Package org.alfresco.repo.webdav.auth
Class BaseNTLMAuthenticationFilter
- java.lang.Object
-
- org.alfresco.repo.webdav.auth.BaseAuthenticationFilter
-
- org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter
-
- org.alfresco.repo.webdav.auth.BaseNTLMAuthenticationFilter
-
- All Implemented Interfaces:
org.alfresco.repo.management.subsystems.ActivateableBean
,DependencyInjectedFilter
,AuthenticationDriver
,org.springframework.beans.factory.InitializingBean
- Direct Known Subclasses:
NTLMAuthenticationFilter
,NTLMAuthenticationFilter
public abstract class BaseNTLMAuthenticationFilter extends BaseSSOAuthenticationFilter
Base class with common code and initialisation for NTLM authentication filters.
-
-
Field Summary
Fields Modifier and Type Field Description protected static String
AUTH_NTLM
protected static String
AUTHORIZATION
static String
NTLM_AUTH_DETAILS
static String
NTLM_AUTH_SESSION
protected static String
WWW_AUTHENTICATE
-
Fields inherited from class org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter
loginPageLink, MIME_HTML_TEXT
-
Fields inherited from class org.alfresco.repo.webdav.auth.BaseAuthenticationFilter
ARG_TICKET, AUTHENTICATION_USER, authenticationComponent, authenticationListener, authenticationService, NO_AUTH_REQUIRED, nodeService, personService, remoteUserMapper, transactionService
-
Fields inherited from interface org.alfresco.repo.webdav.auth.AuthenticationDriver
AUTHENTICATION_USER
-
-
Constructor Summary
Constructors Constructor Description BaseNTLMAuthenticationFilter()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description boolean
authenticateRequest(javax.servlet.ServletContext context, javax.servlet.http.HttpServletRequest sreq, javax.servlet.http.HttpServletResponse sresp)
Authenticate user based on information in http request such as Authorization header or cached session information.protected boolean
checkNTLMv1(String md4hash, byte[] challenge, org.alfresco.jlan.server.auth.ntlm.Type3NTLMMessage type3Msg, boolean checkLMHash)
Perform an NTLMv1 hashed password checkprotected boolean
checkNTLMv2(String md4hash, byte[] challenge, org.alfresco.jlan.server.auth.ntlm.Type3NTLMMessage type3Msg)
Perform an NTLMv2 checkprotected boolean
checkNTLMv2SessionKey(String md4hash, byte[] challenge, org.alfresco.jlan.server.auth.ntlm.Type3NTLMMessage type3Msg)
Perform an NTLMv2 session key checkprotected void
disableNTLMv2()
Disable NTLMv2 support, must be called from the implementation constructorprotected String
getMD4Hash(String userName)
Get the stored MD4 hashed password for the user, or null if the user does not existprotected void
init()
Initializes the filter.protected void
processType1(org.alfresco.jlan.server.auth.ntlm.Type1NTLMMessage type1Msg, javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res)
Process a type 1 NTLM messageprotected boolean
processType3(org.alfresco.jlan.server.auth.ntlm.Type3NTLMMessage type3Msg, javax.servlet.ServletContext context, javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res)
Process a type 3 NTLM messagevoid
restartLoginChallenge(javax.servlet.ServletContext context, javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res)
Restart the NTLM logon processvoid
setMapUnknownUserToGuest(boolean mapUnknownUserToGuest)
protected boolean
validateLocalHashedPassword(org.alfresco.jlan.server.auth.ntlm.Type3NTLMMessage type3Msg, org.alfresco.jlan.server.auth.ntlm.NTLMLogonDetails ntlmDetails, boolean authenticated, String md4hash)
Validate the MD4 hash against local password-
Methods inherited from class org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter
afterPropertiesSet, allowsTicketLogons, checkForTicketParameter, doFilter, getLoginPage, getLoginPageLink, getSecurityConfigSection, getServerName, hasLoginPage, includeFallbackAuth, isActive, isFallbackEnabled, isNTLMSSPBlob, mapClientAddressToDomain, onLoginComplete, onValidate, onValidateFailed, performFallbackAuthentication, redirectToLoginPage, setActive, setFallback, setFallbackEnabled, setLoginPage, setLoginPageLink, setServerConfiguration, setTicketLogons, writeLoginPageLink
-
Methods inherited from class org.alfresco.repo.webdav.auth.BaseAuthenticationFilter
createUserEnvironment, createUserEnvironment, createUserObject, doInSystemTransaction, getLogger, getSessionUser, getUserAttributeName, handleLoginForm, invalidateSession, setAuthenticationComponent, setAuthenticationListener, setAuthenticationService, setNodeService, setPersonService, setRemoteUserMapper, setTransactionService, setUserAttributeName
-
-
-
-
Field Detail
-
NTLM_AUTH_SESSION
public static final String NTLM_AUTH_SESSION
- See Also:
- Constant Field Values
-
NTLM_AUTH_DETAILS
public static final String NTLM_AUTH_DETAILS
- See Also:
- Constant Field Values
-
WWW_AUTHENTICATE
protected static final String WWW_AUTHENTICATE
- See Also:
- Constant Field Values
-
AUTHORIZATION
protected static final String AUTHORIZATION
- See Also:
- Constant Field Values
-
AUTH_NTLM
protected static final String AUTH_NTLM
- See Also:
- Constant Field Values
-
-
Method Detail
-
setMapUnknownUserToGuest
public void setMapUnknownUserToGuest(boolean mapUnknownUserToGuest)
- Parameters:
mapUnknownUserToGuest
- should an unknown user be mapped to guest?
