Solved

Is there an ntlm_auth function in java

Posted on 2015-02-02
10
308 Views
Last Modified: 2015-05-08
I am running tomcat 6.0.14 and jdk 1.7.0_02 on Slackware32 version 13.37, kernel 2.6.37.6-smp. This host is on a LAN which has a Samba4 Domain Controller / Active Directory.

This host is a webserver running jsp programs and I would like to authenticate web users with AD Authenticiation. Is there a java function/method to do this? Basically, I'm looking for something like:

boolean AuthenticateMe("user","password");

I've looked at http://docs.oracle.com/javase/7/docs/technotes/guides/net/http-auth.html, which has:
    class MyAuthenticator extends Authenticator {

        public PasswordAuthentication getPasswordAuthentication () {
            return new PasswordAuthentication ("user", "password".toCharArray());
        }
    }

Open in new window

but I'm not making much sense of that. If that's what I should use, perhaps an example would help.

I could do a kludgy solution by having my jsp program create and execute a script containing:
ssh ADhost ntlm_auth --username=user --password=pass

Open in new window

and capture the returned NT_STATUS text. If there is nothing else, I could do that, but I'd rather be more "sophisticated".
0
Comment
Question by:jmarkfoley
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 3
10 Comments
 
LVL 9

Expert Comment

by:arioh
ID: 40587829
You can try Jespa or Waffle (if you run on Windows)
0
 
LVL 1

Author Comment

by:jmarkfoley
ID: 40587879
Nope, running on Linux.
0
 
LVL 12

Expert Comment

by:Sharon Seth
ID: 40588100
Most probably , you should do this by utilising LDAP , but not sure how exactly . But then , did you check this :
http://www.javaxt.com/Tutorials/Windows/How_to_Authenticate_Users_with_Active_Directory
0
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

 
LVL 9

Expert Comment

by:arioh
ID: 40588439
My "if you run on Windows" was for Waffle. Jespa is platform independent and it should work on Linux.
0
 
LVL 1

Author Comment

by:jmarkfoley
ID: 40589019
arioh: Sorry, I didn't get that your "Windows" comment applied to Waffle only. I'm downloading Jespa now and will experiment.

Sharon Seth: That link looks interesting and (relatively) compact. All I need is Authentication and Jespa might be overkill -- if I can get it to work. The ActiveDirectory.java source listed on the link site compiled with an odd warning I've not see before:
$ javac ActiveDirectory.java
Note: ActiveDirectory.java uses unchecked or unsafe operations.
Note: Recompile with -Xlint:unchecked for details.

Open in new window

Running with the recommended -Xlint:unchecked gives:
ActiveDirectory.java:88: warning: [unchecked] unchecked call to put(K,V) as a member of the raw type Hashtable
        props.put(Context.SECURITY_PRINCIPAL, principalName);
                 ^
  where K,V are type-variables:
    K extends Object declared in class Hashtable
    V extends Object declared in class Hashtable
:

Open in new window

and 3 more similar warnings on the pros.put() function ... which is equally unintelligible to me. Also, the compile results in 4 class files:

ActiveDirectory.class
ActiveDirectory$User.class
ActiveDirectory$User$2.class
ActiveDirectory$User$1.class

I've created jarfiles and such, but never really seen this kind of compile results. Suggestion on what to do with them? Put them all into a jarfile?
0
 
LVL 1

Author Comment

by:jmarkfoley
ID: 40589072
I'm experimenting with the ActiveDirectory.java code in Sharon Seth's link, but classpaths and jarfiles continuously stump me. I've put the class files shown in my previous post into the directory ActiveDirectory/ and create a jarfile - ActiveDirectory.jar. I could use some java coding help to get this referenced properly:
$ cp ActiveDirecotry*.class ActiveDirectory/
$ jar -cvf ActiveDirectory.jar ActiveDirecotry

>jar tvf ActiveDirectory.jar
     0 Wed Feb 04 11:56:20 EST 2015 META-INF/
    68 Wed Feb 04 11:56:20 EST 2015 META-INF/MANIFEST.MF
     0 Wed Feb 04 11:55:56 EST 2015 ActiveDirectory/
   520 Wed Feb 04 11:48:52 EST 2015 ActiveDirectory/ActiveDirectory$User$1.class
   705 Wed Feb 04 11:48:52 EST 2015 ActiveDirectory/ActiveDirectory$User$2.class
  4507 Wed Feb 04 11:48:52 EST 2015 ActiveDirectory/ActiveDirectory$User.class
  5347 Wed Feb 04 11:48:52 EST 2015 ActiveDirectory/ActiveDirectory.class

