org.alfresco.repo.webdav.auth
Class BaseNTLMAuthenticationFilter

java.lang.Object
  extended by org.alfresco.repo.webdav.auth.BaseAuthenticationFilter
      extended by org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter
          extended by org.alfresco.repo.webdav.auth.BaseNTLMAuthenticationFilter
All Implemented Interfaces:
org.alfresco.repo.management.subsystems.ActivateableBean, DependencyInjectedFilter, AuthenticationDriver, org.springframework.beans.factory.InitializingBean
Direct Known Subclasses:
NTLMAuthenticationFilter

public abstract class BaseNTLMAuthenticationFilter
extends BaseSSOAuthenticationFilter

Base class with common code and initialisation for NTLM authentication filters.


Field Summary
protected static java.lang.String AUTH_NTLM
           
protected static java.lang.String AUTHORIZATION
           
static java.lang.String NTLM_AUTH_DETAILS
           
static java.lang.String NTLM_AUTH_SESSION
           
protected static java.lang.String WWW_AUTHENTICATE
           
 
Fields inherited from class org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter
MIME_HTML_TEXT
 
Fields inherited from class org.alfresco.repo.webdav.auth.BaseAuthenticationFilter
ARG_TICKET, AUTHENTICATION_USER, authenticationComponent, authenticationService, NO_AUTH_REQUIRED, nodeService, personService, remoteUserMapper, transactionService
 
Constructor Summary
BaseNTLMAuthenticationFilter()
           
 
Method Summary
 boolean authenticateRequest(javax.servlet.ServletContext context, javax.servlet.http.HttpServletRequest sreq, javax.servlet.http.HttpServletResponse sresp)
          Authenticate user based on information in http request such as Authorization header or cached session information.
protected  boolean checkNTLMv1(java.lang.String md4hash, byte[] challenge, org.alfresco.jlan.server.auth.ntlm.Type3NTLMMessage type3Msg, boolean checkLMHash)
          Perform an NTLMv1 hashed password check
protected  boolean checkNTLMv2(java.lang.String md4hash, byte[] challenge, org.alfresco.jlan.server.auth.ntlm.Type3NTLMMessage type3Msg)
          Perform an NTLMv2 check
protected  boolean checkNTLMv2SessionKey(java.lang.String md4hash, byte[] challenge, org.alfresco.jlan.server.auth.ntlm.Type3NTLMMessage type3Msg)
          Perform an NTLMv2 session key check
protected  void disableNTLMv2()
          Disable NTLMv2 support, must be called from the implementation constructor
protected  java.lang.String getMD4Hash(java.lang.String userName)
          Get the stored MD4 hashed password for the user, or null if the user does not exist
protected  void init()
          Initializes the filter.
protected  void processType1(org.alfresco.jlan.server.auth.ntlm.Type1NTLMMessage type1Msg, javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res)
          Process a type 1 NTLM message
protected  boolean processType3(org.alfresco.jlan.server.auth.ntlm.Type3NTLMMessage type3Msg, javax.servlet.ServletContext context, javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res)
          Process a type 3 NTLM message
 void restartLoginChallenge(javax.servlet.ServletContext context, javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res)
          Restart the NTLM logon process
 void setMapUnknownUserToGuest(boolean mapUnknownUserToGuest)
           
protected  boolean validateLocalHashedPassword(org.alfresco.jlan.server.auth.ntlm.Type3NTLMMessage type3Msg, org.alfresco.jlan.server.auth.ntlm.NTLMLogonDetails ntlmDetails, boolean authenticated, java.lang.String md4hash)
          Validate the MD4 hash against local password
 
Methods inherited from class org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter
afterPropertiesSet, allowsTicketLogons, checkForTicketParameter, doFilter, getLoginPage, getSecurityConfigSection, getServerName, hasLoginPage, isActive, isNTLMSSPBlob, mapClientAddressToDomain, onLoginComplete, onValidate, onValidateFailed, redirectToLoginPage, setActive, setLoginPage, setServerConfiguration, setTicketLogons, writeLoginPageLink
 
Methods inherited from class org.alfresco.repo.webdav.auth.BaseAuthenticationFilter
createUserEnvironment, createUserEnvironment, createUserObject, doInSystemTransaction, getLogger, getSessionUser, getUserAttributeName, handleLoginForm, invalidateSession, setAuthenticationComponent, setAuthenticationService, setNodeService, setPersonService, setRemoteUserMapper, setTransactionService, setUserAttributeName
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

NTLM_AUTH_SESSION

public static final java.lang.String NTLM_AUTH_SESSION
See Also:
Constant Field Values

NTLM_AUTH_DETAILS

public static final java.lang.String NTLM_AUTH_DETAILS
See Also:
Constant Field Values

WWW_AUTHENTICATE

protected static final java.lang.String WWW_AUTHENTICATE
See Also:
Constant Field Values

AUTHORIZATION

protected static final java.lang.String AUTHORIZATION
See Also:
Constant Field Values

AUTH_NTLM

protected static final java.lang.String AUTH_NTLM
See Also:
Constant Field Values
Constructor Detail

BaseNTLMAuthenticationFilter

public BaseNTLMAuthenticationFilter()
Method Detail

setMapUnknownUserToGuest

public void setMapUnknownUserToGuest(boolean mapUnknownUserToGuest)
Parameters:
mapUnknownUserToGuest - should an unknown user be mapped to guest?

init

protected void init()
             throws javax.servlet.ServletException
Description copied from class: BaseSSOAuthenticationFilter
Initializes the filter. Only called if the filter is active, as indicated by BaseSSOAuthenticationFilter.isActive(). Subclasses should override.

