WIP: Fix for #59.

Waffle · Jan 21, 2024 · d02380f · d02380f
1 parent c7c02be
commit d02380f
Show file tree

Hide file tree

Showing 9 changed files with 54 additions and 11 deletions.
diff --git a/Source/JNA/waffle-jna/src/main/java/waffle/servlet/spi/NegotiateSecurityFilterProvider.java b/Source/JNA/waffle-jna/src/main/java/waffle/servlet/spi/NegotiateSecurityFilterProvider.java
@@ -149,6 +149,9 @@ public IWindowsIdentity doFilter(final HttpServletRequest request, final HttpSer
  if (securityContext.isContinue()) {
  response.setHeader("Connection", "keep-alive");
  response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+ final String body = "Unauthorized";
+ response.getWriter().write(body);
+ response.setContentLength(body.length());
  response.flushBuffer();
  return null;
  }

diff --git a/Source/JNA/waffle-tests/src/main/java/waffle/mock/http/SimpleHttpResponse.java b/Source/JNA/waffle-tests/src/main/java/waffle/mock/http/SimpleHttpResponse.java
@@ -212,4 +212,10 @@ public String getOutputText() {
  this.writer.flush();
  return this.bytes.toString(StandardCharsets.UTF_8);
  }
+
+ @Override
+ public void setContentLength(int len) {
+ setHeader("Content-Length", Integer.toString(len));
+ }
+
 }
diff --git a/Source/JNA/waffle-tests/src/test/java/waffle/servlet/NegotiateSecurityFilterTest.java b/Source/JNA/waffle-tests/src/test/java/waffle/servlet/NegotiateSecurityFilterTest.java
@@ -147,7 +147,7 @@ void testChallengePOST() throws IOException, ServletException {
  this.filter.doFilter(request, response, null);
  Assertions.assertTrue(response.getHeader("WWW-Authenticate").startsWith(securityPackage + " "));
  Assertions.assertEquals("keep-alive", response.getHeader("Connection"));
- Assertions.assertEquals(2, response.getHeaderNamesSize());
+ Assertions.assertEquals(3, response.getHeaderNamesSize());
  Assertions.assertEquals(401, response.getStatus());
  } finally {
  if (clientContext != null) {
@@ -205,10 +205,26 @@ void testNegotiate() throws IOException, ServletException {
  break;
  }
 
+ Assertions.assertEquals(401, response.getStatus());
+
+ // security package requested is one negotiate continues with
  Assertions.assertTrue(response.getHeader("WWW-Authenticate").startsWith(securityPackage + " "));
+
+ // keep-alive, NTLM is a connection-oriented protocol
  Assertions.assertEquals("keep-alive", response.getHeader("Connection"));
- Assertions.assertEquals(2, response.getHeaderNamesSize());
- Assertions.assertEquals(401, response.getStatus());
+
+ // Connection: keep-alive
+ // WWW-Authenticate: ...
+ // Content-Length: ...
+ Assertions.assertEquals(3, response.getHeaderNamesSize());
+
+ // response has a body and a content length (.NET clients require this)
+ int contentLength = Integer.parseInt(response.getHeader("Content-Length"));
+ Assertions.assertTrue(contentLength > 0);
+ String content = response.getOutputText();
+ Assertions.assertEquals(contentLength, content.length());
+
+ // continue token
  final String continueToken = response.getHeader("WWW-Authenticate")
  .substring(securityPackage.length() + 1);
  final byte[] continueTokenBytes = Base64.getDecoder().decode(continueToken);
@@ -285,7 +301,7 @@ void testChallengeNTLMPOST() throws IOException, ServletException {
  final String[] wwwAuthenticates = response.getHeaderValues("WWW-Authenticate");
  Assertions.assertEquals(1, wwwAuthenticates.length);
  Assertions.assertTrue(wwwAuthenticates[0].startsWith("NTLM "));
- Assertions.assertEquals(2, response.getHeaderNamesSize());
+ Assertions.assertEquals(3, response.getHeaderNamesSize());
  Assertions.assertEquals("keep-alive", response.getHeader("Connection"));
  Assertions.assertEquals(401, response.getStatus());
  }
@@ -314,7 +330,7 @@ void testChallengeNTLMPUT() throws IOException, ServletException {
  final String[] wwwAuthenticates = response.getHeaderValues("WWW-Authenticate");
  Assertions.assertEquals(1, wwwAuthenticates.length);
  Assertions.assertTrue(wwwAuthenticates[0].startsWith("NTLM "));
- Assertions.assertEquals(2, response.getHeaderNamesSize());
+ Assertions.assertEquals(3, response.getHeaderNamesSize());
  Assertions.assertEquals("keep-alive", response.getHeader("Connection"));
  Assertions.assertEquals(401, response.getStatus());
  }

