FileDocCategorySizeDatePackage
SolarisLoginModule.javaAPI DocJava SE 5 API9399Fri Aug 26 14:56:16 BST 2005com.sun.security.auth.module

SolarisLoginModule

public class SolarisLoginModule extends Object implements LoginModule

This LoginModule imports a user's Solaris Principal information (SolarisPrincipal, SolarisNumericUserPrincipal, and SolarisNumericGroupPrincipal) and associates them with the current Subject.

This LoginModule recognizes the debug option. If set to true in the login Configuration, debug messages will be output to the output stream, System.out.

deprecated
As of JDK1.4, replaced by com.sun.security.auth.module.UnixLoginModule. This LoginModule is entirely deprecated and is here to allow for a smooth transition to the new UnixLoginModule.
version
1.19, 01/11/00

Fields Summary
private Subject
subject
private CallbackHandler
callbackHandler
private Map
sharedState
private Map
options
private boolean
debug
private SolarisSystem
ss
private boolean
succeeded
private boolean
commitSucceeded
private SolarisPrincipal
userPrincipal
private SolarisNumericUserPrincipal
UIDPrincipal
private SolarisNumericGroupPrincipal
GIDPrincipal
private LinkedList
supplementaryGroups
Constructors Summary
Methods Summary
public booleanabort()
Abort the authentication (second phase).

This method is called if the LoginContext's overall authentication failed. (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules did not succeed).

This method cleans up any state that was originally saved as part of the authentication attempt from the login and commit methods.

exception
LoginException if the abort fails
return
false if this LoginModule's own login and/or commit attempts failed, and true otherwise.

	if (debug) {
	    System.out.println("\t\t[SolarisLoginModule]: " +
		"aborted authentication attempt");
	}

	if (succeeded == false) {
	    return false;
	} else if (succeeded == true && commitSucceeded == false) {

	    // Clean out state
	    succeeded = false;
	    ss = null;
	    userPrincipal = null;
	    UIDPrincipal = null;
	    GIDPrincipal = null;
	    supplementaryGroups = new LinkedList();
	} else {
	    // overall authentication succeeded and commit succeeded,
	    // but someone else's commit failed
	    logout();
	}
	return true;
    
public booleancommit()
Commit the authentication (second phase).

This method is called if the LoginContext's overall authentication succeeded (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules succeeded).

If this LoginModule's own authentication attempt succeeded (the importing of the Solaris authentication information succeeded), then this method associates the Solaris Principals with the Subject currently tied to the LoginModule. If this LoginModule's authentication attempted failed, then this method removes any state that was originally saved.

exception
LoginException if the commit fails
return
true if this LoginModule's own login and commit attempts succeeded, or false otherwise.

	if (succeeded == false) {
	    if (debug) {
		System.out.println("\t\t[SolarisLoginModule]: " +
		    "did not add any Principals to Subject " +
		    "because own authentication failed.");
	    }
	    return false;
	} 
	if (subject.isReadOnly()) {
	    throw new LoginException ("Subject is Readonly");
	}
	if (!subject.getPrincipals().contains(userPrincipal))
	    subject.getPrincipals().add(userPrincipal);
	if (!subject.getPrincipals().contains(UIDPrincipal))
	    subject.getPrincipals().add(UIDPrincipal);
	if (!subject.getPrincipals().contains(GIDPrincipal))
	    subject.getPrincipals().add(GIDPrincipal);
	for (int i = 0; i < supplementaryGroups.size(); i++) {
	    if (!subject.getPrincipals().contains
		((SolarisNumericGroupPrincipal)supplementaryGroups.get(i)))
		subject.getPrincipals().add((SolarisNumericGroupPrincipal)
					    supplementaryGroups.get(i));
	}
	
	if (debug) {
	    System.out.println("\t\t[SolarisLoginModule]: " +
			       "added SolarisPrincipal,");
	    System.out.println("\t\t\t\tSolarisNumericUserPrincipal,");
	    System.out.println("\t\t\t\tSolarisNumericGroupPrincipal(s),");
	    System.out.println("\t\t\t to Subject");
	}
	
	commitSucceeded = true;
	return true;
    
public voidinitialize(javax.security.auth.Subject subject, javax.security.auth.callback.CallbackHandler callbackHandler, java.util.Map sharedState, java.util.Map options)
Initialize this LoginModule.

