NTLoginModulepublic class NTLoginModule extends Object implements LoginModule This LoginModule
renders a user's NT security information as some number of
Principal s
and associates them with a Subject .
This LoginModule recognizes the debug option.
If set to true in the login Configuration,
debug messages will be output to the output stream, System.out.
This LoginModule also recognizes the debugNative option.
If set to true in the login Configuration,
debug messages from the native component of the module
will be output to the output stream, System.out. |
Fields Summary |
---|
private NTSystem | ntSystem | private Subject | subject | private CallbackHandler | callbackHandler | private Map | sharedState | private Map | options | private boolean | debug | private boolean | debugNative | private boolean | succeeded | private boolean | commitSucceeded | private NTUserPrincipal | userPrincipal | private NTSidUserPrincipal | userSID | private NTDomainPrincipal | userDomain | private NTSidDomainPrincipal | domainSID | private NTSidPrimaryGroupPrincipal | primaryGroup | private NTSidGroupPrincipal[] | groups | private NTNumericCredential | iToken |
Methods Summary |
---|
public boolean | abort() This method is called if the LoginContext's
overall authentication failed.
(the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules
did not succeed).
If this LoginModule's own authentication attempt
succeeded (checked by retrieving the private state saved by the
login and commit methods),
then this method cleans up any state that was originally saved.
if (debug) {
System.out.println("\t\t[NTLoginModule]: " +
"aborted authentication attempt");
}
if (succeeded == false) {
return false;
} else if (succeeded == true && commitSucceeded == false) {
ntSystem = null;
userPrincipal = null;
userSID = null;
userDomain = null;
domainSID = null;
primaryGroup = null;
groups = null;
iToken = null;
succeeded = false;
} else {
// overall authentication succeeded and commit succeeded,
// but someone else's commit failed
logout();
}
return succeeded;
| public boolean | commit() This method is called if the LoginContext's
overall authentication succeeded
(the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules
succeeded).
If this LoginModule's own authentication attempt
succeeded (checked by retrieving the private state saved by the
login method), then this method associates some
number of various Principal s
with the Subject located in the
LoginModuleContext . If this LoginModule's own
authentication attempted failed, then this method removes
any state that was originally saved.
if (succeeded == false) {
if (debug) {
System.out.println("\t\t[NTLoginModule]: " +
"did not add any Principals to Subject " +
"because own authentication failed.");
}
return false;
}
if (subject.isReadOnly()) {
throw new LoginException ("Subject is ReadOnly");
}
Set principals = subject.getPrincipals();
// we must have a userPrincipal - everything else is optional
if (!principals.contains(userPrincipal)) {
principals.add(userPrincipal);
}
if (userSID != null && !principals.contains(userSID)) {
principals.add(userSID);
}
if (userDomain != null && !principals.contains(userDomain)) {
principals.add(userDomain);
}
if (domainSID != null && !principals.contains(domainSID)) {
principals.add(domainSID);
}
if (primaryGroup != null && !principals.contains(primaryGroup)) {
principals.add(primaryGroup);
}
for (int i = 0; groups != null && i < groups.length; i++) {
if (!principals.contains(groups[i])) {
principals.add(groups[i]);
}
}
Set pubCreds = subject.getPublicCredentials();
if (iToken != null && !pubCreds.contains(iToken)) {
pubCreds.add(iToken);
}
commitSucceeded = true;
return true;
| public void | initialize(javax.security.auth.Subject subject, javax.security.auth.callback.CallbackHandler callbackHandler, java.util.Map sharedState, java.util.Map options)Initialize this LoginModule .
