001    /**
002     * Copyright (c) 2000-2013 Liferay, Inc. All rights reserved.
003     *
004     * This library is free software; you can redistribute it and/or modify it under
005     * the terms of the GNU Lesser General Public License as published by the Free
006     * Software Foundation; either version 2.1 of the License, or (at your option)
007     * any later version.
008     *
009     * This library is distributed in the hope that it will be useful, but WITHOUT
010     * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
011     * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
012     * details.
013     */
014    
015    package com.liferay.portal.servlet.filters.sso.ntlm;
016    
017    import com.liferay.portal.kernel.log.Log;
018    import com.liferay.portal.kernel.log.LogFactoryUtil;
019    import com.liferay.portal.kernel.servlet.BrowserSnifferUtil;
020    import com.liferay.portal.kernel.servlet.HttpHeaders;
021    import com.liferay.portal.kernel.servlet.HttpMethods;
022    import com.liferay.portal.kernel.util.GetterUtil;
023    import com.liferay.portal.security.auth.AuthSettingsUtil;
024    import com.liferay.portal.servlet.filters.BasePortalFilter;
025    import com.liferay.portal.util.PortalInstances;
026    
027    import javax.servlet.FilterChain;
028    import javax.servlet.http.HttpServletRequest;
029    import javax.servlet.http.HttpServletResponse;
030    
031    import jcifs.ntlmssp.Type1Message;
032    import jcifs.ntlmssp.Type2Message;
033    
034    import jcifs.util.Base64;
035    
036    /**
037     * @author Brian Wing Shun Chan
038     */
039    public class NtlmPostFilter extends BasePortalFilter {
040    
041            @Override
042            protected Log getLog() {
043                    return _log;
044            }
045    
046            @Override
047            protected void processFilter(
048                            HttpServletRequest request, HttpServletResponse response,
049                            FilterChain filterChain)
050                    throws Exception {
051    
052                    long companyId = PortalInstances.getCompanyId(request);
053    
054                    if (AuthSettingsUtil.isNtlmEnabled(companyId) &&
055                            BrowserSnifferUtil.isIe(request) &&
056                            request.getMethod().equals(HttpMethods.POST)) {
057    
058                            String authorization = GetterUtil.getString(
059                                    request.getHeader(HttpHeaders.AUTHORIZATION));
060    
061                            if (authorization.startsWith("NTLM ")) {
062                                    byte[] src = Base64.decode(authorization.substring(5));
063    
064                                    if (src[8] == 1) {
065                                            Type1Message type1 = new Type1Message(src);
066                                            Type2Message type2 = new Type2Message(
067                                                    type1, new byte[8], null);
068    
069                                            authorization = Base64.encode(type2.toByteArray());
070    
071                                            response.setHeader(
072                                                    HttpHeaders.WWW_AUTHENTICATE, "NTLM " + authorization);
073                                            response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
074                                            response.setContentLength(0);
075    
076                                            response.flushBuffer();
077    
078                                            return;
079                                    }
080                            }
081                    }
082    
083                    processFilter(NtlmPostFilter.class, request, response, filterChain);
084            }
085    
086            private static Log _log = LogFactoryUtil.getLog(NtlmPostFilter.class);
087    
088    }