diff options
-rw-r--r-- | ChangeLog | 2 | ||||
-rw-r--r-- | configure.in | 4 | ||||
-rw-r--r-- | java/src/com/memberwebs/httpauth/jetty/JettyHttpAuthenticator.java | 20 |
3 files changed, 21 insertions, 5 deletions
@@ -2,6 +2,8 @@ - Guarantee unique connection identfier for NTLM when using apache2 - Fix crasher when doing basic auth. - Allow numbers in handler names. + - In the Jetty authenticator generate a unique authentication identifier + which facilitates NTLM authentication 0.5.2 - Better messages when keepalives are not used with NTLM diff --git a/configure.in b/configure.in index 33d877c..34ac2aa 100644 --- a/configure.in +++ b/configure.in @@ -36,8 +36,8 @@ dnl Nate Nielsen <nielsen@memberwebs.com> dnl dnl Process this file with autoconf to produce a configure script. -AC_INIT(httpauth, 0.5.2.91, nielsen@memberwebs.com) -AM_INIT_AUTOMAKE(httpauth, 0.5.2.91) +AC_INIT(httpauth, 0.5.2.92, nielsen@memberwebs.com) +AM_INIT_AUTOMAKE(httpauth, 0.5.2.92) LDFLAGS="$LDFLAGS -L/usr/local/lib" CFLAGS="$CFLAGS -I/usr/local/include -g -O0" diff --git a/java/src/com/memberwebs/httpauth/jetty/JettyHttpAuthenticator.java b/java/src/com/memberwebs/httpauth/jetty/JettyHttpAuthenticator.java index 1b89436..0bf826d 100644 --- a/java/src/com/memberwebs/httpauth/jetty/JettyHttpAuthenticator.java +++ b/java/src/com/memberwebs/httpauth/jetty/JettyHttpAuthenticator.java @@ -100,11 +100,25 @@ public class JettyHttpAuthenticator String user = null; + // Build a unique and consistent Connection ID so that NTLM works + Object obj = request.getHttpConnection().getObject(); + if(obj == null) + { + obj = "" + Math.random(); + request.getHttpConnection().setObject(obj); + } + + StringBuffer connid = new StringBuffer(32); + connid.append(obj.toString()); + connid.append(":"); + connid.append(obj.hashCode()); + connid.append(":"); + connid.append(request.getHttpConnection().hashCode()); + try { - // Connection ID is random. This prevents NTLM from working :( - String connid = "" + Math.random(); - user = authenticateRequest(request, response, connid, request.getMethod(), + // Send off to httpauth for authentication + user = authenticateRequest(request, response, connid.toString(), request.getMethod(), request.getURI().toString(), authtypes); } catch(HttpAuthException e) |