-
init
protected void init() throws javax.servlet.ServletException
Description copied from class:BaseSSOAuthenticationFilter
Initializes the filter. Only called if the filter is active, as indicated byBaseSSOAuthenticationFilter.isActive()
. Subclasses should override.- Overrides:
init
in classBaseSSOAuthenticationFilter
- Throws:
javax.servlet.ServletException
-
authenticateRequest
public boolean authenticateRequest(javax.servlet.ServletContext context, javax.servlet.http.HttpServletRequest sreq, javax.servlet.http.HttpServletResponse sresp) throws IOException, javax.servlet.ServletException
Description copied from interface:AuthenticationDriver
Authenticate user based on information in http request such as Authorization header or cached session information.- Parameters:
context
- the contextsreq
- http requestsresp
- http response- Returns:
true
if authentication was successful- Throws:
IOException
javax.servlet.ServletException
-
processType1
protected void processType1(org.alfresco.jlan.server.auth.ntlm.Type1NTLMMessage type1Msg, javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res) throws IOException
Process a type 1 NTLM message- Parameters:
type1Msg
- Type1NTLMMessagereq
- HttpServletRequestres
- HttpServletResponse- Throws:
IOException
-
processType3
protected boolean processType3(org.alfresco.jlan.server.auth.ntlm.Type3NTLMMessage type3Msg, javax.servlet.ServletContext context, javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res) throws IOException, javax.servlet.ServletException
Process a type 3 NTLM message- Parameters:
type3Msg
- Type3NTLMMessagereq
- HttpServletRequestres
- HttpServletResponse- Throws:
IOException
javax.servlet.ServletException
-
validateLocalHashedPassword
protected boolean validateLocalHashedPassword(org.alfresco.jlan.server.auth.ntlm.Type3NTLMMessage type3Msg, org.alfresco.jlan.server.auth.ntlm.NTLMLogonDetails ntlmDetails, boolean authenticated, String md4hash)
Validate the MD4 hash against local password- Parameters:
type3Msg
- Type3NTLMMessagentlmDetails
- NTLMLogonDetailsauthenticated
- booleanmd4hash
- String- Returns:
- true if password hash is valid, false otherwise
-
checkNTLMv1
protected final boolean checkNTLMv1(String md4hash, byte[] challenge, org.alfresco.jlan.server.auth.ntlm.Type3NTLMMessage type3Msg, boolean checkLMHash)
Perform an NTLMv1 hashed password check- Parameters:
md4hash
- Stringchallenge
- byte[]type3Msg
- Type3NTLMMessagecheckLMHash
- boolean- Returns:
- boolean
-
checkNTLMv2
protected final boolean checkNTLMv2(String md4hash, byte[] challenge, org.alfresco.jlan.server.auth.ntlm.Type3NTLMMessage type3Msg)
Perform an NTLMv2 check- Parameters:
md4hash
- Stringchallenge
- byte[]type3Msg
- Type3NTLMMessage- Returns:
- boolean
-
checkNTLMv2SessionKey
protected final boolean checkNTLMv2SessionKey(String md4hash, byte[] challenge, org.alfresco.jlan.server.auth.ntlm.Type3NTLMMessage type3Msg)
Perform an NTLMv2 session key check- Parameters:
md4hash
- Stringchallenge
- byte[]type3Msg
- Type3NTLMMessage- Returns:
- boolean
-
getMD4Hash
protected String getMD4Hash(String userName)
Get the stored MD4 hashed password for the user, or null if the user does not exist- Parameters:
userName
- String- Returns:
- MD4 hash or null
-
restartLoginChallenge
public void restartLoginChallenge(javax.servlet.ServletContext context, javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res) throws IOException
Restart the NTLM logon process- Parameters:
context
- ServletContextreq
- HttpServletRequestres
- SessHttpServletResponse- Throws:
IOException
-
disableNTLMv2
protected final void disableNTLMv2()
Disable NTLMv2 support, must be called from the implementation constructor
-
-