KickJava   Java API By Example, From Geeks To Geeks.

Java > Open Source Codes > com > sun > security > auth > module > SolarisLoginModule


1 /*
2  * @(#)SolarisLoginModule.java 1.10 04/05/18
3  *
4  * Copyright 2004 Sun Microsystems, Inc. All rights reserved.
5  * SUN PROPRIETARY/CONFIDENTIAL. Use is subject to license terms.
6  */

7
8 package com.sun.security.auth.module;
9
10 import java.util.*;
11 import java.io.IOException JavaDoc;
12 import javax.security.auth.*;
13 import javax.security.auth.callback.*;
14 import javax.security.auth.login.*;
15 import javax.security.auth.spi.*;
16 import com.sun.security.auth.SolarisPrincipal;
17 import com.sun.security.auth.SolarisNumericUserPrincipal;
18 import com.sun.security.auth.SolarisNumericGroupPrincipal;
19
20 /**
21  * <p> This <code>LoginModule</code> imports a user's Solaris
22  * <code>Principal</code> information (<code>SolarisPrincipal</code>,
23  * <code>SolarisNumericUserPrincipal</code>,
24  * and <code>SolarisNumericGroupPrincipal</code>)
25  * and associates them with the current <code>Subject</code>.
26  *
27  * <p> This LoginModule recognizes the debug option.
28  * If set to true in the login Configuration,
29  * debug messages will be output to the output stream, System.out.
30  * @deprecated As of JDK1.4, replaced by
31  * <code>com.sun.security.auth.module.UnixLoginModule</code>.
32  * This LoginModule is entirely deprecated and
33  * is here to allow for a smooth transition to the new
34  * UnixLoginModule.
35  *
36  * @version 1.19, 01/11/00
37  */

38 @Deprecated JavaDoc
39 public class SolarisLoginModule implements LoginModule {
40
41     // initial state
42
private Subject subject;
43     private CallbackHandler callbackHandler;
44     private Map sharedState;
45     private Map options;
46
47     // configurable option
48
private boolean debug = true;
49
50     // SolarisSystem to retrieve underlying system info
51
private SolarisSystem ss;
52
53     // the authentication status
54
private boolean succeeded = false;
55     private boolean commitSucceeded = false;
56
57     // Underlying system info
58
private SolarisPrincipal userPrincipal;
59     private SolarisNumericUserPrincipal UIDPrincipal;
60     private SolarisNumericGroupPrincipal GIDPrincipal;
61     private LinkedList supplementaryGroups = new LinkedList();
62
63     /**
64      * Initialize this <code>LoginModule</code>.
65      *
66      * <p>
67      *
68      * @param subject the <code>Subject</code> to be authenticated. <p>
69      *
70      * @param callbackHandler a <code>CallbackHandler</code> for communicating
71      * with the end user (prompting for usernames and
72      * passwords, for example). <p>
73      *
74      * @param sharedState shared <code>LoginModule</code> state. <p>
75      *
76      * @param options options specified in the login
77      * <code>Configuration</code> for this particular
78      * <code>LoginModule</code>.
79      */

80     public void initialize(Subject subject, CallbackHandler callbackHandler,
81                Map<String JavaDoc,?> sharedState,
82                Map<String JavaDoc,?> options)
83     {
84
85     this.subject = subject;
86     this.callbackHandler = callbackHandler;
87     this.sharedState = sharedState;
88     this.options = options;
89
90     // initialize any configured options
91
debug = "true".equalsIgnoreCase((String JavaDoc)options.get("debug"));
92     }
93
94     /**
95      * Authenticate the user (first phase).
96      *
97      * <p> The implementation of this method attempts to retrieve the user's
98      * Solaris <code>Subject</code> information by making a native Solaris
99      * system call.
100      *
101      * <p>
102      *
103      * @exception FailedLoginException if attempts to retrieve the underlying
104      * system information fail.
105      *
106      * @return true in all cases (this <code>LoginModule</code>
107      * should not be ignored).
108      */

109     public boolean login() throws LoginException {
110
111     long[] solarisGroups = null;
112
113     ss = new SolarisSystem();
114
115     if (ss == null) {
116         succeeded = false;
117         throw new FailedLoginException
118                 ("Failed in attempt to import " +
119                 "the underlying system identity information");
120     } else {
121         userPrincipal = new SolarisPrincipal(ss.getUsername());
122         UIDPrincipal = new SolarisNumericUserPrincipal(ss.getUid());
123         GIDPrincipal = new SolarisNumericGroupPrincipal(ss.getGid(), true);
124         if (ss.getGroups() != null && ss.getGroups().length > 0)
125         solarisGroups = ss.getGroups();
126         for (int i = 0; i < solarisGroups.length; i++) {
127             SolarisNumericGroupPrincipal ngp =
128             new SolarisNumericGroupPrincipal
129             (solarisGroups[i], false);
130             if (!ngp.getName().equals(GIDPrincipal.getName()))
131             supplementaryGroups.add(ngp);
132         }
133         if (debug) {
134         System.out.println("\t\t[SolarisLoginModule]: " +
135             "succeeded importing info: ");
136         System.out.println("\t\t\tuid = " + ss.getUid());
137         System.out.println("\t\t\tgid = " + ss.getGid());
138         solarisGroups = ss.getGroups();
139         for (int i = 0; i < solarisGroups.length; i++) {
140             System.out.println("\t\t\tsupp gid = " + solarisGroups[i]);
141         }
142         }
143         succeeded = true;
144         return true;
145     }
146     }
147
148     /**
149      * Commit the authentication (second phase).
150      *
151      * <p> This method is called if the LoginContext's
152      * overall authentication succeeded
153      * (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules
154      * succeeded).
155      *
156      * <p> If this LoginModule's own authentication attempt
157      * succeeded (the importing of the Solaris authentication information
158      * succeeded), then this method associates the Solaris Principals
159      * with the <code>Subject</code> currently tied to the
160      * <code>LoginModule</code>. If this LoginModule's
161      * authentication attempted failed, then this method removes
162      * any state that was originally saved.
163      *
164      * <p>
165      *
166      * @exception LoginException if the commit fails
167      *
168      * @return true if this LoginModule's own login and commit attempts
169      * succeeded, or false otherwise.
170      */

