Package jcifs.smb1.http

Class NtlmHttpFilter

  • All Implemented Interfaces:
    javax.servlet.Filter
    public class NtlmHttpFilter
extends Object
implements javax.servlet.Filter
    This servlet Filter can be used to negotiate password hashes with MSIE clients using NTLM SSP. This is similar to Authentication: BASIC but weakly encrypted and without requiring the user to re-supply authentication credentials.

    Read jCIFS NTLM HTTP Authentication and the Network Explorer Servlet for complete details.

    • Constructor Detail

      • NtlmHttpFilter

        public NtlmHttpFilter()

    • Method Detail

      • init

        public void init​(javax.servlet.FilterConfig filterConfig)
          throws javax.servlet.ServletException
        Specified by:
        init in interface javax.servlet.Filter
        Throws:
        javax.servlet.ServletException

      • destroy

        public void destroy()
        Specified by:
        destroy in interface javax.servlet.Filter

      • doFilter

        public void doFilter​(javax.servlet.ServletRequest request,
                     javax.servlet.ServletResponse response,
                     javax.servlet.FilterChain chain)
              throws IOException,
                     javax.servlet.ServletException
        This method simply calls negotiate( req, resp, false ) and then chain.doFilter. You can override and call negotiate manually to achive a variety of different behavior.
        Specified by:
        doFilter in interface javax.servlet.Filter
        Throws:
        IOException
        javax.servlet.ServletException

      • negotiate

        protected NtlmPasswordAuthentication negotiate​(javax.servlet.http.HttpServletRequest req,
                                               javax.servlet.http.HttpServletResponse resp,
                                               boolean skipAuthentication)
                                        throws IOException,
                                               javax.servlet.ServletException
        Negotiate password hashes with MSIE clients using NTLM SSP
        Parameters:
        req - The servlet request
        resp - The servlet response
        skipAuthentication - If true the negotiation is only done if it is initiated by the client (MSIE post requests after successful NTLM SSP authentication). If false and the user has not been authenticated yet the client will be forced to send an authentication (server sends HttpServletResponse.SC_UNAUTHORIZED).
        Returns:
        True if the negotiation is complete, otherwise false
        Throws:
        IOException
        javax.servlet.ServletException

      • setFilterConfig

        public void setFilterConfig​(javax.servlet.FilterConfig f)

      • getFilterConfig

        public javax.servlet.FilterConfig getFilterConfig()