| NTLoginModule.java (10444:f08705540498) | NTLoginModule.java (11820:2083914f9304) |
|---|---|
| 1/* 2 * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided --- 27 unchanged lines hidden (view full) --- 36import com.sun.security.auth.NTSidUserPrincipal; 37import com.sun.security.auth.NTDomainPrincipal; 38import com.sun.security.auth.NTSidDomainPrincipal; 39import com.sun.security.auth.NTSidPrimaryGroupPrincipal; 40import com.sun.security.auth.NTSidGroupPrincipal; 41import com.sun.security.auth.NTNumericCredential; 42 43/** | 1/* 2 * Copyright (c) 2000, 2013, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided --- 27 unchanged lines hidden (view full) --- 36import com.sun.security.auth.NTSidUserPrincipal; 37import com.sun.security.auth.NTDomainPrincipal; 38import com.sun.security.auth.NTSidDomainPrincipal; 39import com.sun.security.auth.NTSidPrimaryGroupPrincipal; 40import com.sun.security.auth.NTSidGroupPrincipal; 41import com.sun.security.auth.NTNumericCredential; 42 43/** |
| 44 * <p> This <code>LoginModule</code> | 44 * This {@code LoginModule} |
| 45 * renders a user's NT security information as some number of | 45 * renders a user's NT security information as some number of |
| 46 * <code>Principal</code>s 47 * and associates them with a <code>Subject</code>. | 46 * {@code Principal}s 47 * and associates them with a {@code Subject}. |
| 48 * 49 * <p> This LoginModule recognizes the debug option. 50 * If set to true in the login Configuration, 51 * debug messages will be output to the output stream, System.out. 52 * 53 * <p> This LoginModule also recognizes the debugNative option. 54 * If set to true in the login Configuration, 55 * debug messages from the native component of the module --- 24 unchanged lines hidden (view full) --- 80 private NTSidUserPrincipal userSID; // user SID 81 private NTDomainPrincipal userDomain; // user domain 82 private NTSidDomainPrincipal domainSID; // domain SID 83 private NTSidPrimaryGroupPrincipal primaryGroup; // primary group 84 private NTSidGroupPrincipal groups[]; // supplementary groups 85 private NTNumericCredential iToken; // impersonation token 86 87 /** | 48 * 49 * <p> This LoginModule recognizes the debug option. 50 * If set to true in the login Configuration, 51 * debug messages will be output to the output stream, System.out. 52 * 53 * <p> This LoginModule also recognizes the debugNative option. 54 * If set to true in the login Configuration, 55 * debug messages from the native component of the module --- 24 unchanged lines hidden (view full) --- 80 private NTSidUserPrincipal userSID; // user SID 81 private NTDomainPrincipal userDomain; // user domain 82 private NTSidDomainPrincipal domainSID; // domain SID 83 private NTSidPrimaryGroupPrincipal primaryGroup; // primary group 84 private NTSidGroupPrincipal groups[]; // supplementary groups 85 private NTNumericCredential iToken; // impersonation token 86 87 /** |
| 88 * Initialize this <code>LoginModule</code>. | 88 * Initialize this {@code LoginModule}. |
| 89 * | 89 * |
| 90 * <p> | 90 * @param subject the {@code Subject} to be authenticated. |
| 91 * | 91 * |
| 92 * @param subject the <code>Subject</code> to be authenticated. <p> 93 * 94 * @param callbackHandler a <code>CallbackHandler</code> for communicating | 92 * @param callbackHandler a {@code CallbackHandler} for communicating |
| 95 * with the end user (prompting for usernames and 96 * passwords, for example). This particular LoginModule only 97 * extracts the underlying NT system information, so this | 93 * with the end user (prompting for usernames and 94 * passwords, for example). This particular LoginModule only 95 * extracts the underlying NT system information, so this |
| 98 * parameter is ignored.<p> | 96 * parameter is ignored. |
| 99 * | 97 * |
| 100 * @param sharedState shared <code>LoginModule</code> state. <p> | 98 * @param sharedState shared {@code LoginModule} state. |