diff --git a/Source/JNA/waffle-tomcat10/src/main/java/waffle/apache/MixedAuthenticator.java b/Source/JNA/waffle-tomcat10/src/main/java/waffle/apache/MixedAuthenticator.java
@@ -178,7 +178,10 @@ private boolean negotiate(final Request request, final HttpServletResponse respo
  try {
  if (securityContext.isContinue() || ntlmPost) {
  response.setHeader("Connection", "keep-alive");
- response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
+ response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+ String body = "Unauthorized";
+ response.getWriter().write(body);
+ response.setContentLength(body.length());
  response.flushBuffer();
  return false;
  }

diff --git a/Source/JNA/waffle-tomcat10/src/main/java/waffle/apache/NegotiateAuthenticator.java b/Source/JNA/waffle-tomcat10/src/main/java/waffle/apache/NegotiateAuthenticator.java
@@ -125,7 +125,10 @@ public boolean authenticate(final Request request, final HttpServletResponse res
  try {
  if (securityContext.isContinue()) {
  response.setHeader("Connection", "keep-alive");
- response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
+ response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+ final String body = "Unauthorized";
+ response.getWriter().write(body);
+ response.setContentLength(body.length());
  response.flushBuffer();
  return false;
  }

diff --git a/Source/JNA/waffle-tomcat85/src/main/java/waffle/apache/MixedAuthenticator.java b/Source/JNA/waffle-tomcat85/src/main/java/waffle/apache/MixedAuthenticator.java
@@ -178,7 +178,10 @@ private boolean negotiate(final Request request, final HttpServletResponse respo
  try {
  if (securityContext.isContinue() || ntlmPost) {
  response.setHeader("Connection", "keep-alive");
- response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
+ response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+ String body = "Unauthorized";
+ response.getWriter().write(body);
+ response.setContentLength(body.length());
  response.flushBuffer();
  return false;
  }

diff --git a/Source/JNA/waffle-tomcat85/src/main/java/waffle/apache/NegotiateAuthenticator.java b/Source/JNA/waffle-tomcat85/src/main/java/waffle/apache/NegotiateAuthenticator.java
@@ -125,7 +125,10 @@ public boolean authenticate(final Request request, final HttpServletResponse res
  try {
  if (securityContext.isContinue()) {
  response.setHeader("Connection", "keep-alive");
- response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
+ response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+ final String body = "Unauthorized";
+ response.getWriter().write(body);
+ response.setContentLength(body.length());
  response.flushBuffer();
  return false;
  }

diff --git a/Source/JNA/waffle-tomcat9/src/main/java/waffle/apache/MixedAuthenticator.java b/Source/JNA/waffle-tomcat9/src/main/java/waffle/apache/MixedAuthenticator.java
@@ -178,7 +178,10 @@ private boolean negotiate(final Request request, final HttpServletResponse respo
  try {
  if (securityContext.isContinue() || ntlmPost) {
  response.setHeader("Connection", "keep-alive");
- response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
+ response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+ String body = "Unauthorized";
+ response.getWriter().write(body);
+ response.setContentLength(body.length());
  response.flushBuffer();
  return false;
  }

diff --git a/Source/JNA/waffle-tomcat9/src/main/java/waffle/apache/NegotiateAuthenticator.java b/Source/JNA/waffle-tomcat9/src/main/java/waffle/apache/NegotiateAuthenticator.java
@@ -125,7 +125,10 @@ public boolean authenticate(final Request request, final HttpServletResponse res
  try {
  if (securityContext.isContinue()) {
  response.setHeader("Connection", "keep-alive");
- response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
+ response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
+ final String body = "Unauthorized";
+ response.getWriter().write(body);
+ response.setContentLength(body.length());
  response.flushBuffer();
  return false;
  }