SolarisLoginModulepublic class SolarisLoginModule extends Object implements LoginModule This LoginModule imports a user's Solaris
Principal information (SolarisPrincipal,
SolarisNumericUserPrincipal,
and SolarisNumericGroupPrincipal)
and associates them with the current Subject.
This LoginModule recognizes the debug option.
If set to true in the login Configuration,
debug messages will be output to the output stream, System.out. |
| Fields Summary |
|---|
| private Subject | subject | | private CallbackHandler | callbackHandler | | private Map | sharedState | | private Map | options | | private boolean | debug | | private SolarisSystem | ss | | private boolean | succeeded | | private boolean | commitSucceeded | | private com.sun.security.auth.SolarisPrincipal | userPrincipal | | private com.sun.security.auth.SolarisNumericUserPrincipal | UIDPrincipal | | private com.sun.security.auth.SolarisNumericGroupPrincipal | GIDPrincipal | | private LinkedList | supplementaryGroups |
| Methods Summary |
|---|
| public boolean | abort()Abort the authentication (second phase).
This method is called if the LoginContext's
overall authentication failed.
(the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules
did not succeed).
This method cleans up any state that was originally saved
as part of the authentication attempt from the login
and commit methods.
if (debug) {
System.out.println("\t\t[SolarisLoginModule]: " +
"aborted authentication attempt");
}
if (succeeded == false) {
return false;
} else if (succeeded == true && commitSucceeded == false) {
// Clean out state
succeeded = false;
ss = null;
userPrincipal = null;
UIDPrincipal = null;
GIDPrincipal = null;
supplementaryGroups = new LinkedList();
} else {
// overall authentication succeeded and commit succeeded,
// but someone else's commit failed
logout();
}
return true;
| | public boolean | commit()Commit the authentication (second phase).
This method is called if the LoginContext's
overall authentication succeeded
(the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules
succeeded).
If this LoginModule's own authentication attempt
succeeded (the importing of the Solaris authentication information
succeeded), then this method associates the Solaris Principals
with the Subject currently tied to the
LoginModule. If this LoginModule's
authentication attempted failed, then this method removes
any state that was originally saved.
if (succeeded == false) {
if (debug) {
System.out.println("\t\t[SolarisLoginModule]: " +
"did not add any Principals to Subject " +
"because own authentication failed.");
}
return false;
}
if (subject.isReadOnly()) {
throw new LoginException ("Subject is Readonly");
}
if (!subject.getPrincipals().contains(userPrincipal))
subject.getPrincipals().add(userPrincipal);
if (!subject.getPrincipals().contains(UIDPrincipal))
subject.getPrincipals().add(UIDPrincipal);
if (!subject.getPrincipals().contains(GIDPrincipal))
subject.getPrincipals().add(GIDPrincipal);
for (int i = 0; i < supplementaryGroups.size(); i++) {
if (!subject.getPrincipals().contains
((SolarisNumericGroupPrincipal)supplementaryGroups.get(i)))
subject.getPrincipals().add((SolarisNumericGroupPrincipal)
supplementaryGroups.get(i));
}
if (debug) {
System.out.println("\t\t[SolarisLoginModule]: " +
"added SolarisPrincipal,");
System.out.println("\t\t\t\tSolarisNumericUserPrincipal,");
System.out.println("\t\t\t\tSolarisNumericGroupPrincipal(s),");
System.out.println("\t\t\t to Subject");
}
commitSucceeded = true;
return true;
| | public void | initialize(javax.security.auth.Subject subject, javax.security.auth.callback.CallbackHandler callbackHandler, java.util.Map sharedState, java.util.Map options)Initialize this LoginModule.
this.subject = subject;
this.callbackHandler = callbackHandler;
this.sharedState = sharedState;
this.options = options;
// initialize any configured options
debug = "true".equalsIgnoreCase((String)options.get("debug"));
| | public boolean | login()Authenticate the user (first phase).
The implementation of this method attempts to retrieve the user's
Solaris Subject information by making a native Solaris
system call.
long[] solarisGroups = null;
ss = new SolarisSystem();
if (ss == null) {
succeeded = false;
throw new FailedLoginException
("Failed in attempt to import " +
"the underlying system identity information");
} else {
userPrincipal = new SolarisPrincipal(ss.getUsername());
UIDPrincipal = new SolarisNumericUserPrincipal(ss.getUid());
GIDPrincipal = new SolarisNumericGroupPrincipal(ss.getGid(), true);
if (ss.getGroups() != null && ss.getGroups().length > 0)
solarisGroups = ss.getGroups();
for (int i = 0; i < solarisGroups.length; i++) {
SolarisNumericGroupPrincipal ngp =
new SolarisNumericGroupPrincipal
(solarisGroups[i], false);
if (!ngp.getName().equals(GIDPrincipal.getName()))
supplementaryGroups.add(ngp);
}
if (debug) {
System.out.println("\t\t[SolarisLoginModule]: " +
"succeeded importing info: ");
System.out.println("\t\t\tuid = " + ss.getUid());
System.out.println("\t\t\tgid = " + ss.getGid());
solarisGroups = ss.getGroups();
for (int i = 0; i < solarisGroups.length; i++) {
System.out.println("\t\t\tsupp gid = " + solarisGroups[i]);
}
}
succeeded = true;
return true;
}
| | public boolean | logout()Logout the user
This method removes the Principals associated
with the Subject.
if (debug) {
System.out.println("\t\t[SolarisLoginModule]: " +
"Entering logout");
}
if (subject.isReadOnly()) {
throw new LoginException ("Subject is Readonly");
}
// remove the added Principals from the Subject
subject.getPrincipals().remove(userPrincipal);
subject.getPrincipals().remove(UIDPrincipal);
subject.getPrincipals().remove(GIDPrincipal);
for (int i = 0; i < supplementaryGroups.size(); i++) {
subject.getPrincipals().remove
((SolarisNumericGroupPrincipal)supplementaryGroups.get(i));
}
// clean out state
ss = null;
succeeded = false;
commitSucceeded = false;
userPrincipal = null;
UIDPrincipal = null;
GIDPrincipal = null;
supplementaryGroups = new LinkedList();
if (debug) {
System.out.println("\t\t[SolarisLoginModule]: " +
"logged out Subject");
}
return true;
|
|