| 101 * 102 * @param options options specified in the login | 99 * 100 * @param options options specified in the login |
| 103 * <code>Configuration</code> for this particular 104 * <code>LoginModule</code>. | 101 * {@code Configuration} for this particular 102 * {@code LoginModule}. |
| 105 */ 106 public void initialize(Subject subject, CallbackHandler callbackHandler, 107 Map<String,?> sharedState, 108 Map<String,?> options) 109 { 110 111 this.subject = subject; 112 this.callbackHandler = callbackHandler; --- 7 unchanged lines hidden (view full) --- 120 if (debugNative == true) { 121 debug = true; 122 } 123 } 124 125 /** 126 * Import underlying NT system identity information. 127 * | 103 */ 104 public void initialize(Subject subject, CallbackHandler callbackHandler, 105 Map<String,?> sharedState, 106 Map<String,?> options) 107 { 108 109 this.subject = subject; 110 this.callbackHandler = callbackHandler; --- 7 unchanged lines hidden (view full) --- 118 if (debugNative == true) { 119 debug = true; 120 } 121 } 122 123 /** 124 * Import underlying NT system identity information. 125 * |
| 128 * <p> 129 * 130 * @return true in all cases since this <code>LoginModule</code> | 126 * @return true in all cases since this {@code LoginModule} |
| 131 * should not be ignored. 132 * | 127 * should not be ignored. 128 * |
| 133 * @exception FailedLoginException if the authentication fails. <p> | 129 * @exception FailedLoginException if the authentication fails. |
| 134 * | 130 * |
| 135 * @exception LoginException if this <code>LoginModule</code> | 131 * @exception LoginException if this {@code LoginModule} |
| 136 * is unable to perform the authentication. 137 */ 138 public boolean login() throws LoginException { 139 140 succeeded = false; // Indicate not yet successful 141 142 try { 143 ntSystem = new NTSystem(debugNative); --- 72 unchanged lines hidden (view full) --- 216 } 217 } 218 219 succeeded = true; 220 return succeeded; 221 } 222 223 /** | 132 * is unable to perform the authentication. 133 */ 134 public boolean login() throws LoginException { 135 136 succeeded = false; // Indicate not yet successful 137 138 try { 139 ntSystem = new NTSystem(debugNative); --- 72 unchanged lines hidden (view full) --- 212 } 213 } 214 215 succeeded = true; 216 return succeeded; 217 } 218 219 /** |
| 224 * <p> This method is called if the LoginContext's | 220 * This method is called if the LoginContext's |
| 225 * overall authentication succeeded 226 * (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules 227 * succeeded). 228 * 229 * <p> If this LoginModule's own authentication attempt 230 * succeeded (checked by retrieving the private state saved by the | 221 * overall authentication succeeded 222 * (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules 223 * succeeded). 224 * 225 * <p> If this LoginModule's own authentication attempt 226 * succeeded (checked by retrieving the private state saved by the |
| 231 * <code>login</code> method), then this method associates some 232 * number of various <code>Principal</code>s 233 * with the <code>Subject</code> located in the 234 * <code>LoginModuleContext</code>. If this LoginModule's own | 227 * {@code login} method), then this method associates some 228 * number of various {@code Principal}s 229 * with the {@code Subject} located in the 230 * {@code LoginModuleContext}. If this LoginModule's own |
| 235 * authentication attempted failed, then this method removes 236 * any state that was originally saved. 237 * | 231 * authentication attempted failed, then this method removes 232 * any state that was originally saved. 233 * |
| 238 * <p> 239 * | |
