001/* 002 * (C) Copyright 2010 Nuxeo SA (http://nuxeo.com/) and others. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 * 016 * Contributors: 017 * Nuxeo - initial API and implementation 018 */ 019 020package org.nuxeo.ecm.platform.ui.web.auth.ntlm; 021 022import java.io.IOException; 023 024import javax.servlet.Filter; 025import javax.servlet.FilterChain; 026import javax.servlet.FilterConfig; 027import javax.servlet.ServletException; 028import javax.servlet.ServletRequest; 029import javax.servlet.ServletResponse; 030import javax.servlet.http.HttpServletRequest; 031import javax.servlet.http.HttpServletResponse; 032 033/** 034 * Manage NTLM "Protected POST" see : http://jcifs.samba.org/src/docs/ntlmhttpauth.html 035 * http://curl.haxx.se/rfc/ntlm.html 036 * 037 * @author Thierry Delprat 038 */ 039public class NTLMPostFilter implements Filter { 040 041 public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, 042 ServletException { 043 044 if (request instanceof HttpServletRequest) { 045 HttpServletRequest httpRequest = (HttpServletRequest) request; 046 047 if ("POST".equals(httpRequest.getMethod())) { 048 String ntlmHeader = httpRequest.getHeader("Authorization"); 049 if (ntlmHeader != null && ntlmHeader.startsWith("NTLM") && httpRequest.getContentLength() == 0) { 050 handleNtlmPost(httpRequest, (HttpServletResponse) response, ntlmHeader); 051 return; 052 } 053 } 054 } 055 chain.doFilter(request, response); 056 } 057 058 protected void handleNtlmPost(HttpServletRequest httpRequest, HttpServletResponse httpResponse, String ntlmHeader) 059 throws IOException, ServletException { 060 NTLMAuthenticator.negotiate(httpRequest, httpResponse, true); 061 } 062 063 public void init(FilterConfig filterConfig) throws ServletException { 064 // NOP 065 } 066 067 public void destroy() { 068 // NOP 069 } 070 071}