Source code

001/*
002 * (C) Copyright 2010 Nuxeo SA (http://nuxeo.com/) and others.
003 *
004 * Licensed under the Apache License, Version 2.0 (the "License");
005 * you may not use this file except in compliance with the License.
006 * You may obtain a copy of the License at
007 *
008 *     http://www.apache.org/licenses/LICENSE-2.0
009 *
010 * Unless required by applicable law or agreed to in writing, software
011 * distributed under the License is distributed on an "AS IS" BASIS,
012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
013 * See the License for the specific language governing permissions and
014 * limitations under the License.
015 *
016 * Contributors:
017 *     Nuxeo - initial API and implementation
018 */
019
020package org.nuxeo.ecm.platform.ui.web.auth.ntlm;
021
022import java.io.IOException;
023
024import javax.servlet.Filter;
025import javax.servlet.FilterChain;
026import javax.servlet.FilterConfig;
027import javax.servlet.ServletException;
028import javax.servlet.ServletRequest;
029import javax.servlet.ServletResponse;
030import javax.servlet.http.HttpServletRequest;
031import javax.servlet.http.HttpServletResponse;
032
033/**
034 * Manage NTLM "Protected POST" see : http://jcifs.samba.org/src/docs/ntlmhttpauth.html
035 * http://curl.haxx.se/rfc/ntlm.html
036 *
037 * @author Thierry Delprat
038 */
039public class NTLMPostFilter implements Filter {
040
041    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
042            ServletException {
043
044        if (request instanceof HttpServletRequest) {
045            HttpServletRequest httpRequest = (HttpServletRequest) request;
046
047            if ("POST".equals(httpRequest.getMethod())) {
048                String ntlmHeader = httpRequest.getHeader("Authorization");
049                if (ntlmHeader != null && ntlmHeader.startsWith("NTLM") && httpRequest.getContentLength() == 0) {
050                    handleNtlmPost(httpRequest, (HttpServletResponse) response, ntlmHeader);
051                    return;
052                }
053            }
054        }
055        chain.doFilter(request, response);
056    }
057
058    protected void handleNtlmPost(HttpServletRequest httpRequest, HttpServletResponse httpResponse, String ntlmHeader)
059            throws IOException, ServletException {
060        NTLMAuthenticator.negotiate(httpRequest, httpResponse, true);
061    }
062
063    public void init(FilterConfig filterConfig) throws ServletException {
064        // NOP
065    }
066
067    public void destroy() {
068        // NOP
069    }
070
071}