Ok i found out what was going wrong. I used the sun package to encode "new sun.misc.BASE64Encoder().encodeBuffer(msg1)" I replaced it with a class I got from http://iharder.net/base64 and it works fine now. I did not know sun.* apis are not supposed to be used....
dgv123 wrote: > > I am attaching a WAR file which uses code to obtain the user id via NTLM. > This code works fine on Tomcat and Weblogic 9.2 on unix (if i do not use > <s:form/> in the Home.jsp - I do not know why that breaks > http://www.nabble.com/file/p16032835/NTLM1.war NTLM1.war ) > > This WAR does not work on Weblogic 9.2 Windows 2000 as i get the following > error > Header:WWW-Authenticate Cannot contain CRLF Charcters > > Here is the code in the Action class. > ******************************************* > package com.dgv.actions; > > import java.util.Map; > > import javax.servlet.http.HttpServletRequest; > import javax.servlet.http.HttpServletResponse; > > import org.apache.struts2.interceptor.ServletRequestAware; > import org.apache.struts2.interceptor.ServletResponseAware; > import org.apache.struts2.interceptor.SessionAware; > > import com.dgv.security.NTLMLogin; > import com.dgv.util.Util; > import com.opensymphony.xwork2.ActionSupport; > import com.opensymphony.xwork2.Preparable; > > public class BaseAction extends ActionSupport > implements SessionAware, ServletRequestAware, ServletResponseAware, > Preparable{ > > private Map session; > private HttpServletRequest request; > private HttpServletResponse response; > > public void setSession(Map arg0) { > this.session = arg0; > } > > > > public void setServletRequest(HttpServletRequest arg0) { > // TODO Auto-generated method stub > this.request = arg0; > } > public HttpServletRequest getServletRequest() { > // TODO Auto-generated method stub > return request; > } > > > > public void prepare() throws Exception { > > System.out.println("Entered Prepare Method"); > String auth = request.getHeader("Authorization"); > if (auth == null) { > System.out.println("Inside Null"); > response.setStatus(response.SC_UNAUTHORIZED); > response.setHeader("WWW-Authenticate", "NTLM"); > return; > } > System.out.println("outside Null"); > if (auth.startsWith("NTLM ")) { > byte[] msg = new > sun.misc.BASE64Decoder().decodeBuffer(auth.substring(5)); > int off = 30, length=0, offset; > String s; > > if (msg[8] == 1) { // first step of authentication > off = 18; > > // this part is for full hand-shaking, just tested, didn't care > about > result passwords > byte z = 0; > byte[] msg1 = {(byte)'N', (byte)'T', (byte)'L', (byte)'M', > (byte)'S', > (byte)'S', (byte)'P', z, > (byte)2, z, z, z, z, z, z, z, > (byte)40, z, z, z, (byte)1, (byte)130, z, z, > z, (byte)2, (byte)2, (byte)2, z, z, z, z, // this line is > 'nonce' > z, z, z, z, z, z, z, z}; > // remove next lines if you want see the result of first step > response.setStatus(response.SC_UNAUTHORIZED); > System.out.println("Before Setting Header"); > response.setHeader("WWW-Authenticate", "NTLM " + new > sun.misc.BASE64Encoder().encodeBuffer(msg1)); > System.out.println("Header:"+ > request.getHeader("WWW-Authenticate")); > return; > > > } else > //return; > > > length = msg[off+9]*256 + msg[off+8]; > offset = msg[off+11]*256 + msg[off+10]; > s = new String(msg, offset, length); > System.out.println("**USER**** "+s + ""); > } > > } > public void setServletResponse(HttpServletResponse arg0) { > this.response = arg0; > > } > > > > public HttpServletResponse getServletResponse() { > return response; > } > > } > > > > ********************************************** > Any help would be greatly appreciated. > -- View this message in context: http://www.nabble.com/Struts-2-Weblogic-and-NTLM-tp16032835p16037640.html Sent from the Struts - User mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
