Skip to content

Commit

Permalink
WIP: Fix for #59.
Browse files Browse the repository at this point in the history
  • Loading branch information
@hazendaz
hazendaz committed Jun 27, 2022
1 parent 90a73f1 commit 40fd68b
Show file tree
Hide file tree
Showing 9 changed files with 54 additions and 11 deletions.
3 changes: 3 additions & 0 deletions Source/JNA/waffle-jna/src/main/java/waffle/servlet/spi/NegotiateSecurityFilterProvider.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -151,6 +151,9 @@ public IWindowsIdentity doFilter(final HttpServletRequest request, final HttpSer
if (securityContext.isContinue()) {
response.setHeader("Connection", "keep-alive");
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
final String body = "Unauthorized";
response.getWriter().write(body);
response.setContentLength(body.length());
response.flushBuffer();
return null;
}
Expand Down
6 changes: 6 additions & 0 deletions Source/JNA/waffle-tests/src/main/java/waffle/mock/http/SimpleHttpResponse.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -218,4 +218,10 @@ public String getOutputText() {
}
return null;
}

@Override
public void setContentLength(int len) {
setHeader("Content-Length", Integer.toString(len));
}

}
26 changes: 21 additions & 5 deletions Source/JNA/waffle-tests/src/test/java/waffle/servlet/NegotiateSecurityFilterTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -149,7 +149,7 @@ void testChallengePOST() throws IOException, ServletException {
this.filter.doFilter(request, response, null);
Assertions.assertTrue(response.getHeader("WWW-Authenticate").startsWith(securityPackage + " "));
Assertions.assertEquals("keep-alive", response.getHeader("Connection"));
Assertions.assertEquals(2, response.getHeaderNamesSize());
Assertions.assertEquals(3, response.getHeaderNamesSize());
Assertions.assertEquals(401, response.getStatus());
} finally {
if (clientContext != null) {
Expand Down Expand Up @@ -207,10 +207,26 @@ void testNegotiate() throws IOException, ServletException {
break;
}

Assertions.assertEquals(401, response.getStatus());

// security package requested is one negotiate continues with
Assertions.assertTrue(response.getHeader("WWW-Authenticate").startsWith(securityPackage + " "));

// keep-alive, NTLM is a connection-oriented protocol
Assertions.assertEquals("keep-alive", response.getHeader("Connection"));
Assertions.assertEquals(2, response.getHeaderNamesSize());
Assertions.assertEquals(401, response.getStatus());

// Connection: keep-alive
// WWW-Authenticate: ...
// Content-Length: ...
Assertions.assertEquals(3, response.getHeaderNamesSize());

// response has a body and a content length (.NET clients require this)
int contentLength = Integer.parseInt(response.getHeader("Content-Length"));
Assertions.assertTrue(contentLength > 0);
String content = response.getOutputText();
Assertions.assertEquals(contentLength, content.length());

// continue token
final String continueToken = response.getHeader("WWW-Authenticate")
.substring(securityPackage.length() + 1);
final byte[] continueTokenBytes = Base64.getDecoder().decode(continueToken);
Expand Down Expand Up @@ -287,7 +303,7 @@ void testChallengeNTLMPOST() throws IOException, ServletException {
final String[] wwwAuthenticates = response.getHeaderValues("WWW-Authenticate");
Assertions.assertEquals(1, wwwAuthenticates.length);
Assertions.assertTrue(wwwAuthenticates[0].startsWith("NTLM "));
Assertions.assertEquals(2, response.getHeaderNamesSize());
Assertions.assertEquals(3, response.getHeaderNamesSize());
Assertions.assertEquals("keep-alive", response.getHeader("Connection"));
Assertions.assertEquals(401, response.getStatus());
}
Expand Down Expand Up @@ -316,7 +332,7 @@ void testChallengeNTLMPUT() throws IOException, ServletException {
final String[] wwwAuthenticates = response.getHeaderValues("WWW-Authenticate");
Assertions.assertEquals(1, wwwAuthenticates.length);
Assertions.assertTrue(wwwAuthenticates[0].startsWith("NTLM "));
Assertions.assertEquals(2, response.getHeaderNamesSize());
Assertions.assertEquals(3, response.getHeaderNamesSize());
Assertions.assertEquals("keep-alive", response.getHeader("Connection"));
Assertions.assertEquals(401, response.getStatus());
}
Expand Down
5 changes: 4 additions & 1 deletion Source/JNA/waffle-tomcat10/src/main/java/waffle/apache/MixedAuthenticator.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -179,7 +179,10 @@ private boolean negotiate(final Request request, final HttpServletResponse respo
try {
if (securityContext.isContinue() || ntlmPost) {
response.setHeader("Connection", "keep-alive");
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
String body = "Unauthorized";
response.getWriter().write(body);
response.setContentLength(body.length());
response.flushBuffer();
return false;
}
Expand Down
5 changes: 4 additions & 1 deletion Source/JNA/waffle-tomcat10/src/main/java/waffle/apache/NegotiateAuthenticator.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -127,7 +127,10 @@ public boolean authenticate(final Request request, final HttpServletResponse res
try {
if (securityContext.isContinue()) {
response.setHeader("Connection", "keep-alive");
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
final String body = "Unauthorized";
response.getWriter().write(body);
response.setContentLength(body.length());
response.flushBuffer();
return false;
}
Expand Down
5 changes: 4 additions & 1 deletion Source/JNA/waffle-tomcat85/src/main/java/waffle/apache/MixedAuthenticator.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -179,7 +179,10 @@ private boolean negotiate(final Request request, final HttpServletResponse respo
try {
if (securityContext.isContinue() || ntlmPost) {
response.setHeader("Connection", "keep-alive");
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
String body = "Unauthorized";
response.getWriter().write(body);
response.setContentLength(body.length());
response.flushBuffer();
return false;
}
Expand Down
5 changes: 4 additions & 1 deletion Source/JNA/waffle-tomcat85/src/main/java/waffle/apache/NegotiateAuthenticator.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -127,7 +127,10 @@ public boolean authenticate(final Request request, final HttpServletResponse res
try {
if (securityContext.isContinue()) {
response.setHeader("Connection", "keep-alive");
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
final String body = "Unauthorized";
response.getWriter().write(body);
response.setContentLength(body.length());
response.flushBuffer();
return false;
}
Expand Down
5 changes: 4 additions & 1 deletion Source/JNA/waffle-tomcat9/src/main/java/waffle/apache/MixedAuthenticator.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -179,7 +179,10 @@ private boolean negotiate(final Request request, final HttpServletResponse respo
try {
if (securityContext.isContinue() || ntlmPost) {
response.setHeader("Connection", "keep-alive");
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
String body = "Unauthorized";
response.getWriter().write(body);
response.setContentLength(body.length());
response.flushBuffer();
return false;
}
Expand Down
5 changes: 4 additions & 1 deletion Source/JNA/waffle-tomcat9/src/main/java/waffle/apache/NegotiateAuthenticator.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -127,7 +127,10 @@ public boolean authenticate(final Request request, final HttpServletResponse res
try {
if (securityContext.isContinue()) {
response.setHeader("Connection", "keep-alive");
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
final String body = "Unauthorized";
response.getWriter().write(body);
response.setContentLength(body.length());
response.flushBuffer();
return false;
}
Expand Down

0 comments on commit 40fd68b

Please sign in to comment.