0 Replies Latest reply: Aug 7, 2014 8:33 AM by user2906656 RSS

    weblogic 12c response.flushBuffer() give 401

    user2906656

      Hi,

       

      I have a  ntlm filter in a web application deployed on weblogic 12c used to retrieve the logged user client name in order to authenticate it automatically.

       

      My filter class is below.

       

      The problem is that in weblogic response.flushBuffer() does nothing.

      The status page from browser is 401.

       

      This code works ok with Jetty Http Server.

       

      Any idea on how to resolv this?

       

      package com.asf.ntlm.filter;
      
      
      import java.io.IOException;
      
      
      import javax.servlet.FilterChain;
      import javax.servlet.FilterConfig;
      import javax.servlet.ServletException;
      import javax.servlet.ServletRequest;
      import javax.servlet.ServletResponse;
      import javax.servlet.http.HttpServletRequest;
      import javax.servlet.http.HttpServletResponse;
      
      
      import jcifs.ntlmssp.Type3Message;
      
      
      public class AsfNtlmFilter implements javax.servlet.Filter {
      
      
        private FilterConfig filterConfig = null;
      
      
        public void init(FilterConfig filterConfig) throws ServletException {
        this.filterConfig = filterConfig;
        }
      
      
        @Override
        public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) {
        HttpServletRequest request = (HttpServletRequest) req;
        HttpServletResponse response = (HttpServletResponse) res;
      
      
        System.out.println("Ntlm filter!!!");
      
      
        String username = null;
        // first, get the user agent
        String useragent = request.getHeader("user-agent");
        // if you're using IE, you can continue
        // Always do the ntlm check (for IE POST back)
        try {
        String auth = request.getHeader("Authorization");
        if (auth == null) {
        response.setHeader("WWW-Authenticate", "NTLM");
        response.setStatus(response.SC_UNAUTHORIZED);
        response.setContentLength(0);
        response.flushBuffer();
        return;
        }
        if (auth.startsWith("NTLM ")) {
      
      
        byte[] msg = new sun.misc.BASE64Decoder().decodeBuffer(auth.substring(5));
        int off = 0, length, offset;
        if (msg[8] == 1) {
        byte z = 0;
        byte[] msg1 = { (byte) 'N', (byte) 'T', (byte) 'L', (byte) 'M', (byte) 'S', (byte) 'S', (byte) 'P',
        z, (byte) 2, z, z, z, z, z, z, z, (byte) 40, z, z, z, (byte) 1, (byte) 130, z, z, z,
        (byte) 2, (byte) 2, (byte) 2, z, z, z, z, z, z, z, z, z, z, z, z };
        response.setHeader("WWW-Authenticate", "NTLM " + new sun.misc.BASE64Encoder().encodeBuffer(msg1));
        response.setStatus(response.SC_UNAUTHORIZED);
        response.setContentLength(0);
        response.flushBuffer();
        return;
        } else if (msg[8] == 3) {
        // Did Authentication Succeed? All this is always
        // printed.
      
      
        Type3Message type3 = new Type3Message(msg);
      
      
        System.out.println("osUser: " + type3.getUser());
        System.out.println("osRemoteHost: + " + type3.getWorkstation());
        System.out.println("osDomain: " + type3.getDomain());
      
      
        }
        }
        } catch (Exception e) {
        System.out.println(e);
        }
        // System.out.println("Suc);
      
      
        try {
        chain.doFilter(req, res);
        } catch (IOException e) {
        System.out.println(e);
        } catch (ServletException e) {
        System.out.println(e);
        }
        }
      
      
        @Override
        public void destroy() {
        filterConfig = null;
        }
      
      
      }