KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > com > sun > security > auth > module > NTLoginModule


1 /*
2  * @(#)NTLoginModule.java 1.10 04/05/05
3  *
4  * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
5  * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
6  */
7
8 package com.sun.security.auth.module;
9
10 import java.util.*;
11 import java.io.IOException JavaDoc;
12 import javax.security.auth.*;
13 import javax.security.auth.callback.*;
14 import javax.security.auth.login.*;
15 import javax.security.auth.spi.*;
16 import com.sun.security.auth.NTUserPrincipal;
17 import com.sun.security.auth.NTSidUserPrincipal;
18 import com.sun.security.auth.NTDomainPrincipal;
19 import com.sun.security.auth.NTSidDomainPrincipal;
20 import com.sun.security.auth.NTSidPrimaryGroupPrincipal;
21 import com.sun.security.auth.NTSidGroupPrincipal;
22 import com.sun.security.auth.NTNumericCredential;
23
24 /**
25  * <p> This <code>LoginModule</code>
26  * renders a user's NT security information as some number of
27  * <code>Principal</code>s
28  * and associates them with a <code>Subject</code>.
29  *
30  * <p> This LoginModule recognizes the debug option.
31  * If set to true in the login Configuration,
32  * debug messages will be output to the output stream, System.out.
33  *
34  * <p> This LoginModule also recognizes the debugNative option.
35  * If set to true in the login Configuration,
36  * debug messages from the native component of the module
37  * will be output to the output stream, System.out.
38  *
39  * @version 1.10, 05/05/04
40  * @see javax.security.auth.spi.LoginModule
41  */
42 public class NTLoginModule implements LoginModule {
43
44     private NTSystem ntSystem;
45
46     // initial state
47 private Subject subject;
48     private CallbackHandler callbackHandler;
49     private Map sharedState;
50     private Map options;
51
52     // configurable option
53 private boolean debug = false;
54     private boolean debugNative = false;
55
56     // the authentication status
57 private boolean succeeded = false;
58     private boolean commitSucceeded = false;
59
60     private NTUserPrincipal userPrincipal; // user name
61 private NTSidUserPrincipal userSID; // user SID
62 private NTDomainPrincipal userDomain; // user domain
63 private NTSidDomainPrincipal domainSID; // domain SID
64 private NTSidPrimaryGroupPrincipal primaryGroup; // primary group
65 private NTSidGroupPrincipal groups[]; // supplementary groups
66 private NTNumericCredential iToken; // impersonation token
67
68     /**
69      * Initialize this <code>LoginModule</code>.
70      *
71      * <p>
72      *
73      * @param subject the <code>Subject</code> to be authenticated. <p>
74      *
75      * @param callbackHandler a <code>CallbackHandler</code> for communicating
76      * with the end user (prompting for usernames and
77      * passwords, for example). This particular LoginModule only
78      * extracts the underlying NT system information, so this
79      * parameter is ignored.<p>
80      *
81      * @param sharedState shared <code>LoginModule</code> state. <p>
82      *
83      * @param options options specified in the login
84      * <code>Configuration</code> for this particular
85      * <code>LoginModule</code>.
86      */
87     public void initialize(Subject subject, CallbackHandler callbackHandler,
88                Map<String JavaDoc,?> sharedState,
89                Map<String JavaDoc,?> options)
90     {
91  
92     this.subject = subject;
93     this.callbackHandler = callbackHandler;
94     this.sharedState = sharedState;
95     this.options = options;
96
97     // initialize any configured options
98 debug = "true".equalsIgnoreCase((String JavaDoc)options.get("debug"));
99     debugNative="true".equalsIgnoreCase((String JavaDoc)options.get("debugNative"));
100
101     if (debugNative == true) {
102         debug = true;
103     }
104     }
105
106     /**
107      * Import underlying NT system identity information.
108      *
109      * <p>
110      *
111      * @return true in all cases since this <code>LoginModule</code>
112      * should not be ignored.
113      *
114      * @exception FailedLoginException if the authentication fails. <p>
115      *
116      * @exception LoginException if this <code>LoginModule</code>
117      * is unable to perform the authentication.
