我将NTLM身份验证与LDAP集成用于登录拦截器类。此代码如下所示。我想使用NTLM2而不是NTLM。
如果可以的话,我想使用该库进行开发。我不明白,如何开发NTLM2身份验证?什么是jcifs版本?
我已经更改了计算机Lan Manager身份验证级别,但是我仍然可以使用NTLMv1获得相同的令牌。我想知道,我可以适当更改吗?
LoginInterceptor.java
public class LoginInterceptor extends HandlerInterceptorAdapter {
TemplateBean templateBean;
Log log = LogFactory.getLog(LoginInterceptor.class);
public TemplateBean getTemplateBean() {
return templateBean;
}
public void setTemplateBean(TemplateBean templateBean) {
this.templateBean = templateBean;
}
/**
* login checking , checks a key in http session object, if key not found in http session, response is redirected to login page.
*
* @param httpServletRequest
* @param httpServletResponse
* @param handler
* @return
* @throws Exception
*/
@Override
public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object handler) throws Exception {
boolean check = false;
if (!check) {
check = login(httpServletRequest, httpServletResponse);
}
if (check) {
return true;
}
return false;
}
public boolean login(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
String username = null;
User user = null;
String auth = httpServletRequest.getHeader("Authorization");
if (auth == null) {
httpServletResponse.setStatus(httpServletResponse.SC_UNAUTHORIZED);
httpServletResponse.setHeader("WWW-Authenticate", "NTLM");
return false;
}
if (auth.startsWith("NTLM ")) {
byte[] msg =
new sun.misc.BASE64Decoder().decodeBuffer(auth.substring(5));
int off , length, offset;
if (msg[8] == 1){
off = 18;
byte z = 0;
byte[] msg1 =
{(byte) 'N', (byte) 'T', (byte) 'L', (byte) 'M', (byte) 'S',
(byte) 'S', (byte) 'P', z,
(byte) 2, z, z, z, z, z, z, z,
(byte) 40, z, z, z, (byte) 1, (byte) 130, z, z,
z, (byte) 2, (byte) 2, (byte) 2, z, z, z, z, //
z, z, z, z, z, z, z, z};
String ntlm = new sun.misc.BASE64Encoder().encodeBuffer(msg1).trim();
httpServletResponse.setContentLength(0);
httpServletResponse.setStatus(httpServletResponse.SC_UNAUTHORIZED);
httpServletResponse.setHeader("WWW-Authenticate", "NTLM " + ntlm);
httpServletResponse.flushBuffer();
return false;
} else if (msg[8] == 3){
off = 30;
length = msg[off+17]*256 + msg[off+16];
offset = msg[off+19]*256 + msg[off+8];
String remoteHost = new String(msg, offset, length);
length = msg[off + 1] * 256 + msg[off];
offset = msg[off + 3] * 256 + msg[off + 2];
String domain = new String(msg, offset, length);
length = msg[off + 9] * 256 + msg[off + 8];
offset = msg[off + 11] * 256 + msg[off + 10];
username = new String(msg, offset, length);
String invalidString = Character.toString((char) 0);
remoteHost = remoteHost.replace(invalidString, "");
domain = domain.replace(invalidString, "");
username = username.replace(invalidString, "");
log.info("remote Host :" + remoteHost + " domain " + domain + " username " + username);
if (checkLogin(httpServletRequest, httpServletResponse)) { // get ldap info
log.info(" session found for logged user");
return true;
}
user = getTemplateBean().findUser(username);
if (user == null) {
log.info("USERAUTH returned no results for " + username);
httpServletResponse.sendError(HttpServletResponse.SC_FORBIDDEN);
return false;
}
}else{
return false;
}
}
httpServletRequest.getSession().setAttribute("USER_CODE", username);
httpServletRequest.getSession().setAttribute("USER_ID", username);
httpServletRequest.getSession().setAttribute("USER", user);
httpServletRequest.getSession().setAttribute("addFormdc", user.isAddFormdc());
return true;
}
}
谢谢您的帮助。