAkgAAAAwADABAAAAAEAAQAEwAAAAeAB4AXAAAAAAAAACqAAAABYKIoG0AYQBzAHQAZQBrAGsAcwBoAGkAdABpAGoAdQBJAE4ARAAtAFMAUABaADQARABYAFAAMAAwADQANwDdaxsGGOW+MQAAAAAAAAAAAAAAAAAAAADzvIrM0li+Ew/iJqtpMB7UFKPF45yl64M=
      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
      Host: in.update.companion.yahoo.com
      Proxy-Connection: Keep-Alive
      Pragma: no-cache
      Cookie: B=0qqakq909k912&b=2; CP=v=50106&br=i
      HTTP/1.1 200 OK
      Via: 1.0 IND-SPZ7PXY001
      Connection: close
      Proxy-Connection: close
      Date: Tue, 11 May 2004 05:41:50 GMT
      Content-Type: text/html
      P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
      Cache-Control: private
      -------------------------------------------------------------------------------------
      FAILED COMMUNICATION HEADERS
      GET /ntlm/ntlmservlet HTTP/1.1
      Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
      Accept-Language: en-us
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
      Host: localhost:8080
      Connection: Keep-Alive


      HTTP/1.1 401 Unauthorized
      WWW-Authenticate: NTLM
      Content-Type: text/html;charset=ISO-8859-1
      Content-Language: en-US
      Transfer-Encoding: chunked
      Date: Tue, 11 May 2004 05:33:26 GMT
      Server: Apache Coyote/1.0

      GET /ntlm/ntlmservlet HTTP/1.1
      Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
      Accept-Language: en-us
      Accept-Encoding: gzip, deflate
      User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
      Host: localhost:8080
      Connection: Keep-Alive
      Authorization: NTLM TlRMTVNTUAABAAAAB7IIoAYABgAvAAAADwAPACAAAABJTkQtU1BaNERYUDAwNDdNQVNURUs=


      HTTP/1.1 401 Unauthorized
      WWW-Authenticate: NTLM TlRMTVNTUAACAAAAAAAAACgAAAABggAAAAICAgAAAAAAAAAAAAAAAA==

      -------------------------------------------------------------------------------------


      -theone