/*
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/**
* <p> This <code>LoginModule</code>
* renders a user's NT security information as some number of
* <code>Principal</code>s
* and associates them with a <code>Subject</code>.
*
* <p> This LoginModule recognizes the debug option.
* If set to true in the login Configuration,
* debug messages will be output to the output stream, System.out.
*
* <p> This LoginModule also recognizes the debugNative option.
* If set to true in the login Configuration,
* debug messages from the native component of the module
* will be output to the output stream, System.out.
*
* @see javax.security.auth.spi.LoginModule
*/
// initial state
// configurable option
private boolean debug = false;
private boolean debugNative = false;
// the authentication status
private boolean succeeded = false;
private boolean commitSucceeded = false;
/**
* Initialize this <code>LoginModule</code>.
*
* <p>
*
* @param subject the <code>Subject</code> to be authenticated. <p>
*
* @param callbackHandler a <code>CallbackHandler</code> for communicating
* with the end user (prompting for usernames and
* passwords, for example). This particular LoginModule only
* extracts the underlying NT system information, so this
* parameter is ignored.<p>
*
* @param sharedState shared <code>LoginModule</code> state. <p>
*
* @param options options specified in the login
* <code>Configuration</code> for this particular
* <code>LoginModule</code>.
*/
{
this.callbackHandler = callbackHandler;
this.sharedState = sharedState;
// initialize any configured options
if (debugNative == true) {
debug = true;
}
}
/**
* Import underlying NT system identity information.
*
* <p>
*
* @return true in all cases since this <code>LoginModule</code>
* should not be ignored.
*
* @exception FailedLoginException if the authentication fails. <p>
*
* @exception LoginException if this <code>LoginModule</code>
* is unable to perform the authentication.
*/
succeeded = false; // Indicate not yet successful
if (debug) {
"Failed in NT login");
}
throw new FailedLoginException
("Failed in attempt to import the " +
"underlying NT system identity information");
}
throw new FailedLoginException
("Failed in attempt to import the " +
"underlying NT system identity information");
}
if (debug) {
"succeeded importing info: ");
userPrincipal.getName());
}
if (debug) {
}
}
if (debug) {
userDomain.getName());
}
}
if (debug) {
}
}
if (debug) {
primaryGroup.getName());
}
}
if (debug) {
}
}
}
if (debug) {
}
}
succeeded = true;
return succeeded;
}
/**
* <p> This method is called if the LoginContext's
* overall authentication succeeded
* (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules
* succeeded).
*
* <p> If this LoginModule's own authentication attempt
* succeeded (checked by retrieving the private state saved by the
* <code>login</code> method), then this method associates some
* number of various <code>Principal</code>s
* with the <code>Subject</code> located in the
* <code>LoginModuleContext</code>. If this LoginModule's own
* authentication attempted failed, then this method removes
* any state that was originally saved.
*
* <p>
*
* @exception LoginException if the commit fails.
*
* @return true if this LoginModule's own login and commit
* attempts succeeded, or false otherwise.
*/
if (succeeded == false) {
if (debug) {
"did not add any Principals to Subject " +
"because own authentication failed.");
}
return false;
}
if (subject.isReadOnly()) {
throw new LoginException ("Subject is ReadOnly");
}
// we must have a userPrincipal - everything else is optional
}
}
}
}
}
}
}
}
commitSucceeded = true;
return true;
}
/**
* <p> This method is called if the LoginContext's
* overall authentication failed.
* (the relevant REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules
* did not succeed).
*
* <p> If this LoginModule's own authentication attempt
* succeeded (checked by retrieving the private state saved by the
* <code>login</code> and <code>commit</code> methods),
* then this method cleans up any state that was originally saved.
*
* <p>
*
* @exception LoginException if the abort fails.
*
* failed, and true otherwise.
*/
if (debug) {
"aborted authentication attempt");
}
if (succeeded == false) {
return false;
} else if (succeeded == true && commitSucceeded == false) {
userDomain = null;
primaryGroup = null;
succeeded = false;
} else {
// overall authentication succeeded and commit succeeded,
// but someone else's commit failed
logout();
}
return succeeded;
}
/**
* Logout the user.
*
* <p> This method removes the <code>NTUserPrincipal</code>,
* <code>NTDomainPrincipal</code>, <code>NTSidUserPrincipal</code>,
* <code>NTSidDomainPrincipal</code>, <code>NTSidGroupPrincipal</code>s,
* and <code>NTSidPrimaryGroupPrincipal</code>
* that may have been added by the <code>commit</code> method.
*
* <p>
*
* @exception LoginException if the logout fails.
*
* @return true in all cases since this <code>LoginModule</code>
* should not be ignored.
*/
if (subject.isReadOnly()) {
throw new LoginException ("Subject is ReadOnly");
}
}
}
}
}
}
}
}
}
succeeded = false;
commitSucceeded = false;
userDomain = null;
primaryGroup = null;
if (debug) {
"completed logout processing");
}
return true;
}
}