FileDocCategorySizeDatePackage
NTLoginModule.javaAPI DocJava SE 5 API11447Fri Aug 26 14:56:16 BST 2005com.sun.security.auth.module

NTLoginModule

public class NTLoginModule extends Object implements LoginModule

This LoginModule renders a user's NT security information as some number of Principals and associates them with a Subject.

This LoginModule recognizes the debug option. If set to true in the login Configuration, debug messages will be output to the output stream, System.out.

This LoginModule also recognizes the debugNative option. If set to true in the login Configuration, debug messages from the native component of the module will be output to the output stream, System.out.

version
1.10, 05/05/04
see
javax.security.auth.spi.LoginModule

Fields Summary
private NTSystem
ntSystem
private Subject
subject
private CallbackHandler
callbackHandler
private Map
sharedState
private Map
options
private boolean
debug
private boolean
debugNative
private boolean
succeeded
private boolean
commitSucceeded
private NTUserPrincipal
userPrincipal
private NTSidUserPrincipal
userSID
private NTDomainPrincipal
userDomain
private NTSidDomainPrincipal
domainSID
private NTSidPrimaryGroupPrincipal
primaryGroup
private NTSidGroupPrincipal[]
groups
private NTNumericCredential
iToken
Constructors Summary
Methods Summary
public booleanabort()

This method is called if the LoginContext's overall authentication failed. (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules did not succeed).

If this LoginModule's own authentication attempt succeeded (checked by retrieving the private state saved by the login and commit methods), then this method cleans up any state that was originally saved.

exception
LoginException if the abort fails.
return
false if this LoginModule's own login and/or commit attempts failed, and true otherwise.

	if (debug) {
	    System.out.println("\t\t[NTLoginModule]: " +
		"aborted authentication attempt");
	}

	if (succeeded == false) {
	    return false;
	} else if (succeeded == true && commitSucceeded == false) {
	    ntSystem = null;
	    userPrincipal = null;
	    userSID = null;
	    userDomain = null;
	    domainSID = null;
	    primaryGroup = null;
	    groups = null;
	    iToken = null;
	    succeeded = false;
	} else {
	    // overall authentication succeeded and commit succeeded,
	    // but someone else's commit failed
	    logout();
	}
	return succeeded;
    
public booleancommit()

This method is called if the LoginContext's overall authentication succeeded (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules succeeded).

If this LoginModule's own authentication attempt succeeded (checked by retrieving the private state saved by the login method), then this method associates some number of various Principals with the Subject located in the LoginModuleContext. If this LoginModule's own authentication attempted failed, then this method removes any state that was originally saved.

exception
LoginException if the commit fails.
return
true if this LoginModule's own login and commit attempts succeeded, or false otherwise.

	if (succeeded == false) {
	    if (debug) {
		System.out.println("\t\t[NTLoginModule]: " +
		    "did not add any Principals to Subject " +
		    "because own authentication failed.");
	    }
	    return false;
	} 
	if (subject.isReadOnly()) {
	    throw new LoginException ("Subject is ReadOnly");
	}
	Set principals = subject.getPrincipals();

	// we must have a userPrincipal - everything else is optional
	if (!principals.contains(userPrincipal)) {
	    principals.add(userPrincipal);
	}
	if (userSID != null && !principals.contains(userSID)) {
	    principals.add(userSID);
	}

	if (userDomain != null && !principals.contains(userDomain)) {
	    principals.add(userDomain);
	}
	if (domainSID != null && !principals.contains(domainSID)) {
	    principals.add(domainSID);
	}

	if (primaryGroup != null && !principals.contains(primaryGroup)) {
	    principals.add(primaryGroup);
	}
	for (int i = 0; groups != null && i < groups.length; i++) {
	    if (!principals.contains(groups[i])) {
		principals.add(groups[i]);
	    }
	}
	
	Set pubCreds = subject.getPublicCredentials();
	if (iToken != null && !pubCreds.contains(iToken)) {
	    pubCreds.add(iToken);
	}
	commitSucceeded = true;
	return true;
    
public voidinitialize(javax.security.auth.Subject subject, javax.security.auth.callback.CallbackHandler callbackHandler, java.util.Map sharedState, java.util.Map options)
Initialize this LoginModule.

param
subject the Subject to be authenticated.

param
callbackHandler a CallbackHandler for communicating with the end user (prompting for usernames and passwords, for example). This particular LoginModule only extracts the underlying NT system information, so this parameter is ignored.

param
sharedState shared LoginModule state.

param
options options specified in the login Configuration for this particular LoginModule.