118      */
119     public boolean login() throws LoginException {
120         
121     succeeded = false; // Indicate not yet successful
122
123     ntSystem = new NTSystem(debugNative);
124     if (ntSystem == null) {
125         if (debug) {
126         System.out.println("\t\t[NTLoginModule] " +
127                    "Failed in NT login");
128         }
129         throw new FailedLoginException
130         ("Failed in attempt to import the " +
131          "underlying NT system identity information");
132     }
133     
134     if (ntSystem.getName() == null) {
135         throw new FailedLoginException
136         ("Failed in attempt to import the " +
137          "underlying NT system identity information");
138     }
139     userPrincipal = new NTUserPrincipal(ntSystem.getName());
140     if (debug) {
141         System.out.println("\t\t[NTLoginModule] " +
142                    "succeeded importing info: ");
143         System.out.println("\t\t\tuser name = " +
144         userPrincipal.getName());
145     }
146
147     if (ntSystem.getUserSID() != null) {
148         userSID = new NTSidUserPrincipal(ntSystem.getUserSID());
149         if (debug) {
150         System.out.println("\t\t\tuser SID = " +
151             userSID.getName());
152         }
153     }
154     if (ntSystem.getDomain() != null) {
155         userDomain = new NTDomainPrincipal(ntSystem.getDomain());
156         if (debug) {
157         System.out.println("\t\t\tuser domain = " +
158             userDomain.getName());
159         }
160     }
161     if (ntSystem.getDomainSID() != null) {
162         domainSID =
163         new NTSidDomainPrincipal(ntSystem.getDomainSID());
164         if (debug) {
165         System.out.println("\t\t\tuser domain SID = " +
166             domainSID.getName());
167         }
168     }
169     if (ntSystem.getPrimaryGroupID() != null) {
170         primaryGroup =
171         new NTSidPrimaryGroupPrincipal(ntSystem.getPrimaryGroupID());
172         if (debug) {
173         System.out.println("\t\t\tuser primary group = " +
174             primaryGroup.getName());
175         }
176     }
177     if (ntSystem.getGroupIDs() != null &&
178         ntSystem.getGroupIDs().length > 0) {
179
180         String JavaDoc groupSIDs[] = ntSystem.getGroupIDs();
181         groups = new NTSidGroupPrincipal[groupSIDs.length];
182         for (int i = 0; i < groupSIDs.length; i++) {
183         groups[i] = new NTSidGroupPrincipal(groupSIDs[i]);
184         if (debug) {
185             System.out.println("\t\t\tuser group = " +
186             groups[i].getName());
187         }
188         }
189     }
190     if (ntSystem.getImpersonationToken() != 0) {
191         iToken = new NTNumericCredential(ntSystem.getImpersonationToken());
192         if (debug) {
193         System.out.println("\t\t\timpersonation token = " +
194             ntSystem.getImpersonationToken());
195         }
196     }
197
198     succeeded = true;
199     return succeeded;
200     }
201     
202     /**
203      * <p> This method is called if the LoginContext's
204      * overall authentication succeeded
205      * (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules
206      * succeeded).
207      *
208      * <p> If this LoginModule's own authentication attempt
209      * succeeded (checked by retrieving the private state saved by the
210      * <code>login</code> method), then this method associates some
211      * number of various <code>Principal</code>s
212      * with the <code>Subject</code> located in the
213      * <code>LoginModuleContext</code>. If this LoginModule's own
214      * authentication attempted failed, then this method removes
215      * any state that was originally saved.
216      *
217      * <p>
218      *
219      * @exception LoginException if the commit fails.
220      *
221      * @return true if this LoginModule's own login and commit
222      * attempts succeeded, or false otherwise.
