Hi, What I have found out until now is that somehow some request parameters disappear when I use NTLM authentication procedure. I have changed my app to use a servlet filter to do the NTLM conversation only once upon first app access by a user, and even managed to not create a session in the filter code, but I keep getting this problem. The request parameters are the following when I click on a image button, for example, when no NTLM is used and app works ok: userRow:0:edit.x=5 deleteForm:hf:0= userRow:0:edit.y=3 wicket:interface=:1:deleteForm::IFormSubmitListener
But when I change app to use NTLM, I ger these request parameters in the exact same situation: wicket:interface=:3:deleteForm::IFormSubmitListener So I off now to investigate wicket's response generation code. If anyone has any tip regarding why parameters could disappear like this, I'd be grateful. Regards, ptrthomas wrote: > > Hi, > > Maybe it is a better idea to do this only once as part of an > AuthorizationStrategy set up in your Application class? Then after > creating > a session everything works like normal until logout. > > Example of a real life AuthorizationStrategy can be found here, in this > particular example there is some code that deals with the request > directly, > e.g. checks for cookies. > > http://fisheye3.cenqua.com/browse/j-trac/trunk/jtrac/src/main/java/info/jtrac/wicket/JtracApplication.java?r=956 > > I am really interested in NTLM authentication in Wicket, do let me know if > you make any progress with this! > > Thanks, > > Peter. > > On 4/19/07, Zenrique Steckelberg <[EMAIL PROTECTED]> wrote: >> >> >> Hi all, >> >> I work in a windows mostly environment, thus decided to use NTLM >> authentication so I wouldn't need to store and check users passwords. On >> each WebRequest and WebResponse I check if the user is identified or not, >> and if not I go through NTLM's request/response procedure in order to get >> user's login from ie browser (and thus windows). What happens is that >> after >> changing newWebRequest and newWebResponse methods to get the >> authentication, >> my application stops working, and no image or submit button works >> anymore. >> If I comment out both newWeb Request/Response methods, everything works >> fine. I am using Databinder for some of the authorization features and >> other >> db stuff, but I think this relates particularly to wicket. >> >> Here's the code: >> >> public class ConfServApp extends AuthDataApplication { >> private String auth; >> >> private String remoteHost; >> >> private String domain; >> >> private String username; >> >> @Override >> protected WebRequest newWebRequest(HttpServletRequest servletRequest) >> { >> WebRequest request = (WebRequest) >> super.newWebRequest(servletRequest); >> >> >> auth = (String) request.getHttpServletRequest().getHeader( >> "Authorization"); >> >> return request; >> } >> >> @Override >> protected WebResponse newWebResponse(HttpServletResponse >> servletResponse) { >> WebResponse response = (WebResponse) super >> .newWebResponse(servletResponse); >> if (username == null) { >> if (auth == null) { >> response.setHeader("WWW-Authenticate", "NTLM"); >> try { >> response.getHttpServletResponse().sendError( >> HttpServletResponse.SC_UNAUTHORIZED); >> } catch (Exception e) { >> System.out.println(e.getMessage()); >> e.printStackTrace(); >> } >> } else if (auth.startsWith("NTLM ")) { >> byte[] msg = null; >> try { >> msg = new sun.misc.BASE64Decoder().decodeBuffer(auth >> .substring(5)); >> } catch (Exception e) { >> System.out.println(e.getMessage()); >> e.printStackTrace(); >> } >> int off = 0, length, offset; >> if (msg[8] == 1) { >> byte z = 0; >> byte[] msg1 = { (byte) 'N', (byte) 'T', (byte) 'L', >> (byte) 'M', (byte) 'S', (byte) 'S', (byte) >> 'P', >> z, >> (byte) 2, z, z, z, z, z, z, z, (byte) 40, z, >> z, >> z, >> (byte) 2, (byte) 130, z, z, z, (byte) 2, >> (byte) >> 2, >> (byte) 2, z, z, z, z, z, z, z, z, z, z, z, z >> }; >> response.setHeader("WWW-Authenticate", "NTLM " >> + new >> sun.misc.BASE64Encoder().encodeBuffer(msg1) >> .trim()); >> try { >> response.getHttpServletResponse().sendError( >> HttpServletResponse.SC_UNAUTHORIZED); >> } catch (Exception e) { >> System.out.println(e.getMessage()); >> e.printStackTrace(); >> } >> } else if (msg[8] == 3) { >> off = 30; >> >> length = msg[off + 17] * 256 + msg[off + 16]; >> offset = msg[off + 19] * 256 + msg[off + 18]; >> remoteHost = new String(msg, offset, length); >> >> length = msg[off + 1] * 256 + msg[off]; >> offset = msg[off + 3] * 256 + msg[off + 2]; >> domain = new String(msg, offset, length); >> >> length = msg[off + 9] * 256 + msg[off + 8]; >> offset = msg[off + 11] * 256 + msg[off + 10]; >> username = new String(msg, offset, length); >> >> System.out.println("Username:" + username); >> System.out.println("RemoteHost:" + remoteHost); >> System.out.println("Domain:" + domain); >> } >> } >> } >> return response; >> } >> >> /** >> * @return Page to display when no specific page is requested >> */ >> @Override >> public Class getHomePage() { >> return EditMobilityExceptionPage.class; >> } >> >> /** >> * Add annotated classes to config, leaving the call to >> super-implementation >> * in most cases. >> * >> * @param config >> * Hibernate configuration >> */ >> @Override >> protected void configureHibernate(AnnotationConfiguration config) { >> super.configureHibernate(config); >> config.addAnnotatedClass(MobilityException.class); >> } >> >> @Override >> public byte[] getSalt() { >> return "xxxxxx".getBytes(); >> } >> >> @Override >> public Class<? extends IUser> getUserClass() { >> return ConfServUser.class; >> } >> >> @Override >> public Class<? extends WebPage> getSignInPageClass() { >> return ConfServSignInPage.class; >> } >> } >> >> -- >> View this message in context: >> http://www.nabble.com/NTLM-Authentication-tf3602872.html#a10065119 >> Sent from the Wicket - User mailing list archive at Nabble.com. >> >> >> ------------------------------------------------------------------------- >> This SF.net email is sponsored by DB2 Express >> Download DB2 Express C - the FREE version of DB2 express and take >> control of your XML. No limits. Just data. Click to get it now. >> http://sourceforge.net/powerbar/db2/ >> _______________________________________________ >> Wicket-user mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/wicket-user >> > > ------------------------------------------------------------------------- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > _______________________________________________ > Wicket-user mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/wicket-user > > -- View this message in context: http://www.nabble.com/NTLM-Authentication-tf3602872.html#a10085714 Sent from the Wicket - User mailing list archive at Nabble.com. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Wicket-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/wicket-user