			// impersonation token

                      		       		                                                			   			     
         
			    
			    
    
 
	this.subject = subject;
	this.callbackHandler = callbackHandler;
	this.sharedState = sharedState;
	this.options = options;

	// initialize any configured options
	debug = "true".equalsIgnoreCase((String)options.get("debug"));
	debugNative="true".equalsIgnoreCase((String)options.get("debugNative"));

	if (debugNative == true) {
	    debug = true;
	}
    
public booleanlogin()
Import underlying NT system identity information.

return
true in all cases since this LoginModule should not be ignored.
exception
FailedLoginException if the authentication fails.

exception
LoginException if this LoginModule is unable to perform the authentication.

        
	succeeded = false; // Indicate not yet successful
	
	ntSystem = new NTSystem(debugNative);
	if (ntSystem == null) {
	    if (debug) {
		System.out.println("\t\t[NTLoginModule] " +
				   "Failed in NT login");
	    }
	    throw new FailedLoginException
		("Failed in attempt to import the " +
		 "underlying NT system identity information");
	}
	
	if (ntSystem.getName() == null) {
	    throw new FailedLoginException
		("Failed in attempt to import the " +
		 "underlying NT system identity information");
	}
	userPrincipal = new NTUserPrincipal(ntSystem.getName());
	if (debug) {
	    System.out.println("\t\t[NTLoginModule] " +
			       "succeeded importing info: ");
	    System.out.println("\t\t\tuser name = " +
		userPrincipal.getName());
	}

	if (ntSystem.getUserSID() != null) {
	    userSID = new NTSidUserPrincipal(ntSystem.getUserSID());
	    if (debug) {
		System.out.println("\t\t\tuser SID = " +
			userSID.getName());
	    }
	}
	if (ntSystem.getDomain() != null) {
	    userDomain = new NTDomainPrincipal(ntSystem.getDomain());
	    if (debug) {
		System.out.println("\t\t\tuser domain = " +
			userDomain.getName());
	    }
	}
	if (ntSystem.getDomainSID() != null) {
	    domainSID =
		new NTSidDomainPrincipal(ntSystem.getDomainSID());
	    if (debug) {
		System.out.println("\t\t\tuser domain SID = " +
			domainSID.getName());
	    }
	}
	if (ntSystem.getPrimaryGroupID() != null) {
	    primaryGroup = 
		new NTSidPrimaryGroupPrincipal(ntSystem.getPrimaryGroupID());
	    if (debug) {
		System.out.println("\t\t\tuser primary group = " +
			primaryGroup.getName());
	    }
	}
	if (ntSystem.getGroupIDs() != null &&
	    ntSystem.getGroupIDs().length > 0) {

	    String groupSIDs[] = ntSystem.getGroupIDs();
	    groups = new NTSidGroupPrincipal[groupSIDs.length];
	    for (int i = 0; i < groupSIDs.length; i++) {
		groups[i] = new NTSidGroupPrincipal(groupSIDs[i]);
		if (debug) {
		    System.out.println("\t\t\tuser group = " +
			groups[i].getName());
		}
	    }
	}
	if (ntSystem.getImpersonationToken() != 0) {
	    iToken = new NTNumericCredential(ntSystem.getImpersonationToken());
	    if (debug) {
		System.out.println("\t\t\timpersonation token = " +
			ntSystem.getImpersonationToken());
	    }
	}

	succeeded = true;
	return succeeded;
    
public booleanlogout()
Logout the user.

This method removes the NTUserPrincipal, NTDomainPrincipal, NTSidUserPrincipal, NTSidDomainPrincipal, NTSidGroupPrincipals, and NTSidPrimaryGroupPrincipal that may have been added by the commit method.

exception
LoginException if the logout fails.
return
true in all cases since this LoginModule should not be ignored.


	if (subject.isReadOnly()) {
	    throw new LoginException ("Subject is ReadOnly");
	}
	Set principals = subject.getPrincipals();
	if (principals.contains(userPrincipal)) {
	    principals.remove(userPrincipal);
	}
	if (principals.contains(userSID)) {
	    principals.remove(userSID);
	}
	if (principals.contains(userDomain)) {
	    principals.remove(userDomain);
	}
	if (principals.contains(domainSID)) {
	    principals.remove(domainSID);
	}
	if (principals.contains(primaryGroup)) {
	    principals.remove(primaryGroup);
	}
	for (int i = 0; groups != null && i < groups.length; i++) {
	    if (principals.contains(groups[i])) {
		principals.remove(groups[i]);
	    }
	}

	Set pubCreds = subject.getPublicCredentials();
	if (pubCreds.contains(iToken)) {
	    pubCreds.remove(iToken);
	}
	
	succeeded = false;
	commitSucceeded = false;
	userPrincipal = null;
	userDomain = null;
	userSID = null;
	domainSID = null;
	groups = null;
	primaryGroup = null;
	iToken = null;
	ntSystem = null;
		
	if (debug) {
		System.out.println("\t\t[NTLoginModule] " +
				"completed logout processing");
	}
	return true;