Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 340
  • Last Modified:

Is there an ntlm_auth function in java

I am running tomcat 6.0.14 and jdk 1.7.0_02 on Slackware32 version 13.37, kernel 2.6.37.6-smp. This host is on a LAN which has a Samba4 Domain Controller / Active Directory.

This host is a webserver running jsp programs and I would like to authenticate web users with AD Authenticiation. Is there a java function/method to do this? Basically, I'm looking for something like:

boolean AuthenticateMe("user","password");

I've looked at http://docs.oracle.com/javase/7/docs/technotes/guides/net/http-auth.html, which has:
    class MyAuthenticator extends Authenticator {

        public PasswordAuthentication getPasswordAuthentication () {
            return new PasswordAuthentication ("user", "password".toCharArray());
        }
    }

Open in new window

but I'm not making much sense of that. If that's what I should use, perhaps an example would help.

I could do a kludgy solution by having my jsp program create and execute a script containing:
ssh ADhost ntlm_auth --username=user --password=pass

Open in new window

and capture the returned NT_STATUS text. If there is nothing else, I could do that, but I'd rather be more "sophisticated".
0
jmarkfoley
Asked:
jmarkfoley
  • 6
  • 3
1 Solution
 
ariohCommented:
You can try Jespa or Waffle (if you run on Windows)
0
 
jmarkfoleyAuthor Commented:
Nope, running on Linux.
0
 
Sharon SethCommented:
Most probably , you should do this by utilising LDAP , but not sure how exactly . But then , did you check this :
http://www.javaxt.com/Tutorials/Windows/How_to_Authenticate_Users_with_Active_Directory
0
NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

 
ariohCommented:
My "if you run on Windows" was for Waffle. Jespa is platform independent and it should work on Linux.
0
 
jmarkfoleyAuthor Commented:
arioh: Sorry, I didn't get that your "Windows" comment applied to Waffle only. I'm downloading Jespa now and will experiment.

Sharon Seth: That link looks interesting and (relatively) compact. All I need is Authentication and Jespa might be overkill -- if I can get it to work. The ActiveDirectory.java source listed on the link site compiled with an odd warning I've not see before:
$ javac ActiveDirectory.java
Note: ActiveDirectory.java uses unchecked or unsafe operations.
Note: Recompile with -Xlint:unchecked for details.

Open in new window

Running with the recommended -Xlint:unchecked gives:
ActiveDirectory.java:88: warning: [unchecked] unchecked call to put(K,V) as a member of the raw type Hashtable
        props.put(Context.SECURITY_PRINCIPAL, principalName);
                 ^
  where K,V are type-variables:
    K extends Object declared in class Hashtable
    V extends Object declared in class Hashtable
:

Open in new window

and 3 more similar warnings on the pros.put() function ... which is equally unintelligible to me. Also, the compile results in 4 class files:

ActiveDirectory.class
ActiveDirectory$User.class
ActiveDirectory$User$2.class
ActiveDirectory$User$1.class

I've created jarfiles and such, but never really seen this kind of compile results. Suggestion on what to do with them? Put them all into a jarfile?
0
 
jmarkfoleyAuthor Commented:
I'm experimenting with the ActiveDirectory.java code in Sharon Seth's link, but classpaths and jarfiles continuously stump me. I've put the class files shown in my previous post into the directory ActiveDirectory/ and create a jarfile - ActiveDirectory.jar. I could use some java coding help to get this referenced properly:
$ cp ActiveDirecotry*.class ActiveDirectory/
$ jar -cvf ActiveDirectory.jar ActiveDirecotry

>jar tvf ActiveDirectory.jar
     0 Wed Feb 04 11:56:20 EST 2015 META-INF/
    68 Wed Feb 04 11:56:20 EST 2015 META-INF/MANIFEST.MF
     0 Wed Feb 04 11:55:56 EST 2015 ActiveDirectory/
   520 Wed Feb 04 11:48:52 EST 2015 ActiveDirectory/ActiveDirectory$User$1.class
   705 Wed Feb 04 11:48:52 EST 2015 ActiveDirectory/ActiveDirectory$User$2.class
  4507 Wed Feb 04 11:48:52 EST 2015 ActiveDirectory/ActiveDirectory$User.class
  5347 Wed Feb 04 11:48:52 EST 2015 ActiveDirectory/ActiveDirectory.class