223      */
224     public boolean commit() throws LoginException {
225     if (succeeded == false) {
226         if (debug) {
227         System.out.println("\t\t[NTLoginModule]: " +
228             "did not add any Principals to Subject " +
229             "because own authentication failed.");
230         }
231         return false;
232     }
233     if (subject.isReadOnly()) {
234         throw new LoginException ("Subject is ReadOnly");
235     }
236     Set principals = subject.getPrincipals();
237
238     // we must have a userPrincipal - everything else is optional
239 if (!principals.contains(userPrincipal)) {
240         principals.add(userPrincipal);
241     }
242     if (userSID != null && !principals.contains(userSID)) {
243         principals.add(userSID);
244     }
245
246     if (userDomain != null && !principals.contains(userDomain)) {
247         principals.add(userDomain);
248     }
249     if (domainSID != null && !principals.contains(domainSID)) {
250         principals.add(domainSID);
251     }
252
253     if (primaryGroup != null && !principals.contains(primaryGroup)) {
254         principals.add(primaryGroup);
255     }
256     for (int i = 0; groups != null && i < groups.length; i++) {
257         if (!principals.contains(groups[i])) {
258         principals.add(groups[i]);
259         }
260     }
261     
262     Set pubCreds = subject.getPublicCredentials();
263     if (iToken != null && !pubCreds.contains(iToken)) {
264         pubCreds.add(iToken);
265     }
266     commitSucceeded = true;
267     return true;
268     }
269
270
271     /**
272      * <p> This method is called if the LoginContext's
273      * overall authentication failed.
274      * (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules
275      * did not succeed).
276      *
277      * <p> If this LoginModule's own authentication attempt
278      * succeeded (checked by retrieving the private state saved by the
279      * <code>login</code> and <code>commit</code> methods),
280      * then this method cleans up any state that was originally saved.
281      *
282      * <p>
283      *
284      * @exception LoginException if the abort fails.
285      *
286      * @return false if this LoginModule's own login and/or commit attempts
287      * failed, and true otherwise.
288      */
289     public boolean abort() throws LoginException {
290     if (debug) {
291         System.out.println("\t\t[NTLoginModule]: " +
292         "aborted authentication attempt");
293     }
294
295     if (succeeded == false) {
296         return false;
297     } else if (succeeded == true && commitSucceeded == false) {
298         ntSystem = null;
299         userPrincipal = null;
300         userSID = null;
301         userDomain = null;
302         domainSID = null;
303         primaryGroup = null;
304         groups = null;
305         iToken = null;
306         succeeded = false;
307     } else {
308         // overall authentication succeeded and commit succeeded,
309 // but someone else's commit failed
310 logout();
311     }
312     return succeeded;
313     }
314
315     /**
316      * Logout the user.
317      *
318      * <p> This method removes the <code>NTUserPrincipal</code>,
319      * <code>NTDomainPrincipal</code>, <code>NTSidUserPrincipal</code>,
320      * <code>NTSidDomainPrincipal</code>, <code>NTSidGroupPrincipal</code>s,
321      * and <code>NTSidPrimaryGroupPrincipal</code>
322      * that may have been added by the <code>commit</code> method.
323      *
324      * <p>
325      *
326      * @exception LoginException if the logout fails.
327      *
328      * @return true in all cases since this <code>LoginModule</code>
329      * should not be ignored.
330      */
331     public boolean logout() throws LoginException {
332
333     if (subject.isReadOnly()) {
334         throw new LoginException ("Subject is ReadOnly");
335     }
336     Set principals = subject.getPrincipals();
337     if (principals.contains(userPrincipal)) {
338         principals.remove(userPrincipal);
339     }
340     if (principals.contains(userSID)) {
341         principals.remove(userSID);
342     }
343     if (principals.contains(userDomain)) {
344         principals.remove(userDomain);
345     }
346     if (principals.contains(domainSID)) {
347         principals.remove(domainSID);
348     }
349     if (principals.contains(primaryGroup)) {
350         principals.remove(primaryGroup);
351     }
352     for (int i = 0; groups != null && i < groups.length; i++) {
353         if (principals.contains(groups[i])) {
354         principals.remove(groups[i]);
355         }
356     }
357
358     Set pubCreds = subject.getPublicCredentials();
359     if (pubCreds.contains(iToken)) {
360         pubCreds.remove(iToken);
361     }
362     
363     succeeded = false;
364     commitSucceeded = false;
365     userPrincipal = null;
366     userDomain = null;
367     userSID = null;
368     domainSID = null;
369     groups = null;
370     primaryGroup = null;
371     iToken = null;
372     ntSystem = null;
373         
374     if (debug) {
375         System.out.println("\t\t[NTLoginModule] " +
376                 "completed logout processing");
377     }
378     return true;
379     }
380 }
381
Popular Tags