Skip to content

Commit

Permalink
WIP: Fix for #59.
Browse files Browse the repository at this point in the history
  • Loading branch information
hazendaz committed Jul 24, 2022
1 parent c0b7dcc commit ef0483c
Show file tree
Hide file tree
Showing 9 changed files with 54 additions and 11 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -151,6 +151,9 @@ public IWindowsIdentity doFilter(final HttpServletRequest request, final HttpSer
if (securityContext.isContinue()) {
response.setHeader("Connection", "keep-alive");
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
final String body = "Unauthorized";
response.getWriter().write(body);
response.setContentLength(body.length());
response.flushBuffer();
return null;
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -220,4 +220,10 @@ public String getOutputText() {
}
return null;
}

@Override
public void setContentLength(int len) {
setHeader("Content-Length", Integer.toString(len));
}

}
Original file line number Diff line number Diff line change
Expand Up @@ -149,7 +149,7 @@ void testChallengePOST() throws IOException, ServletException {
this.filter.doFilter(request, response, null);
Assertions.assertTrue(response.getHeader("WWW-Authenticate").startsWith(securityPackage + " "));
Assertions.assertEquals("keep-alive", response.getHeader("Connection"));
Assertions.assertEquals(2, response.getHeaderNamesSize());
Assertions.assertEquals(3, response.getHeaderNamesSize());
Assertions.assertEquals(401, response.getStatus());
} finally {
if (clientContext != null) {
Expand Down Expand Up @@ -207,10 +207,26 @@ void testNegotiate() throws IOException, ServletException {
break;
}

Assertions.assertEquals(401, response.getStatus());

// security package requested is one negotiate continues with
Assertions.assertTrue(response.getHeader("WWW-Authenticate").startsWith(securityPackage + " "));

// keep-alive, NTLM is a connection-oriented protocol
Assertions.assertEquals("keep-alive", response.getHeader("Connection"));
Assertions.assertEquals(2, response.getHeaderNamesSize());
Assertions.assertEquals(401, response.getStatus());

// Connection: keep-alive
// WWW-Authenticate: ...
// Content-Length: ...
Assertions.assertEquals(3, response.getHeaderNamesSize());

// response has a body and a content length (.NET clients require this)
int contentLength = Integer.parseInt(response.getHeader("Content-Length"));
Assertions.assertTrue(contentLength > 0);
String content = response.getOutputText();
Assertions.assertEquals(contentLength, content.length());

// continue token
final String continueToken = response.getHeader("WWW-Authenticate")
.substring(securityPackage.length() + 1);
final byte[] continueTokenBytes = Base64.getDecoder().decode(continueToken);
Expand Down Expand Up @@ -287,7 +303,7 @@ void testChallengeNTLMPOST() throws IOException, ServletException {
final String[] wwwAuthenticates = response.getHeaderValues("WWW-Authenticate");
Assertions.assertEquals(1, wwwAuthenticates.length);
Assertions.assertTrue(wwwAuthenticates[0].startsWith("NTLM "));
Assertions.assertEquals(2, response.getHeaderNamesSize());
Assertions.assertEquals(3, response.getHeaderNamesSize());
Assertions.assertEquals("keep-alive", response.getHeader("Connection"));
Assertions.assertEquals(401, response.getStatus());
}
Expand Down Expand Up @@ -316,7 +332,7 @@ void testChallengeNTLMPUT() throws IOException, ServletException {
final String[] wwwAuthenticates = response.getHeaderValues("WWW-Authenticate");
Assertions.assertEquals(1, wwwAuthenticates.length);
Assertions.assertTrue(wwwAuthenticates[0].startsWith("NTLM "));
Assertions.assertEquals(2, response.getHeaderNamesSize());
Assertions.assertEquals(3, response.getHeaderNamesSize());
Assertions.assertEquals("keep-alive", response.getHeader("Connection"));
Assertions.assertEquals(401, response.getStatus());
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -180,7 +180,10 @@ private boolean negotiate(final Request request, final HttpServletResponse respo
try {
if (securityContext.isContinue() || ntlmPost) {
response.setHeader("Connection", "keep-alive");
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
String body = "Unauthorized";
response.getWriter().write(body);
response.setContentLength(body.length());
response.flushBuffer();
return false;
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -127,7 +127,10 @@ public boolean authenticate(final Request request, final HttpServletResponse res
try {
if (securityContext.isContinue()) {
response.setHeader("Connection", "keep-alive");
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
final String body = "Unauthorized";
response.getWriter().write(body);
response.setContentLength(body.length());
response.flushBuffer();
return false;
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -180,7 +180,10 @@ private boolean negotiate(final Request request, final HttpServletResponse respo
try {
if (securityContext.isContinue() || ntlmPost) {
response.setHeader("Connection", "keep-alive");
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
String body = "Unauthorized";
response.getWriter().write(body);
response.setContentLength(body.length());
response.flushBuffer();
return false;
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -127,7 +127,10 @@ public boolean authenticate(final Request request, final HttpServletResponse res
try {
if (securityContext.isContinue()) {
response.setHeader("Connection", "keep-alive");
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
final String body = "Unauthorized";
response.getWriter().write(body);
response.setContentLength(body.length());
response.flushBuffer();
return false;
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -180,7 +180,10 @@ private boolean negotiate(final Request request, final HttpServletResponse respo
try {
if (securityContext.isContinue() || ntlmPost) {
response.setHeader("Connection", "keep-alive");
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
String body = "Unauthorized";
response.getWriter().write(body);
response.setContentLength(body.length());
response.flushBuffer();
return false;
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -127,7 +127,10 @@ public boolean authenticate(final Request request, final HttpServletResponse res
try {
if (securityContext.isContinue()) {
response.setHeader("Connection", "keep-alive");
response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
final String body = "Unauthorized";
response.getWriter().write(body);
response.setContentLength(body.length());
response.flushBuffer();
return false;
}
Expand Down

0 comments on commit ef0483c

Please sign in to comment.