在Spring-Mvc中如何使用NTLMv2身份验证?

时间:2019-06-10 06:05:24

标签: java spring-mvc ntlm ntlm-authentication ntlmv2

我将NTLM身份验证与LDAP集成用于登录拦截器类。此代码如下所示。我想使用NTLM2而不是NTLM。

如果可以的话,我想使用该库进行开发。我不明白,如何开发NTLM2身份验证?什么是jcifs版本?

我已经更改了计算机Lan Manager身份验证级别,但是我仍然可以使用NTLMv1获得相同的令牌。我想知道,我可以适当更改吗?

LoginInterceptor.java

public class LoginInterceptor extends HandlerInterceptorAdapter {
    TemplateBean templateBean;

    Log log = LogFactory.getLog(LoginInterceptor.class);

    public TemplateBean getTemplateBean() {
        return templateBean;
    }

    public void setTemplateBean(TemplateBean templateBean) {
        this.templateBean = templateBean;
    }

    /**
     * login checking , checks a key in http session object, if key not found in http session, response is redirected to login page.
     *
     * @param httpServletRequest
     * @param httpServletResponse
     * @param handler
     * @return
     * @throws Exception
     */
    @Override
    public boolean preHandle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object handler) throws Exception {

        boolean check = false;

        if (!check) {
            check = login(httpServletRequest, httpServletResponse);
        }

        if (check) {    
            return true;
        }

        return false;
    }

    public boolean login(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException {
        String username = null;
        User user = null;

        String auth = httpServletRequest.getHeader("Authorization");

        if (auth == null) {

            httpServletResponse.setStatus(httpServletResponse.SC_UNAUTHORIZED);
            httpServletResponse.setHeader("WWW-Authenticate", "NTLM");
            return false;
        }
        if (auth.startsWith("NTLM ")) {
            byte[] msg =
                    new sun.misc.BASE64Decoder().decodeBuffer(auth.substring(5));
            int off , length, offset;

            if (msg[8] == 1){
                off = 18;

                byte z = 0;
                byte[] msg1 =
                        {(byte) 'N', (byte) 'T', (byte) 'L', (byte) 'M', (byte) 'S',
                                (byte) 'S', (byte) 'P', z,
                                (byte) 2, z, z, z, z, z, z, z,
                                (byte) 40, z, z, z, (byte) 1, (byte) 130, z, z,
                                z, (byte) 2, (byte) 2, (byte) 2, z, z, z, z, //
                                z, z, z, z, z, z, z, z};


                String ntlm = new sun.misc.BASE64Encoder().encodeBuffer(msg1).trim();

                httpServletResponse.setContentLength(0);

                httpServletResponse.setStatus(httpServletResponse.SC_UNAUTHORIZED);
                httpServletResponse.setHeader("WWW-Authenticate", "NTLM " + ntlm);
                httpServletResponse.flushBuffer();
                return false;
            } else if (msg[8] == 3){          
                off = 30;
                length = msg[off+17]*256 + msg[off+16];
                offset = msg[off+19]*256 + msg[off+8];
                String remoteHost = new String(msg, offset, length);

                length = msg[off + 1] * 256 + msg[off];
                offset = msg[off + 3] * 256 + msg[off + 2];
                String domain = new String(msg, offset, length);

                length = msg[off + 9] * 256 + msg[off + 8];
                offset = msg[off + 11] * 256 + msg[off + 10];
                username = new String(msg, offset, length);

                String invalidString = Character.toString((char) 0);

                remoteHost = remoteHost.replace(invalidString, "");
                domain = domain.replace(invalidString, "");
                username = username.replace(invalidString, "");

                log.info("remote Host :" + remoteHost + " domain " + domain + " username " + username);

                if (checkLogin(httpServletRequest, httpServletResponse)) { // get ldap info
                    log.info(" session found for logged user");
                    return true;
                }

                user = getTemplateBean().findUser(username);
                if (user == null) {
                    log.info("USERAUTH returned no results for " + username);

                    httpServletResponse.sendError(HttpServletResponse.SC_FORBIDDEN);
                    return false;
                }
            }else{
                return false;
            }
        }

        httpServletRequest.getSession().setAttribute("USER_CODE", username);
        httpServletRequest.getSession().setAttribute("USER_ID", username);
        httpServletRequest.getSession().setAttribute("USER", user);
        httpServletRequest.getSession().setAttribute("addFormdc", user.isAddFormdc());

        return true;

    }
}

谢谢您的帮助。

0 个答案:

没有答案