1
14
15 package com.liferay.portal.servlet.filters.sso.ntlm;
16
17 import com.liferay.portal.kernel.log.Log;
18 import com.liferay.portal.kernel.log.LogFactoryUtil;
19 import com.liferay.portal.kernel.servlet.BrowserSnifferUtil;
20 import com.liferay.portal.kernel.servlet.HttpHeaders;
21 import com.liferay.portal.kernel.servlet.HttpMethods;
22 import com.liferay.portal.kernel.util.GetterUtil;
23 import com.liferay.portal.security.auth.AuthSettingsUtil;
24 import com.liferay.portal.servlet.filters.BasePortalFilter;
25 import com.liferay.portal.util.PortalInstances;
26
27 import javax.servlet.FilterChain;
28 import javax.servlet.http.HttpServletRequest;
29 import javax.servlet.http.HttpServletResponse;
30
31 import jcifs.ntlmssp.Type1Message;
32 import jcifs.ntlmssp.Type2Message;
33
34 import jcifs.util.Base64;
35
36
41 public class NtlmPostFilter extends BasePortalFilter {
42
43 protected Log getLog() {
44 return _log;
45 }
46
47 protected void processFilter(
48 HttpServletRequest request, HttpServletResponse response,
49 FilterChain filterChain)
50 throws Exception {
51
52 long companyId = PortalInstances.getCompanyId(request);
53
54 if (AuthSettingsUtil.isNtlmEnabled(companyId) &&
55 BrowserSnifferUtil.isIe(request) &&
56 request.getMethod().equals(HttpMethods.POST)) {
57
58 String authorization = GetterUtil.getString(
59 request.getHeader(HttpHeaders.AUTHORIZATION));
60
61 if (authorization.startsWith("NTLM ")) {
62 byte[] src = Base64.decode(authorization.substring(5));
63
64 if (src[8] == 1) {
65 Type1Message type1 = new Type1Message(src);
66 Type2Message type2 = new Type2Message(
67 type1, new byte[8], null);
68
69 authorization = Base64.encode(type2.toByteArray());
70
71 response.setHeader(
72 HttpHeaders.WWW_AUTHENTICATE, "NTLM " + authorization);
73 response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
74 response.setContentLength(0);
75
76 response.flushBuffer();
77
78 return;
79 }
80 }
81 }
82
83 processFilter(NtlmPostFilter.class, request, response, filterChain);
84 }
85
86 private static Log _log = LogFactoryUtil.getLog(NtlmPostFilter.class);
87
88 }