// impersonation token
this.subject = subject;
this.callbackHandler = callbackHandler;
this.sharedState = sharedState;
this.options = options;
// initialize any configured options
debug = "true".equalsIgnoreCase((String)options.get("debug"));
debugNative="true".equalsIgnoreCase((String)options.get("debugNative"));
if (debugNative == true) {
debug = true;
}
| public boolean | login()Import underlying NT system identity information.
succeeded = false; // Indicate not yet successful
ntSystem = new NTSystem(debugNative);
if (ntSystem == null) {
if (debug) {
System.out.println("\t\t[NTLoginModule] " +
"Failed in NT login");
}
throw new FailedLoginException
("Failed in attempt to import the " +
"underlying NT system identity information");
}
if (ntSystem.getName() == null) {
throw new FailedLoginException
("Failed in attempt to import the " +
"underlying NT system identity information");
}
userPrincipal = new NTUserPrincipal(ntSystem.getName());
if (debug) {
System.out.println("\t\t[NTLoginModule] " +
"succeeded importing info: ");
System.out.println("\t\t\tuser name = " +
userPrincipal.getName());
}
if (ntSystem.getUserSID() != null) {
userSID = new NTSidUserPrincipal(ntSystem.getUserSID());
if (debug) {
System.out.println("\t\t\tuser SID = " +
userSID.getName());
}
}
if (ntSystem.getDomain() != null) {
userDomain = new NTDomainPrincipal(ntSystem.getDomain());
if (debug) {
System.out.println("\t\t\tuser domain = " +
userDomain.getName());
}
}
if (ntSystem.getDomainSID() != null) {
domainSID =
new NTSidDomainPrincipal(ntSystem.getDomainSID());
if (debug) {
System.out.println("\t\t\tuser domain SID = " +
domainSID.getName());
}
}
if (ntSystem.getPrimaryGroupID() != null) {
primaryGroup =
new NTSidPrimaryGroupPrincipal(ntSystem.getPrimaryGroupID());
if (debug) {
System.out.println("\t\t\tuser primary group = " +
primaryGroup.getName());
}
}
if (ntSystem.getGroupIDs() != null &&
ntSystem.getGroupIDs().length > 0) {
String groupSIDs[] = ntSystem.getGroupIDs();
groups = new NTSidGroupPrincipal[groupSIDs.length];
for (int i = 0; i < groupSIDs.length; i++) {
groups[i] = new NTSidGroupPrincipal(groupSIDs[i]);
if (debug) {
System.out.println("\t\t\tuser group = " +
groups[i].getName());
}
}
}
if (ntSystem.getImpersonationToken() != 0) {
iToken = new NTNumericCredential(ntSystem.getImpersonationToken());
if (debug) {
System.out.println("\t\t\timpersonation token = " +
ntSystem.getImpersonationToken());
}
}
succeeded = true;
return succeeded;
| public boolean | logout()Logout the user.
This method removes the NTUserPrincipal ,
NTDomainPrincipal , NTSidUserPrincipal ,
NTSidDomainPrincipal , NTSidGroupPrincipal s,
and NTSidPrimaryGroupPrincipal
that may have been added by the commit method.
if (subject.isReadOnly()) {
throw new LoginException ("Subject is ReadOnly");
}
Set principals = subject.getPrincipals();
if (principals.contains(userPrincipal)) {
principals.remove(userPrincipal);
}
if (principals.contains(userSID)) {
principals.remove(userSID);
}
if (principals.contains(userDomain)) {
principals.remove(userDomain);
}
if (principals.contains(domainSID)) {
principals.remove(domainSID);
}
if (principals.contains(primaryGroup)) {
principals.remove(primaryGroup);
}
for (int i = 0; groups != null && i < groups.length; i++) {
if (principals.contains(groups[i])) {
principals.remove(groups[i]);
}
}
Set pubCreds = subject.getPublicCredentials();
if (pubCreds.contains(iToken)) {
pubCreds.remove(iToken);
}
succeeded = false;
commitSucceeded = false;
userPrincipal = null;
userDomain = null;
userSID = null;
domainSID = null;
groups = null;
primaryGroup = null;
iToken = null;
ntSystem = null;
if (debug) {
System.out.println("\t\t[NTLoginModule] " +
"completed logout processing");
}
return true;
|
|