Solved

Is there an ntlm_auth function in java

Posted on 2015-02-02
10
288 Views
Last Modified: 2015-05-08
I am running tomcat 6.0.14 and jdk 1.7.0_02 on Slackware32 version 13.37, kernel 2.6.37.6-smp. This host is on a LAN which has a Samba4 Domain Controller / Active Directory.

This host is a webserver running jsp programs and I would like to authenticate web users with AD Authenticiation. Is there a java function/method to do this? Basically, I'm looking for something like:

boolean AuthenticateMe("user","password");

I've looked at http://docs.oracle.com/javase/7/docs/technotes/guides/net/http-auth.html, which has:
    class MyAuthenticator extends Authenticator {

        public PasswordAuthentication getPasswordAuthentication () {
            return new PasswordAuthentication ("user", "password".toCharArray());
        }
    }

Open in new window

but I'm not making much sense of that. If that's what I should use, perhaps an example would help.

I could do a kludgy solution by having my jsp program create and execute a script containing:
ssh ADhost ntlm_auth --username=user --password=pass

Open in new window

and capture the returned NT_STATUS text. If there is nothing else, I could do that, but I'd rather be more "sophisticated".
0
Comment
Question by:jmarkfoley
  • 6
  • 3
10 Comments
 
LVL 9

Expert Comment

by:arioh
Comment Utility
You can try Jespa or Waffle (if you run on Windows)
0
 
LVL 1

Author Comment

by:jmarkfoley
Comment Utility
Nope, running on Linux.
0
 
LVL 12

Expert Comment

by:Sharon Seth
Comment Utility
Most probably , you should do this by utilising LDAP , but not sure how exactly . But then , did you check this :
http://www.javaxt.com/Tutorials/Windows/How_to_Authenticate_Users_with_Active_Directory
0
 
LVL 9

Expert Comment

by:arioh
Comment Utility
My "if you run on Windows" was for Waffle. Jespa is platform independent and it should work on Linux.
0
 
LVL 1

Author Comment

by:jmarkfoley
Comment Utility
arioh: Sorry, I didn't get that your "Windows" comment applied to Waffle only. I'm downloading Jespa now and will experiment.

Sharon Seth: That link looks interesting and (relatively) compact. All I need is Authentication and Jespa might be overkill -- if I can get it to work. The ActiveDirectory.java source listed on the link site compiled with an odd warning I've not see before:
$ javac ActiveDirectory.java
Note: ActiveDirectory.java uses unchecked or unsafe operations.
Note: Recompile with -Xlint:unchecked for details.

Open in new window

Running with the recommended -Xlint:unchecked gives:
ActiveDirectory.java:88: warning: [unchecked] unchecked call to put(K,V) as a member of the raw type Hashtable
        props.put(Context.SECURITY_PRINCIPAL, principalName);
                 ^
  where K,V are type-variables:
    K extends Object declared in class Hashtable
    V extends Object declared in class Hashtable
:

Open in new window

and 3 more similar warnings on the pros.put() function ... which is equally unintelligible to me. Also, the compile results in 4 class files:

ActiveDirectory.class
ActiveDirectory$User.class
ActiveDirectory$User$2.class
ActiveDirectory$User$1.class

I've created jarfiles and such, but never really seen this kind of compile results. Suggestion on what to do with them? Put them all into a jarfile?
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 
LVL 1

Author Comment

by:jmarkfoley
Comment Utility
I'm experimenting with the ActiveDirectory.java code in Sharon Seth's link, but classpaths and jarfiles continuously stump me. I've put the class files shown in my previous post into the directory ActiveDirectory/ and create a jarfile - ActiveDirectory.jar. I could use some java coding help to get this referenced properly:
$ cp ActiveDirecotry*.class ActiveDirectory/
$ jar -cvf ActiveDirectory.jar ActiveDirecotry

>jar tvf ActiveDirectory.jar
     0 Wed Feb 04 11:56:20 EST 2015 META-INF/
    68 Wed Feb 04 11:56:20 EST 2015 META-INF/MANIFEST.MF
     0 Wed Feb 04 11:55:56 EST 2015 ActiveDirectory/
   520 Wed Feb 04 11:48:52 EST 2015 ActiveDirectory/ActiveDirectory$User$1.class
   705 Wed Feb 04 11:48:52 EST 2015 ActiveDirectory/ActiveDirectory$User$2.class
  4507 Wed Feb 04 11:48:52 EST 2015 ActiveDirectory/ActiveDirectory$User.class
  5347 Wed Feb 04 11:48:52 EST 2015 ActiveDirectory/ActiveDirectory.class