Open in new window

I then created a test program:
import ActiveDirectory.*;

class testActiveDirectory {

public static void main(String[] args)
{
    try{
        LdapContext ctx = ActiveDirectory.getConnection("mark", "glacon_9");
        ctx.close();
    }
    catch(Exception e){
        //Failed to authenticate user!
        e.printStackTrace();
    }
}
}

Open in new window

added the jarfile to my classpath:
export CLASSPATH=$CLASSPATH:$HOME/java/ActiveDirectory.jar

Open in new window

And tried to compile the test program:
javac testActiveDirectory.java
testActiveDirectory.java:9: error: cannot find symbol
        LdapContext ctx = ActiveDirectory.getConnection("mark", "glacon_9");
        ^
  symbol:   class LdapContext
  location: class testActiveDirectory
testActiveDirectory.java:9: error: cannot access ActiveDirectory
        LdapContext ctx = ActiveDirectory.getConnection("bob", "password","domain");
                          ^
  bad class file: /home/mfoley/java/ActiveDirectory.jar(ActiveDirectory/ActiveDirectory.class)
    class file contains wrong class: javaxt.security.ActiveDirectory
    Please remove or make sure it appears in the correct subdirectory of the classpath.
2 errors

Open in new window

So, my first hurdle is lack of expertise in java. Could one of you gurus tell me what I'm doing wrong here?
0
 
ariohCommented:
You have wrong package (jar) structure for ActiveDirectory.jar
$ cp ActiveDirecotry*.class javaxt/security/
$ jar -cvf ActiveDirectory.jar javaxt

Open in new window

0
 
jmarkfoleyAuthor Commented:
OK, I see, because of the "package javaxt.sercurity;" in the first line of the ActiveDirectory.java program.

Still errors. Is my import statement wrong? The ActiveDirectory.java program does import javax.naming.ldap.LdapContext in line 12.

program:
import javaxt.security.ActiveDirectory.*;

class testActiveDirectory {

public static void main(String[] args)
{
    try{
        LdapContext ctx = ActiveDirectory.getConnection("mark", "glacon_9");
        ctx.close();
    }
    catch(Exception e){
        //Failed to authenticate user!
        e.printStackTrace();
    }
}
}

Open in new window

errors:
$ javac testActiveDirectory.java
testActiveDirectory.java:9: error: cannot find symbol
        LdapContext ctx = ActiveDirectory.getConnection("mark", "glacon_9");
        ^
  symbol:   class LdapContext
  location: class testActiveDirectory
testActiveDirectory.java:9: error: cannot find symbol
        LdapContext ctx = ActiveDirectory.getConnection("user", "password");
                          ^
  symbol:   variable ActiveDirectory
  location: class testActiveDirectory
2 errors

Open in new window

0
 
jmarkfoleyAuthor Commented:
OK, since we've all lost interest in the java solution on this, I've created a command line kludge that is compact and works. Perhaps I can revisit this some day to figure out why my more orthodox java code won't compile.

What I did was to create a tomcat user on the DC/AD host (same as the user that runs the jsp apps on the web server). Inside the .jsp program I wrote the following to a text file:

ntlm.write("ssh tomcat@mail ntlm_auth --username=\"" + request.getParameter("userId") +
      "\" --password=\"" + request.getParameter("password") + "\" 2>&1 > " + ntlmPath + ".out\n");

I set that to executable and ran it with Runtime.getRuntime().exec(command). Then I collected the results from the .out file to which I had redirected the command output.

This works relatively quickly (no noticable delay from the user's perspective) and has worked perfectly for many weeks now.

Certainly a kludge, but in the absence of being able to figure out how to compile the wholly java solutions it does the trick.
0
 
jmarkfoleyAuthor Commented:
I figured out a working solution not related to the proposed solutions. I could not get the proposed solutions to work and received no further ideas on how to get them to work.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 6
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now