001
014
015 package com.liferay.portal.servlet.filters.sso.ntlm;
016
017 import com.liferay.portal.kernel.log.Log;
018 import com.liferay.portal.kernel.log.LogFactoryUtil;
019 import com.liferay.portal.kernel.servlet.BrowserSnifferUtil;
020 import com.liferay.portal.kernel.servlet.HttpHeaders;
021 import com.liferay.portal.kernel.servlet.HttpMethods;
022 import com.liferay.portal.kernel.util.GetterUtil;
023 import com.liferay.portal.security.auth.AuthSettingsUtil;
024 import com.liferay.portal.servlet.filters.BasePortalFilter;
025 import com.liferay.portal.util.PortalInstances;
026
027 import javax.servlet.FilterChain;
028 import javax.servlet.http.HttpServletRequest;
029 import javax.servlet.http.HttpServletResponse;
030
031 import jcifs.ntlmssp.Type1Message;
032 import jcifs.ntlmssp.Type2Message;
033
034 import jcifs.util.Base64;
035
036
039 public class NtlmPostFilter extends BasePortalFilter {
040
041 @Override
042 protected Log getLog() {
043 return _log;
044 }
045
046 @Override
047 protected void processFilter(
048 HttpServletRequest request, HttpServletResponse response,
049 FilterChain filterChain)
050 throws Exception {
051
052 long companyId = PortalInstances.getCompanyId(request);
053
054 if (AuthSettingsUtil.isNtlmEnabled(companyId) &&
055 BrowserSnifferUtil.isIe(request) &&
056 request.getMethod().equals(HttpMethods.POST)) {
057
058 String authorization = GetterUtil.getString(
059 request.getHeader(HttpHeaders.AUTHORIZATION));
060
061 if (authorization.startsWith("NTLM ")) {
062 byte[] src = Base64.decode(authorization.substring(5));
063
064 if (src[8] == 1) {
065 Type1Message type1 = new Type1Message(src);
066 Type2Message type2 = new Type2Message(
067 type1, new byte[8], null);
068
069 authorization = Base64.encode(type2.toByteArray());
070
071 response.setHeader(
072 HttpHeaders.WWW_AUTHENTICATE, "NTLM " + authorization);
073 response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
074 response.setContentLength(0);
075
076 response.flushBuffer();
077
078 return;
079 }
080 }
081 }
082
083 processFilter(NtlmPostFilter.class, request, response, filterChain);
084 }
085
086 private static Log _log = LogFactoryUtil.getLog(NtlmPostFilter.class);
087
088 }