- In the Jetty authenticator generate a unique authentication identifier

    which facilitates NTLM authentication

3 files changed, 21 insertions, 5 deletions

diff --git a/ChangeLog b/ChangeLog
index b5ccf3a..365ee61 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,8 @@
   - Guarantee unique connection identfier for NTLM when using apache2
   - Fix crasher when doing basic auth.
   - Allow numbers in handler names.
+  - In the Jetty authenticator generate a unique authentication identifier
+    which facilitates NTLM authentication
 
 0.5.2
   - Better messages when keepalives are not used with NTLM
diff --git a/configure.in b/configure.in
index 33d877c..34ac2aa 100644
--- a/configure.in
+++ b/configure.in
@@ -36,8 +36,8 @@ dnl  Nate Nielsen <nielsen@memberwebs.com>
 dnl 
 
 dnl Process this file with autoconf to produce a configure script.
-AC_INIT(httpauth, 0.5.2.91, nielsen@memberwebs.com)
-AM_INIT_AUTOMAKE(httpauth, 0.5.2.91)
+AC_INIT(httpauth, 0.5.2.92, nielsen@memberwebs.com)
+AM_INIT_AUTOMAKE(httpauth, 0.5.2.92)
 
 LDFLAGS="$LDFLAGS -L/usr/local/lib"
 CFLAGS="$CFLAGS -I/usr/local/include -g -O0"
diff --git a/java/src/com/memberwebs/httpauth/jetty/JettyHttpAuthenticator.java b/java/src/com/memberwebs/httpauth/jetty/JettyHttpAuthenticator.java
index 1b89436..0bf826d 100644
--- a/java/src/com/memberwebs/httpauth/jetty/JettyHttpAuthenticator.java
+++ b/java/src/com/memberwebs/httpauth/jetty/JettyHttpAuthenticator.java
@@ -100,11 +100,25 @@ public class JettyHttpAuthenticator
 
         String user = null;
 
+        // Build a unique and consistent Connection ID so that NTLM works
+        Object obj = request.getHttpConnection().getObject();
+        if(obj == null)
+        {
+        	obj = "" + Math.random();
+        	request.getHttpConnection().setObject(obj);
+        }
+
+        StringBuffer connid = new StringBuffer(32);
+        connid.append(obj.toString());
+        connid.append(":");
+        connid.append(obj.hashCode());
+        connid.append(":");
+        connid.append(request.getHttpConnection().hashCode());
+
         try
         {
-            // Connection ID is random. This prevents NTLM from working :(
-            String connid = "" + Math.random();
-            user = authenticateRequest(request, response, connid, request.getMethod(),
+        	// Send off to httpauth for authentication
+            user = authenticateRequest(request, response, connid.toString(), request.getMethod(),
                                        request.getURI().toString(), authtypes);
         }
         catch(HttpAuthException e)