| 240 * @exception LoginException if the commit fails. 241 * 242 * @return true if this LoginModule's own login and commit 243 * attempts succeeded, or false otherwise. 244 */ 245 public boolean commit() throws LoginException { 246 if (succeeded == false) { 247 if (debug) { --- 37 unchanged lines hidden (view full) --- 285 pubCreds.add(iToken); 286 } 287 commitSucceeded = true; 288 return true; 289 } 290 291 292 /** | 234 * @exception LoginException if the commit fails. 235 * 236 * @return true if this LoginModule's own login and commit 237 * attempts succeeded, or false otherwise. 238 */ 239 public boolean commit() throws LoginException { 240 if (succeeded == false) { 241 if (debug) { --- 37 unchanged lines hidden (view full) --- 279 pubCreds.add(iToken); 280 } 281 commitSucceeded = true; 282 return true; 283 } 284 285 286 /** |
| 293 * <p> This method is called if the LoginContext's | 287 * This method is called if the LoginContext's |
| 294 * overall authentication failed. 295 * (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules 296 * did not succeed). 297 * 298 * <p> If this LoginModule's own authentication attempt 299 * succeeded (checked by retrieving the private state saved by the | 288 * overall authentication failed. 289 * (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules 290 * did not succeed). 291 * 292 * <p> If this LoginModule's own authentication attempt 293 * succeeded (checked by retrieving the private state saved by the |
| 300 * <code>login</code> and <code>commit</code> methods), | 294 * {@code login} and {@code commit} methods), |
| 301 * then this method cleans up any state that was originally saved. 302 * | 295 * then this method cleans up any state that was originally saved. 296 * |
| 303 * <p> 304 * | |
| 305 * @exception LoginException if the abort fails. 306 * 307 * @return false if this LoginModule's own login and/or commit attempts 308 * failed, and true otherwise. 309 */ 310 public boolean abort() throws LoginException { 311 if (debug) { 312 System.out.println("\t\t[NTLoginModule]: " + --- 18 unchanged lines hidden (view full) --- 331 logout(); 332 } 333 return succeeded; 334 } 335 336 /** 337 * Logout the user. 338 * | 297 * @exception LoginException if the abort fails. 298 * 299 * @return false if this LoginModule's own login and/or commit attempts 300 * failed, and true otherwise. 301 */ 302 public boolean abort() throws LoginException { 303 if (debug) { 304 System.out.println("\t\t[NTLoginModule]: " + --- 18 unchanged lines hidden (view full) --- 323 logout(); 324 } 325 return succeeded; 326 } 327 328 /** 329 * Logout the user. 330 * |
| 339 * <p> This method removes the <code>NTUserPrincipal</code>, 340 * <code>NTDomainPrincipal</code>, <code>NTSidUserPrincipal</code>, 341 * <code>NTSidDomainPrincipal</code>, <code>NTSidGroupPrincipal</code>s, 342 * and <code>NTSidPrimaryGroupPrincipal</code> 343 * that may have been added by the <code>commit</code> method. | 331 * <p> This method removes the {@code NTUserPrincipal}, 332 * {@code NTDomainPrincipal}, {@code NTSidUserPrincipal}, 333 * {@code NTSidDomainPrincipal}, {@code NTSidGroupPrincipal}s, 334 * and {@code NTSidPrimaryGroupPrincipal} 335 * that may have been added by the {@code commit} method. |
| 344 * | 336 * |
| 345 * <p> 346 * | |
| 347 * @exception LoginException if the logout fails. 348 * | 337 * @exception LoginException if the logout fails. 338 * |
| 349 * @return true in all cases since this <code>LoginModule</code> | 339 * @return true in all cases since this {@code LoginModule} |
| 350 * should not be ignored. 351 */ 352 public boolean logout() throws LoginException { 353 354 if (subject.isReadOnly()) { 355 throw new LoginException ("Subject is ReadOnly"); 356 } 357 Set<Principal> principals = subject.getPrincipals(); --- 44 unchanged lines hidden --- | 340 * should not be ignored. 341 */ 342 public boolean logout() throws LoginException { 343 344 if (subject.isReadOnly()) { 345 throw new LoginException ("Subject is ReadOnly"); 346 } 347 Set<Principal> principals = subject.getPrincipals(); --- 44 unchanged lines hidden --- |