param
subject the Subject to be authenticated.

param
callbackHandler a CallbackHandler for communicating with the end user (prompting for usernames and passwords, for example).

param
sharedState shared LoginModule state.

param
options options specified in the login Configuration for this particular LoginModule.


                      			       			                			   			     
         
			    
			    
    

	this.subject = subject;
	this.callbackHandler = callbackHandler;
	this.sharedState = sharedState;
	this.options = options;

	// initialize any configured options
	debug = "true".equalsIgnoreCase((String)options.get("debug"));
    
public booleanlogin()
Authenticate the user (first phase).

The implementation of this method attempts to retrieve the user's Solaris Subject information by making a native Solaris system call.

exception
FailedLoginException if attempts to retrieve the underlying system information fail.
return
true in all cases (this LoginModule should not be ignored).


	long[] solarisGroups = null;

	ss = new SolarisSystem();

	if (ss == null) {
	    succeeded = false;
	    throw new FailedLoginException
				("Failed in attempt to import " +
				"the underlying system identity information");
	} else {
	    userPrincipal = new SolarisPrincipal(ss.getUsername());
	    UIDPrincipal = new SolarisNumericUserPrincipal(ss.getUid());
	    GIDPrincipal = new SolarisNumericGroupPrincipal(ss.getGid(), true);
	    if (ss.getGroups() != null && ss.getGroups().length > 0)
		solarisGroups = ss.getGroups();
		for (int i = 0; i < solarisGroups.length; i++) {
		    SolarisNumericGroupPrincipal ngp =
			new SolarisNumericGroupPrincipal
			(solarisGroups[i], false);
		    if (!ngp.getName().equals(GIDPrincipal.getName()))
			supplementaryGroups.add(ngp);
		}
	    if (debug) {
		System.out.println("\t\t[SolarisLoginModule]: " +
			"succeeded importing info: ");
		System.out.println("\t\t\tuid = " + ss.getUid());
		System.out.println("\t\t\tgid = " + ss.getGid());
		solarisGroups = ss.getGroups();
		for (int i = 0; i < solarisGroups.length; i++) {
		    System.out.println("\t\t\tsupp gid = " + solarisGroups[i]);
		}
	    }
	    succeeded = true;
	    return true;
	}
    
public booleanlogout()
Logout the user

This method removes the Principals associated with the Subject.

exception
LoginException if the logout fails
return
true in all cases (this LoginModule should not be ignored).

	if (debug) {
	    System.out.println("\t\t[SolarisLoginModule]: " +
		"Entering logout");
	}
	if (subject.isReadOnly()) {
	    throw new LoginException ("Subject is Readonly");
	}
	// remove the added Principals from the Subject
	subject.getPrincipals().remove(userPrincipal);
	subject.getPrincipals().remove(UIDPrincipal);
	subject.getPrincipals().remove(GIDPrincipal);
	for (int i = 0; i < supplementaryGroups.size(); i++) {
	    subject.getPrincipals().remove
		    ((SolarisNumericGroupPrincipal)supplementaryGroups.get(i));
	}

	// clean out state
	ss = null;
	succeeded = false;
	commitSucceeded = false;
	userPrincipal = null;
	UIDPrincipal = null;
	GIDPrincipal = null;
	supplementaryGroups = new LinkedList();

	if (debug) {
	    System.out.println("\t\t[SolarisLoginModule]: " +
		"logged out Subject");
	}
	return true;