001/* 002 * (C) Copyright 2010 Nuxeo SA (http://nuxeo.com/) and others. 003 * 004 * Licensed under the Apache License, Version 2.0 (the "License"); 005 * you may not use this file except in compliance with the License. 006 * You may obtain a copy of the License at 007 * 008 * http://www.apache.org/licenses/LICENSE-2.0 009 * 010 * Unless required by applicable law or agreed to in writing, software 011 * distributed under the License is distributed on an "AS IS" BASIS, 012 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 013 * See the License for the specific language governing permissions and 014 * limitations under the License. 015 * 016 * Contributors: 017 * Nuxeo - initial API and implementation 018 */ 019 020package org.nuxeo.ecm.platform.ui.web.auth.ntlm; 021 022import java.io.IOException; 023 024import javax.servlet.Filter; 025import javax.servlet.FilterChain; 026import javax.servlet.FilterConfig; 027import javax.servlet.ServletException; 028import javax.servlet.ServletRequest; 029import javax.servlet.ServletResponse; 030import javax.servlet.http.HttpServletRequest; 031import javax.servlet.http.HttpServletResponse; 032 033/** 034 * Manage NTLM "Protected POST" see : http://jcifs.samba.org/src/docs/ntlmhttpauth.html 035 * http://curl.haxx.se/rfc/ntlm.html 036 * 037 * @author Thierry Delprat 038 */ 039public class NTLMPostFilter implements Filter { 040 041 @Override 042 public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, 043 ServletException { 044 045 if (request instanceof HttpServletRequest) { 046 HttpServletRequest httpRequest = (HttpServletRequest) request; 047 048 if ("POST".equals(httpRequest.getMethod())) { 049 String ntlmHeader = httpRequest.getHeader("Authorization"); 050 if (ntlmHeader != null && ntlmHeader.startsWith("NTLM") && httpRequest.getContentLength() == 0) { 051 handleNtlmPost(httpRequest, (HttpServletResponse) response, ntlmHeader); 052 return; 053 } 054 } 055 } 056 chain.doFilter(request, response); 057 } 058 059 protected void handleNtlmPost(HttpServletRequest httpRequest, HttpServletResponse httpResponse, String ntlmHeader) 060 throws IOException, ServletException { 061 NTLMAuthenticator.negotiate(httpRequest, httpResponse, true); 062 } 063 064 @Override 065 public void init(FilterConfig filterConfig) throws ServletException { 066 // NOP 067 } 068 069 @Override 070 public void destroy() { 071 // NOP 072 } 073 074}