171     public boolean commit() throws LoginException {
172     if (succeeded == false) {
173         if (debug) {
174         System.out.println("\t\t[SolarisLoginModule]: " +
175             "did not add any Principals to Subject " +
176             "because own authentication failed.");
177         }
178         return false;
179     }
180     if (subject.isReadOnly()) {
181         throw new LoginException ("Subject is Readonly");
182     }
183     if (!subject.getPrincipals().contains(userPrincipal))
184         subject.getPrincipals().add(userPrincipal);
185     if (!subject.getPrincipals().contains(UIDPrincipal))
186         subject.getPrincipals().add(UIDPrincipal);
187     if (!subject.getPrincipals().contains(GIDPrincipal))
188         subject.getPrincipals().add(GIDPrincipal);
189     for (int i = 0; i < supplementaryGroups.size(); i++) {
190         if (!subject.getPrincipals().contains
191         ((SolarisNumericGroupPrincipal)supplementaryGroups.get(i)))
192         subject.getPrincipals().add((SolarisNumericGroupPrincipal)
193                         supplementaryGroups.get(i));
194     }
195     
196     if (debug) {
197         System.out.println("\t\t[SolarisLoginModule]: " +
198                    "added SolarisPrincipal,");
199         System.out.println("\t\t\t\tSolarisNumericUserPrincipal,");
200         System.out.println("\t\t\t\tSolarisNumericGroupPrincipal(s),");
201         System.out.println("\t\t\t to Subject");
202     }
203     
204     commitSucceeded = true;
205     return true;
206     }
207
208
209     /**
210      * Abort the authentication (second phase).
211      *
212      * <p> This method is called if the LoginContext's
213      * overall authentication failed.
214      * (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules
215      * did not succeed).
216      *
217      * <p> This method cleans up any state that was originally saved
218      * as part of the authentication attempt from the <code>login</code>
219      * and <code>commit</code> methods.
220      *
221      * <p>
222      *
223      * @exception LoginException if the abort fails
224      *
225      * @return false if this LoginModule's own login and/or commit attempts
226      * failed, and true otherwise.
227      */

228     public boolean abort() throws LoginException {
229     if (debug) {
230         System.out.println("\t\t[SolarisLoginModule]: " +
231         "aborted authentication attempt");
232     }
233
234     if (succeeded == false) {
235         return false;
236     } else if (succeeded == true && commitSucceeded == false) {
237
238         // Clean out state
239
succeeded = false;
240         ss = null;
241         userPrincipal = null;
242         UIDPrincipal = null;
243         GIDPrincipal = null;
244         supplementaryGroups = new LinkedList();
245     } else {
246         // overall authentication succeeded and commit succeeded,
247
// but someone else's commit failed
248
logout();
249     }
250     return true;
251     }
252
253     /**
254      * Logout the user
255      *
256      * <p> This method removes the Principals associated
257      * with the <code>Subject</code>.
258      *
259      * <p>
260      *
261      * @exception LoginException if the logout fails
262      *
263      * @return true in all cases (this <code>LoginModule</code>
264      * should not be ignored).
265      */

266     public boolean logout() throws LoginException {
267     if (debug) {
268         System.out.println("\t\t[SolarisLoginModule]: " +
269         "Entering logout");
270     }
271     if (subject.isReadOnly()) {
272         throw new LoginException ("Subject is Readonly");
273     }
274     // remove the added Principals from the Subject
275
subject.getPrincipals().remove(userPrincipal);
276     subject.getPrincipals().remove(UIDPrincipal);
277     subject.getPrincipals().remove(GIDPrincipal);
278     for (int i = 0; i < supplementaryGroups.size(); i++) {
279         subject.getPrincipals().remove
280             ((SolarisNumericGroupPrincipal)supplementaryGroups.get(i));
281     }
282
283     // clean out state
284
ss = null;
285     succeeded = false;
286     commitSucceeded = false;
287     userPrincipal = null;
288     UIDPrincipal = null;
289     GIDPrincipal = null;
290     supplementaryGroups = new LinkedList();
291
292     if (debug) {
293         System.out.println("\t\t[SolarisLoginModule]: " +
294         "logged out Subject");
295     }
296     return true;
297     }
298 }
299
Popular Tags