aspose file tools
The moose likes Servlets and the fly likes NTLM Authentication Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Groovy Fundamentals video training course this week in the Groovy forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "NTLM Authentication" Watch "NTLM Authentication" New topic
Author

NTLM Authentication

Pankaj Bagul
Greenhorn

Joined: Dec 27, 2007
Posts: 7
Hi,

I have to authenticate a windows user with his windows XP loginId and to log him directly in my application which is running in a local intranet.
so that the user need not make a seperate loginId/password. Instead, he can use the same windows loginId.


i tried with the following code:


String auth = httpRequest.getHeader("Authorization");

if (auth == null)
{
httpResponse.setStatus(httpResponse.SC_UNAUTHORIZED);
httpResponse.setHeader("WWW-Authenticate", "NTLM");
httpResponse.flushBuffer();

return;
}
if (auth.startsWith("NTLM "))
{
byte[] msg = new sun.misc.BASE64Decoder().decodeBuffer(auth.substring(5));
int off = 0, length, offset;
if (msg[8] == 1)
{
byte z = 0;
byte[] msg1 = {(byte)'N', (byte)'T', (byte)'L', (byte)'M', (byte)'S', (byte)'S', (byte)'P',
z,(byte)2, z, z, z, z, z, z, z,(byte)40, z, z, z,
(byte)1, (byte)130, z, z,z, (byte)2, (byte)2,
(byte)2, z, z, z, z, z, z, z, z, z, z, z, z};
httpResponse.setHeader("WWW-Authenticate", "NTLM " +
new sun.misc.BASE64Encoder().encodeBuffer(msg1));
httpResponse.sendError(httpResponse.SC_UNAUTHORIZED);


return;
}
else if (msg[8] == 3)
{
off = 30;

length = msg[off+17]*256 + msg[off+16];
offset = msg[off+19]*256 + msg[off+18];
String remoteHost = new String(msg, offset, length);

length = msg[off+1]*256 + msg[off];
offset = msg[off+3]*256 + msg[off+2];
String domain = new String(msg, offset, length);

length = msg[off+9]*256 + msg[off+8];
offset = msg[off+11]*256 + msg[off+10];
String username = new String(msg, offset, length);

--------------------------------------------------------

What happens is that it takes the windows loginId but it doesnot authenticates it.

when i run my application it popups a login window in which i enter my windows loginId/password.

What is wrong here is, if i enter a wrong loginId/password still it logs him which should not happen.
It should authenticate only valid users.

If anybody knows the solution please help me out or still i need to do some more configuration settings or should i use some different code?

Please help me out solving this problem.I am really strucked.

Any help would be highly appreciated.
thanks in advance

Pankaj
 
Don't get me started about those stupid light bulbs.
 
subject: NTLM Authentication