From 6b0196e20088046fd0f3f248a1e68cb69912d944 Mon Sep 17 00:00:00 2001
From: Stef Walter <stef@memberwebs.com>
Date: Wed, 7 Jun 2006 01:43:57 +0000
Subject:   - Disable NTLM via servlet and Jetty java authenticators (a custom
 one     which provides connection id info is needed).

---
 ChangeLog                                                             | 2 ++
 java/src/com/memberwebs/httpauth/jetty/JettyHttpAuthenticator.java    | 4 +++-
 .../src/com/memberwebs/httpauth/servlet/ServletHttpAuthenticator.java | 4 +++-
 3 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 559c2f6..a96a9b1 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,8 @@
 0.5.2
   - Better messages when keepalives are not used with NTLM
   - Fix problems in java servlet authenticator [Ross Elliot]
+  - Disable NTLM via servlet and Jetty java authenticators (a custom one
+    which provides connection id info is needed).
 
 0.5.1
   - Fix problem with NTLM connection caching
diff --git a/java/src/com/memberwebs/httpauth/jetty/JettyHttpAuthenticator.java b/java/src/com/memberwebs/httpauth/jetty/JettyHttpAuthenticator.java
index bcca142..1b89436 100644
--- a/java/src/com/memberwebs/httpauth/jetty/JettyHttpAuthenticator.java
+++ b/java/src/com/memberwebs/httpauth/jetty/JettyHttpAuthenticator.java
@@ -102,7 +102,9 @@ public class JettyHttpAuthenticator
 
         try
         {
-            user = authenticateRequest(request, response, "XXX", request.getMethod(),
+            // Connection ID is random. This prevents NTLM from working :(
+            String connid = "" + Math.random();
+            user = authenticateRequest(request, response, connid, request.getMethod(),
                                        request.getURI().toString(), authtypes);
         }
         catch(HttpAuthException e)
diff --git a/java/src/com/memberwebs/httpauth/servlet/ServletHttpAuthenticator.java b/java/src/com/memberwebs/httpauth/servlet/ServletHttpAuthenticator.java
index be4902f..da1edee 100644
--- a/java/src/com/memberwebs/httpauth/servlet/ServletHttpAuthenticator.java
+++ b/java/src/com/memberwebs/httpauth/servlet/ServletHttpAuthenticator.java
@@ -114,7 +114,9 @@ public class ServletHttpAuthenticator
 
         try
         {
-            return authenticateRequest(req, resp, "XXX", method, uri, authtypes);
+            // Connection ID is random. This prevents NTLM from working :(
+            String connid = "" + Math.random();
+            return authenticateRequest(req, resp, connid, method, uri, authtypes);
         }
         catch(HttpAuthException e)
         {
-- 
cgit v1.2.3