org.alfresco.repo.webdav.auth

Class BaseNTLMAuthenticationFilter

java.lang.Object

org.alfresco.repo.webdav.auth.BaseAuthenticationFilter

org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter

org.alfresco.repo.webdav.auth.BaseNTLMAuthenticationFilter

All Implemented Interfaces:

org.alfresco.repo.management.subsystems.ActivateableBean, DependencyInjectedFilter, AuthenticationDriver, org.springframework.beans.factory.InitializingBean

Direct Known Subclasses:

NTLMAuthenticationFilter

public abstract class BaseNTLMAuthenticationFilter
extends BaseSSOAuthenticationFilter

Base class with common code and initialisation for NTLM authentication filters.

Field Summary

Fields

Modifier and Type	Field and Description
protected static java.lang.String	AUTH_NTLM
protected static java.lang.String	AUTHORIZATION
static java.lang.String	NTLM_AUTH_DETAILS
static java.lang.String	NTLM_AUTH_SESSION
protected static java.lang.String	WWW_AUTHENTICATE

Fields inherited from class org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter

MIME_HTML_TEXT

Fields inherited from class org.alfresco.repo.webdav.auth.BaseAuthenticationFilter

ARG_TICKET, AUTHENTICATION_USER, authenticationComponent, authenticationService, NO_AUTH_REQUIRED, nodeService, personService, remoteUserMapper, transactionService

Constructor Summary

Constructors

Constructor and Description
BaseNTLMAuthenticationFilter()

Method Summary

Methods

Modifier and Type	Method and Description
boolean	authenticateRequest(javax.servlet.ServletContext context, javax.servlet.http.HttpServletRequest sreq, javax.servlet.http.HttpServletResponse sresp) Authenticate user based on information in http request such as Authorization header or cached session information.
protected boolean	checkNTLMv1(java.lang.String md4hash, byte[] challenge, org.alfresco.jlan.server.auth.ntlm.Type3NTLMMessage type3Msg, boolean checkLMHash) Perform an NTLMv1 hashed password check
protected boolean	checkNTLMv2(java.lang.String md4hash, byte[] challenge, org.alfresco.jlan.server.auth.ntlm.Type3NTLMMessage type3Msg) Perform an NTLMv2 check
protected boolean	checkNTLMv2SessionKey(java.lang.String md4hash, byte[] challenge, org.alfresco.jlan.server.auth.ntlm.Type3NTLMMessage type3Msg) Perform an NTLMv2 session key check
protected void	disableNTLMv2() Disable NTLMv2 support, must be called from the implementation constructor
protected java.lang.String	getMD4Hash(java.lang.String userName) Get the stored MD4 hashed password for the user, or null if the user does not exist
protected void	init() Initializes the filter.
protected void	processType1(org.alfresco.jlan.server.auth.ntlm.Type1NTLMMessage type1Msg, javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res) Process a type 1 NTLM message
protected boolean	processType3(org.alfresco.jlan.server.auth.ntlm.Type3NTLMMessage type3Msg, javax.servlet.ServletContext context, javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res) Process a type 3 NTLM message
void	restartLoginChallenge(javax.servlet.ServletContext context, javax.servlet.http.HttpServletRequest req, javax.servlet.http.HttpServletResponse res) Restart the NTLM logon process
void	setMapUnknownUserToGuest(boolean mapUnknownUserToGuest)
protected boolean	validateLocalHashedPassword(org.alfresco.jlan.server.auth.ntlm.Type3NTLMMessage type3Msg, org.alfresco.jlan.server.auth.ntlm.NTLMLogonDetails ntlmDetails, boolean authenticated, java.lang.String md4hash) Validate the MD4 hash against local password

Methods inherited from class org.alfresco.repo.webdav.auth.BaseSSOAuthenticationFilter

afterPropertiesSet, allowsTicketLogons, checkForTicketParameter, doFilter, getLoginPage, getSecurityConfigSection, getServerName, hasLoginPage, isActive, isNTLMSSPBlob, mapClientAddressToDomain, onLoginComplete, onValidate, onValidateFailed, redirectToLoginPage, setActive, setLoginPage, setServerConfiguration, setTicketLogons, writeLoginPageLink

Methods inherited from class org.alfresco.repo.webdav.auth.BaseAuthenticationFilter

createUserEnvironment, createUserEnvironment, createUserObject, doInSystemTransaction, getLogger, getSessionUser, getUserAttributeName, handleLoginForm, invalidateSession, setAuthenticationComponent, setAuthenticationService, setNodeService, setPersonService, setRemoteUserMapper, setTransactionService, setUserAttributeName

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

NTLM_AUTH_SESSION

public static final java.lang.String NTLM_AUTH_SESSION

See Also:

Constant Field Values

NTLM_AUTH_DETAILS

public static final java.lang.String NTLM_AUTH_DETAILS

See Also:

Constant Field Values

WWW_AUTHENTICATE

protected static final java.lang.String WWW_AUTHENTICATE

See Also:

