WIP: Fix for #59.

Waffle · Apr 8, 2018 · 15f7166 · 15f7166
1 parent b3c55eb
commit 15f7166
Show file tree

Hide file tree

Showing 11 changed files with 61 additions and 13 deletions.
diff --git a/Source/JNA/waffle-jna/src/main/java/waffle/servlet/spi/NegotiateSecurityFilterProvider.java b/Source/JNA/waffle-jna/src/main/java/waffle/servlet/spi/NegotiateSecurityFilterProvider.java
@@ -139,6 +139,9 @@ public IWindowsIdentity doFilter(final HttpServletRequest request, final HttpSer
         if (securityContext.isContinue()) {
             response.setHeader("Connection", "keep-alive");
             response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+            final String body = "Unauthorized";
+            response.getWriter().write(body);
+            response.setContentLength(body.length());
             response.flushBuffer();
             return null;
         }

diff --git a/Source/JNA/waffle-tests/src/main/java/waffle/mock/http/SimpleHttpResponse.java b/Source/JNA/waffle-tests/src/main/java/waffle/mock/http/SimpleHttpResponse.java
@@ -207,4 +207,9 @@ public String getOutputText() {
         }
         return null;
     }
+
+    @Override
+    public void setContentLength(int len) {
+        setHeader("Content-Length", Integer.toString(len));
+    }
 }
diff --git a/Source/JNA/waffle-tests/src/test/java/waffle/servlet/NegotiateSecurityFilterTests.java b/Source/JNA/waffle-tests/src/test/java/waffle/servlet/NegotiateSecurityFilterTests.java
@@ -137,7 +137,7 @@ public void testChallengePOST() throws IOException, ServletException {
             this.filter.doFilter(request, response, null);
             Assertions.assertTrue(response.getHeader("WWW-Authenticate").startsWith(securityPackage + " "));
             Assertions.assertEquals("keep-alive", response.getHeader("Connection"));
-            Assertions.assertEquals(2, response.getHeaderNamesSize());
+            Assertions.assertEquals(3, response.getHeaderNamesSize());
             Assertions.assertEquals(401, response.getStatus());
         } finally {
             if (clientContext != null) {
@@ -195,10 +195,26 @@ public void testNegotiate() throws IOException, ServletException {
                     break;
                 }
 
+                Assertions.assertEquals(401, response.getStatus());
+
+                // security package requested is one negotiate continues with
                 Assertions.assertTrue(response.getHeader("WWW-Authenticate").startsWith(securityPackage + " "));
+
+                // keep-alive, NTLM is a connection-oriented protocol
                 Assertions.assertEquals("keep-alive", response.getHeader("Connection"));
-                Assertions.assertEquals(2, response.getHeaderNamesSize());
-                Assertions.assertEquals(401, response.getStatus());
+
+                // Connection: keep-alive
+                // WWW-Authenticate: ...
+                // Content-Length: ...
+                Assertions.assertEquals(3, response.getHeaderNamesSize());
+
+                // response has a body and a content length (.NET clients require this)
+                int contentLength = Integer.parseInt(response.getHeader("Content-Length"));
+                Assertions.assertTrue(contentLength > 0);
+                String content = response.getOutputText();
+                Assertions.assertEquals(contentLength, content.length());
+
+                // continue token
                 final String continueToken = response.getHeader("WWW-Authenticate")
                         .substring(securityPackage.length() + 1);
                 final byte[] continueTokenBytes = Base64.getDecoder().decode(continueToken);
@@ -274,7 +290,7 @@ public void testChallengeNTLMPOST() throws IOException, ServletException {
         final String[] wwwAuthenticates = response.getHeaderValues("WWW-Authenticate");
         Assertions.assertEquals(1, wwwAuthenticates.length);
         Assertions.assertTrue(wwwAuthenticates[0].startsWith("NTLM "));
-        Assertions.assertEquals(2, response.getHeaderNamesSize());
+        Assertions.assertEquals(3, response.getHeaderNamesSize());
         Assertions.assertEquals("keep-alive", response.getHeader("Connection"));
         Assertions.assertEquals(401, response.getStatus());
     }
@@ -303,7 +319,7 @@ public void testChallengeNTLMPUT() throws IOException, ServletException {
         final String[] wwwAuthenticates = response.getHeaderValues("WWW-Authenticate");
         Assertions.assertEquals(1, wwwAuthenticates.length);
         Assertions.assertTrue(wwwAuthenticates[0].startsWith("NTLM "));
-        Assertions.assertEquals(2, response.getHeaderNamesSize());
+        Assertions.assertEquals(3, response.getHeaderNamesSize());
         Assertions.assertEquals("keep-alive", response.getHeader("Connection"));
         Assertions.assertEquals(401, response.getStatus());
     }