Overrides:
init in class BaseSSOAuthenticationFilter
Throws:
javax.servlet.ServletException

authenticateRequest

public boolean authenticateRequest(javax.servlet.ServletContext context,
                                   javax.servlet.http.HttpServletRequest sreq,
                                   javax.servlet.http.HttpServletResponse sresp)
                            throws java.io.IOException,
                                   javax.servlet.ServletException
Description copied from interface: AuthenticationDriver
Authenticate user based on information in http request such as Authorization header or cached session information.

Parameters:
context - the context
sreq - http request
sresp - http response
Returns:
true if authentication was successful
Throws:
java.io.IOException
javax.servlet.ServletException

processType1

protected void processType1(org.alfresco.jlan.server.auth.ntlm.Type1NTLMMessage type1Msg,
                            javax.servlet.http.HttpServletRequest req,
                            javax.servlet.http.HttpServletResponse res)
                     throws java.io.IOException
Process a type 1 NTLM message

Parameters:
type1Msg - Type1NTLMMessage
req - HttpServletRequest
res - HttpServletResponse
session - HttpSession
Throws:
java.io.IOException

processType3

protected boolean processType3(org.alfresco.jlan.server.auth.ntlm.Type3NTLMMessage type3Msg,
                               javax.servlet.ServletContext context,
                               javax.servlet.http.HttpServletRequest req,
                               javax.servlet.http.HttpServletResponse res)
                        throws java.io.IOException,
                               javax.servlet.ServletException
Process a type 3 NTLM message

Parameters:
type3Msg - Type3NTLMMessage
req - HttpServletRequest
res - HttpServletResponse
session - HttpSession
chain - FilterChain
Throws:
java.io.IOException
javax.servlet.ServletException

validateLocalHashedPassword

protected boolean validateLocalHashedPassword(org.alfresco.jlan.server.auth.ntlm.Type3NTLMMessage type3Msg,
                                              org.alfresco.jlan.server.auth.ntlm.NTLMLogonDetails ntlmDetails,
                                              boolean authenticated,
                                              java.lang.String md4hash)
Validate the MD4 hash against local password

Parameters:
type3Msg -
ntlmDetails -
authenticated -
md4hash -
Returns:
true if password hash is valid, false otherwise

checkNTLMv1

protected final boolean checkNTLMv1(java.lang.String md4hash,
                                    byte[] challenge,
                                    org.alfresco.jlan.server.auth.ntlm.Type3NTLMMessage type3Msg,
                                    boolean checkLMHash)
Perform an NTLMv1 hashed password check

Parameters:
String - md4hash
byte[] - challenge
Type3NTLMMessage - type3Msg
checkLMHash - boolean
Returns:
boolean

checkNTLMv2

protected final boolean checkNTLMv2(java.lang.String md4hash,
                                    byte[] challenge,
                                    org.alfresco.jlan.server.auth.ntlm.Type3NTLMMessage type3Msg)
Perform an NTLMv2 check

Parameters:
String - md4hash
byte[] - challenge
Type3NTLMMessage - type3Msg
Returns:
boolean

checkNTLMv2SessionKey

protected final boolean checkNTLMv2SessionKey(java.lang.String md4hash,
                                              byte[] challenge,
                                              org.alfresco.jlan.server.auth.ntlm.Type3NTLMMessage type3Msg)
Perform an NTLMv2 session key check

Parameters:
String - md4hash
byte[] - challenge
Type3NTLMMessage - type3Msg
Returns:
boolean

getMD4Hash

protected java.lang.String getMD4Hash(java.lang.String userName)
Get the stored MD4 hashed password for the user, or null if the user does not exist

Parameters:
userName -
md4hash -
Returns:
MD4 hash or null

restartLoginChallenge

public void restartLoginChallenge(javax.servlet.ServletContext context,
                                  javax.servlet.http.HttpServletRequest req,
                                  javax.servlet.http.HttpServletResponse res)
                           throws java.io.IOException
Restart the NTLM logon process

Parameters:
context -
resp -
httpSess -
Throws:
java.io.IOException

disableNTLMv2

protected final void disableNTLMv2()
Disable NTLMv2 support, must be called from the implementation constructor



Copyright © 2005 - 2010 Alfresco Software, Inc. All Rights Reserved.