Open in new window

I then created a test program:
import ActiveDirectory.*;

class testActiveDirectory {

public static void main(String[] args)
{
    try{
        LdapContext ctx = ActiveDirectory.getConnection("mark", "glacon_9");
        ctx.close();
    }
    catch(Exception e){
        //Failed to authenticate user!
        e.printStackTrace();
    }
}
}

Open in new window

added the jarfile to my classpath:
export CLASSPATH=$CLASSPATH:$HOME/java/ActiveDirectory.jar

Open in new window

And tried to compile the test program:
javac testActiveDirectory.java
testActiveDirectory.java:9: error: cannot find symbol
        LdapContext ctx = ActiveDirectory.getConnection("mark", "glacon_9");
        ^
  symbol:   class LdapContext
  location: class testActiveDirectory
testActiveDirectory.java:9: error: cannot access ActiveDirectory
        LdapContext ctx = ActiveDirectory.getConnection("bob", "password","domain");
                          ^
  bad class file: /home/mfoley/java/ActiveDirectory.jar(ActiveDirectory/ActiveDirectory.class)
    class file contains wrong class: javaxt.security.ActiveDirectory
    Please remove or make sure it appears in the correct subdirectory of the classpath.
2 errors

Open in new window

So, my first hurdle is lack of expertise in java. Could one of you gurus tell me what I'm doing wrong here?
0
 
LVL 9

Expert Comment

by:arioh
ID: 40593452
You have wrong package (jar) structure for ActiveDirectory.jar
$ cp ActiveDirecotry*.class javaxt/security/
$ jar -cvf ActiveDirectory.jar javaxt

Open in new window

0
 
LVL 1

Author Comment

by:jmarkfoley
ID: 40593924
OK, I see, because of the "package javaxt.sercurity;" in the first line of the ActiveDirectory.java program.

Still errors. Is my import statement wrong? The ActiveDirectory.java program does import javax.naming.ldap.LdapContext in line 12.

program:
import javaxt.security.ActiveDirectory.*;

class testActiveDirectory {

public static void main(String[] args)
{
    try{
        LdapContext ctx = ActiveDirectory.getConnection("mark", "glacon_9");
        ctx.close();
    }
    catch(Exception e){
        //Failed to authenticate user!
        e.printStackTrace();
    }
}
}

Open in new window

errors:
$ javac testActiveDirectory.java
testActiveDirectory.java:9: error: cannot find symbol
        LdapContext ctx = ActiveDirectory.getConnection("mark", "glacon_9");
        ^
  symbol:   class LdapContext
  location: class testActiveDirectory
testActiveDirectory.java:9: error: cannot find symbol
        LdapContext ctx = ActiveDirectory.getConnection("user", "password");
                          ^
  symbol:   variable ActiveDirectory
  location: class testActiveDirectory
2 errors

Open in new window

0
 
LVL 1

Accepted Solution

by:
jmarkfoley earned 0 total points
ID: 40757243
OK, since we've all lost interest in the java solution on this, I've created a command line kludge that is compact and works. Perhaps I can revisit this some day to figure out why my more orthodox java code won't compile.

What I did was to create a tomcat user on the DC/AD host (same as the user that runs the jsp apps on the web server). Inside the .jsp program I wrote the following to a text file:

ntlm.write("ssh tomcat@mail ntlm_auth --username=\"" + request.getParameter("userId") +
      "\" --password=\"" + request.getParameter("password") + "\" 2>&1 > " + ntlmPath + ".out\n");

I set that to executable and ran it with Runtime.getRuntime().exec(command). Then I collected the results from the .out file to which I had redirected the command output.

This works relatively quickly (no noticable delay from the user's perspective) and has worked perfectly for many weeks now.

Certainly a kludge, but in the absence of being able to figure out how to compile the wholly java solutions it does the trick.
0
 
LVL 1

Author Closing Comment

by:jmarkfoley
ID: 40766392
I figured out a working solution not related to the proposed solutions. I could not get the proposed solutions to work and received no further ideas on how to get them to work.
0

Featured Post

MS Dynamics Made Instantly Simpler

Make Your Microsoft Dynamics Investment Count  & Drastically Decrease Training Time by Providing Intuitive Step-By-Step WalkThru Tutorials.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
In-place Upgrading Dirsync to Azure AD Connect
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

710 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question