diff --git a/Source/JNA/waffle-tomcat7/src/main/java/waffle/apache/MixedAuthenticator.java b/Source/JNA/waffle-tomcat7/src/main/java/waffle/apache/MixedAuthenticator.java
@@ -164,7 +164,10 @@ private boolean negotiate(final Request request, final HttpServletResponse respo
         try {
             if (securityContext.isContinue() || ntlmPost) {
                 response.setHeader("Connection", "keep-alive");
-                response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
+                response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+                String body = "Unauthorized";
+                response.getWriter().write(body);
+                response.setContentLength(body.length());
                 response.flushBuffer();
                 return false;
             }

diff --git a/Source/JNA/waffle-tomcat7/src/main/java/waffle/apache/NegotiateAuthenticator.java b/Source/JNA/waffle-tomcat7/src/main/java/waffle/apache/NegotiateAuthenticator.java
@@ -117,7 +117,10 @@ public boolean authenticate(final Request request, final HttpServletResponse res
             try {
                 if (securityContext.isContinue()) {
                     response.setHeader("Connection", "keep-alive");
-                    response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
+                    response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+                    final String body = "Unauthorized";
+                    response.getWriter().write(body);
+                    response.setContentLength(body.length());
                     response.flushBuffer();
                     return false;
                 }

diff --git a/Source/JNA/waffle-tomcat8/src/main/java/waffle/apache/MixedAuthenticator.java b/Source/JNA/waffle-tomcat8/src/main/java/waffle/apache/MixedAuthenticator.java
@@ -165,7 +165,10 @@ private boolean negotiate(final Request request, final HttpServletResponse respo
         try {
             if (securityContext.isContinue() || ntlmPost) {
                 response.setHeader("Connection", "keep-alive");
-                response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
+                response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+                String body = "Unauthorized";
+                response.getWriter().write(body);
+                response.setContentLength(body.length());
                 response.flushBuffer();
                 return false;
             }

diff --git a/Source/JNA/waffle-tomcat8/src/main/java/waffle/apache/NegotiateAuthenticator.java b/Source/JNA/waffle-tomcat8/src/main/java/waffle/apache/NegotiateAuthenticator.java
@@ -115,7 +115,10 @@ public boolean authenticate(final Request request, final HttpServletResponse res
             try {
                 if (securityContext.isContinue()) {
                     response.setHeader("Connection", "keep-alive");
-                    response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
+                    response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+                    final String body = "Unauthorized";
+                    response.getWriter().write(body);
+                    response.setContentLength(body.length());
                     response.flushBuffer();
                     return false;
                 }

diff --git a/Source/JNA/waffle-tomcat85/src/main/java/waffle/apache/MixedAuthenticator.java b/Source/JNA/waffle-tomcat85/src/main/java/waffle/apache/MixedAuthenticator.java
@@ -165,7 +165,10 @@ private boolean negotiate(final Request request, final HttpServletResponse respo
         try {
             if (securityContext.isContinue() || ntlmPost) {
                 response.setHeader("Connection", "keep-alive");
-                response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
+                response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+                String body = "Unauthorized";
+                response.getWriter().write(body);
+                response.setContentLength(body.length());
                 response.flushBuffer();
                 return false;
             }

diff --git a/Source/JNA/waffle-tomcat85/src/main/java/waffle/apache/NegotiateAuthenticator.java b/Source/JNA/waffle-tomcat85/src/main/java/waffle/apache/NegotiateAuthenticator.java
@@ -115,7 +115,10 @@ public boolean authenticate(final Request request, final HttpServletResponse res
             try {
                 if (securityContext.isContinue()) {
                     response.setHeader("Connection", "keep-alive");
-                    response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
+                    response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+                    final String body = "Unauthorized";
+                    response.getWriter().write(body);
+                    response.setContentLength(body.length());
                     response.flushBuffer();
                     return false;
                 }

diff --git a/Source/JNA/waffle-tomcat9/src/main/java/waffle/apache/MixedAuthenticator.java b/Source/JNA/waffle-tomcat9/src/main/java/waffle/apache/MixedAuthenticator.java
@@ -165,7 +165,10 @@ private boolean negotiate(final Request request, final HttpServletResponse respo
         try {
             if (securityContext.isContinue() || ntlmPost) {
                 response.setHeader("Connection", "keep-alive");
-                response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
+                response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+                String body = "Unauthorized";
+                response.getWriter().write(body);
+                response.setContentLength(body.length());
                 response.flushBuffer();
                 return false;
             }

diff --git a/Source/JNA/waffle-tomcat9/src/main/java/waffle/apache/NegotiateAuthenticator.java b/Source/JNA/waffle-tomcat9/src/main/java/waffle/apache/NegotiateAuthenticator.java
@@ -115,7 +115,10 @@ public boolean authenticate(final Request request, final HttpServletResponse res
             try {
                 if (securityContext.isContinue()) {
                     response.setHeader("Connection", "keep-alive");
-                    response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
+                    response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+                    final String body = "Unauthorized";
+                    response.getWriter().write(body);
+                    response.setContentLength(body.length());
                     response.flushBuffer();
                     return false;
                 }