Constant Field Values

AUTHORIZATION

protected static final java.lang.String AUTHORIZATION

See Also:

Constant Field Values

AUTH_NTLM

protected static final java.lang.String AUTH_NTLM

See Also:

Constant Field Values

Constructor Detail

BaseNTLMAuthenticationFilter

public BaseNTLMAuthenticationFilter()

Method Detail

setMapUnknownUserToGuest

public void setMapUnknownUserToGuest(boolean mapUnknownUserToGuest)

Parameters:

mapUnknownUserToGuest - should an unknown user be mapped to guest?

init

protected void init()
             throws javax.servlet.ServletException

Description copied from class: BaseSSOAuthenticationFilter

Initializes the filter. Only called if the filter is active, as indicated by BaseSSOAuthenticationFilter.isActive(). Subclasses should override.

Overrides:

init in class BaseSSOAuthenticationFilter

Throws:

javax.servlet.ServletException

authenticateRequest

public boolean authenticateRequest(javax.servlet.ServletContext context,
                          javax.servlet.http.HttpServletRequest sreq,
                          javax.servlet.http.HttpServletResponse sresp)
                            throws java.io.IOException,
                                   javax.servlet.ServletException

Description copied from interface: AuthenticationDriver

Authenticate user based on information in http request such as Authorization header or cached session information.

Parameters:

context - the context

sreq - http request

sresp - http response

Returns:

true if authentication was successful

Throws:

java.io.IOException

javax.servlet.ServletException

processType1

protected void processType1(org.alfresco.jlan.server.auth.ntlm.Type1NTLMMessage type1Msg,
                javax.servlet.http.HttpServletRequest req,
                javax.servlet.http.HttpServletResponse res)
                     throws java.io.IOException

Process a type 1 NTLM message

Parameters:

type1Msg - Type1NTLMMessage

req - HttpServletRequest

res - HttpServletResponse

session - HttpSession

Throws:

java.io.IOException

processType3

protected boolean processType3(org.alfresco.jlan.server.auth.ntlm.Type3NTLMMessage type3Msg,
                   javax.servlet.ServletContext context,
                   javax.servlet.http.HttpServletRequest req,
                   javax.servlet.http.HttpServletResponse res)
                        throws java.io.IOException,
                               javax.servlet.ServletException

Process a type 3 NTLM message

Parameters:

type3Msg - Type3NTLMMessage

req - HttpServletRequest

res - HttpServletResponse

session - HttpSession

chain - FilterChain

Throws:

java.io.IOException

javax.servlet.ServletException

validateLocalHashedPassword

protected boolean validateLocalHashedPassword(org.alfresco.jlan.server.auth.ntlm.Type3NTLMMessage type3Msg,
                                  org.alfresco.jlan.server.auth.ntlm.NTLMLogonDetails ntlmDetails,
                                  boolean authenticated,
                                  java.lang.String md4hash)

Validate the MD4 hash against local password

Parameters:

type3Msg -

ntlmDetails -

authenticated -

md4hash -

Returns:

true if password hash is valid, false otherwise

checkNTLMv1

protected final boolean checkNTLMv1(java.lang.String md4hash,
                  byte[] challenge,
                  org.alfresco.jlan.server.auth.ntlm.Type3NTLMMessage type3Msg,
                  boolean checkLMHash)

Perform an NTLMv1 hashed password check

Parameters:

String - md4hash

byte[] - challenge

Type3NTLMMessage - type3Msg

checkLMHash - boolean

Returns:

boolean

checkNTLMv2

protected final boolean checkNTLMv2(java.lang.String md4hash,
                  byte[] challenge,
                  org.alfresco.jlan.server.auth.ntlm.Type3NTLMMessage type3Msg)

Perform an NTLMv2 check

Parameters:

String - md4hash

byte[] - challenge

Type3NTLMMessage - type3Msg

Returns:

boolean

checkNTLMv2SessionKey

protected final boolean checkNTLMv2SessionKey(java.lang.String md4hash,
                            byte[] challenge,
                            org.alfresco.jlan.server.auth.ntlm.Type3NTLMMessage type3Msg)

Perform an NTLMv2 session key check

Parameters:

String - md4hash

byte[] - challenge

Type3NTLMMessage - type3Msg

Returns:

boolean

getMD4Hash

protected java.lang.String getMD4Hash(java.lang.String userName)

Get the stored MD4 hashed password for the user, or null if the user does not exist

Parameters:

userName -

md4hash -

Returns:

MD4 hash or null

restartLoginChallenge

public void restartLoginChallenge(javax.servlet.ServletContext context,
                         javax.servlet.http.HttpServletRequest req,
                         javax.servlet.http.HttpServletResponse res)
                           throws java.io.IOException

Restart the NTLM logon process

Parameters:

context -

resp -

httpSess -

Throws:

java.io.IOException

disableNTLMv2

protected final void disableNTLMv2()

Disable NTLMv2 support, must be called from the implementation constructor