E
Eric
I found this username extraction code on "Real's How to..." site. The code
work great, but I
need help with getting it to work in my jsp/servlet
What I have done is put this code into a jsp of my own. the jsp has a form
on it. this form gets submitted to a java servlet, but the parameters
(fields from the form) are all null. If I remove the NTLM username
extraction code from the jsp, the jsp works perfectly.
I am not sure how this java scriptlet is interfering with the field values
of my form submission.
I use the hidden field 'action' to determine what happens in the servlet...,
but when i get the parameter in the servlet, its value is null, despite
having the JavaScript set it just before
submitting.
Any help or insight would be greatly appreciated!
-Eric
--- code snippet---
<jsp:useBean id="username" scope="session" class="java.lang.String"/>
<%@ page import="sun.misc.BASE64Encoder" %>
<html>
<head>
<script language="javascript">
function createNew(){
document.getElementById('action').value = 'create';
document.getElementById('form1').action ='MyServlet';
document.getElementById('form1').submit();
}
</script>
</HEAD>
<%
if(((String)request.getSession().getAttribute("username")).length() < 1){
String auth = request.getHeader("Authorization");
if (auth == null) {
response.setStatus(response.SC_UNAUTHORIZED);
response.setHeader("WWW-Authenticate", "NTLM");
return;
}
if (auth.startsWith("NTLM ")) {
byte[] msg = new
sun.misc.BASE64Decoder().decodeBuffer(auth.substring(5));
int off = 0, length, offset;
String s;
if (msg[8] == 1) {
off = 18;
byte z = 0;
byte[] msg1 = {(byte)'N', (byte)'T', (byte)'L', (byte)'M',
(byte)'S',
(byte)'S', (byte)'P', z,
(byte)2, z, z, z, z, z, z, z,
(byte)40, z, z, z, (byte)1, (byte)130, z, z,
z, (byte)2, (byte)2, (byte)2, z, z, z, z, //
z, z, z, z, z, z, z, z};
response.setStatus(response.SC_UNAUTHORIZED);
response.setHeader("WWW-Authenticate", "NTLM "
+ new
sun.misc.BASE64Encoder().encodeBuffer(msg1).trim());
return;
}
else if (msg[8] == 3) {
off = 30;
length = msg[off+1]*256 + msg[off];
offset = msg[off+3]*256 + msg[off+2];
String ud = new String(msg, offset, length);
length = msg[off+9]*256 + msg[off+8];
offset = msg[off+11]*256 + msg[off+10];
String un = new String(msg, offset, length);
request.getSession().setAttribute("username",un);
request.getSession().setAttribute("userdomain",ud);
}
else
return;
}
}
%>
<body>
<form method="post" action="" name='form1' id='form1'>
<input type="hidden" name="action" id="action" value="">
<table>
<tr>
<td><input type="button" value="New" onClick='createNew()'></td>
</tr>
</table>
</form>
</body>
</html>
work great, but I
need help with getting it to work in my jsp/servlet
What I have done is put this code into a jsp of my own. the jsp has a form
on it. this form gets submitted to a java servlet, but the parameters
(fields from the form) are all null. If I remove the NTLM username
extraction code from the jsp, the jsp works perfectly.
I am not sure how this java scriptlet is interfering with the field values
of my form submission.
I use the hidden field 'action' to determine what happens in the servlet...,
but when i get the parameter in the servlet, its value is null, despite
having the JavaScript set it just before
submitting.
Any help or insight would be greatly appreciated!
-Eric
--- code snippet---
<jsp:useBean id="username" scope="session" class="java.lang.String"/>
<%@ page import="sun.misc.BASE64Encoder" %>
<html>
<head>
<script language="javascript">
function createNew(){
document.getElementById('action').value = 'create';
document.getElementById('form1').action ='MyServlet';
document.getElementById('form1').submit();
}
</script>
</HEAD>
<%
if(((String)request.getSession().getAttribute("username")).length() < 1){
String auth = request.getHeader("Authorization");
if (auth == null) {
response.setStatus(response.SC_UNAUTHORIZED);
response.setHeader("WWW-Authenticate", "NTLM");
return;
}
if (auth.startsWith("NTLM ")) {
byte[] msg = new
sun.misc.BASE64Decoder().decodeBuffer(auth.substring(5));
int off = 0, length, offset;
String s;
if (msg[8] == 1) {
off = 18;
byte z = 0;
byte[] msg1 = {(byte)'N', (byte)'T', (byte)'L', (byte)'M',
(byte)'S',
(byte)'S', (byte)'P', z,
(byte)2, z, z, z, z, z, z, z,
(byte)40, z, z, z, (byte)1, (byte)130, z, z,
z, (byte)2, (byte)2, (byte)2, z, z, z, z, //
z, z, z, z, z, z, z, z};
response.setStatus(response.SC_UNAUTHORIZED);
response.setHeader("WWW-Authenticate", "NTLM "
+ new
sun.misc.BASE64Encoder().encodeBuffer(msg1).trim());
return;
}
else if (msg[8] == 3) {
off = 30;
length = msg[off+1]*256 + msg[off];
offset = msg[off+3]*256 + msg[off+2];
String ud = new String(msg, offset, length);
length = msg[off+9]*256 + msg[off+8];
offset = msg[off+11]*256 + msg[off+10];
String un = new String(msg, offset, length);
request.getSession().setAttribute("username",un);
request.getSession().setAttribute("userdomain",ud);
}
else
return;
}
}
%>
<body>
<form method="post" action="" name='form1' id='form1'>
<input type="hidden" name="action" id="action" value="">
<table>
<tr>
<td><input type="button" value="New" onClick='createNew()'></td>
</tr>
</table>
</form>
</body>
</html>