Open in new window

I then created a test program:
import ActiveDirectory.*;

class testActiveDirectory {

public static void main(String[] args)
{
    try{
        LdapContext ctx = ActiveDirectory.getConnection("mark", "glacon_9");
        ctx.close();
    }
    catch(Exception e){
        //Failed to authenticate user!
        e.printStackTrace();
    }
}
}

Open in new window

added the jarfile to my classpath:
export CLASSPATH=$CLASSPATH:$HOME/java/ActiveDirectory.jar

Open in new window

And tried to compile the test program:
javac testActiveDirectory.java
testActiveDirectory.java:9: error: cannot find symbol
        LdapContext ctx = ActiveDirectory.getConnection("mark", "glacon_9");
        ^
  symbol:   class LdapContext
  location: class testActiveDirectory
testActiveDirectory.java:9: error: cannot access ActiveDirectory
        LdapContext ctx = ActiveDirectory.getConnection("bob", "password","domain");
                          ^
  bad class file: /home/mfoley/java/ActiveDirectory.jar(ActiveDirectory/ActiveDirectory.class)
    class file contains wrong class: javaxt.security.ActiveDirectory
    Please remove or make sure it appears in the correct subdirectory of the classpath.
2 errors

Open in new window

So, my first hurdle is lack of expertise in java. Could one of you gurus tell me what I'm doing wrong here?
0
 
LVL 9

Expert Comment

by:arioh
Comment Utility
You have wrong package (jar) structure for ActiveDirectory.jar
$ cp ActiveDirecotry*.class javaxt/security/
$ jar -cvf ActiveDirectory.jar javaxt

Open in new window

0
 
LVL 1

Author Comment

by:jmarkfoley
Comment Utility
OK, I see, because of the "package javaxt.sercurity;" in the first line of the ActiveDirectory.java program.

Still errors. Is my import statement wrong? The ActiveDirectory.java program does import javax.naming.ldap.LdapContext in line 12.

program:
import javaxt.security.ActiveDirectory.*;

class testActiveDirectory {

public static void main(String[] args)
{
    try{
        LdapContext ctx = ActiveDirectory.getConnection("mark", "glacon_9");
        ctx.close();
    }
    catch(Exception e){
        //Failed to authenticate user!
        e.printStackTrace();
    }
}
}

Open in new window

errors:
$ javac testActiveDirectory.java
testActiveDirectory.java:9: error: cannot find symbol
        LdapContext ctx = ActiveDirectory.getConnection("mark", "glacon_9");
        ^
  symbol:   class LdapContext
  location: class testActiveDirectory
testActiveDirectory.java:9: error: cannot find symbol
        LdapContext ctx = ActiveDirectory.getConnection("user", "password");
                          ^
  symbol:   variable ActiveDirectory
  location: class testActiveDirectory
2 errors

Open in new window

0
 
LVL 1

Accepted Solution

by:
jmarkfoley earned 0 total points
Comment Utility
OK, since we've all lost interest in the java solution on this, I've created a command line kludge that is compact and works. Perhaps I can revisit this some day to figure out why my more orthodox java code won't compile.

What I did was to create a tomcat user on the DC/AD host (same as the user that runs the jsp apps on the web server). Inside the .jsp program I wrote the following to a text file:

ntlm.write("ssh tomcat@mail ntlm_auth --username=\"" + request.getParameter("userId") +
      "\" --password=\"" + request.getParameter("password") + "\" 2>&1 > " + ntlmPath + ".out\n");

I set that to executable and ran it with Runtime.getRuntime().exec(command). Then I collected the results from the .out file to which I had redirected the command output.

This works relatively quickly (no noticable delay from the user's perspective) and has worked perfectly for many weeks now.

Certainly a kludge, but in the absence of being able to figure out how to compile the wholly java solutions it does the trick.
0
 
LVL 1

Author Closing Comment

by:jmarkfoley
Comment Utility
I figured out a working solution not related to the proposed solutions. I could not get the proposed solutions to work and received no further ideas on how to get them to work.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Introduction We as admins face situation where we need to redirect websites to another. This may be required as a part of an upgrade keeping the old URL but website should be served from new URL. This document would brief you on different ways ca…
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now