001: /*
002: * Licensed to the Apache Software Foundation (ASF) under one or more
003: * contributor license agreements. See the NOTICE file distributed with
004: * this work for additional information regarding copyright ownership.
005: * The ASF licenses this file to You under the Apache License, Version 2.0
006: * (the "License"); you may not use this file except in compliance with
007: * the License. You may obtain a copy of the License at
008: *
009: * http://www.apache.org/licenses/LICENSE-2.0
010: *
011: * Unless required by applicable law or agreed to in writing, software
012: * distributed under the License is distributed on an "AS IS" BASIS,
013: * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
014: * See the License for the specific language governing permissions and
015: * limitations under the License.
016: */
017:
018: /**
019: * @author Alexander V. Astapchuk
020: * @version $Revision$
021: */package org.apache.harmony.auth.module;
022:
023: import java.security.Principal;
024: import java.util.Map;
025: import java.util.Set;
026:
027: import javax.security.auth.Subject;
028: import javax.security.auth.callback.CallbackHandler;
029: import javax.security.auth.login.LoginException;
030: import javax.security.auth.spi.LoginModule;
031:
032: import org.apache.harmony.auth.NTDomainPrincipal;
033: import org.apache.harmony.auth.NTNumericCredential;
034: import org.apache.harmony.auth.NTSidDomainPrincipal;
035: import org.apache.harmony.auth.NTSidGroupPrincipal;
036: import org.apache.harmony.auth.NTSidPrimaryGroupPrincipal;
037: import org.apache.harmony.auth.NTSidUserPrincipal;
038: import org.apache.harmony.auth.NTUserPrincipal;
039: import org.apache.harmony.auth.internal.nls.Messages;
040:
041: /**
042: * A passive LoginModule which keeps an NT user's information.
043: */
044: public class NTLoginModule implements LoginModule {
045:
046: private Subject subject;
047:
048: private Map<String, ?> options;
049:
050: private NTSystem sys;
051:
052: private NTUserPrincipal user;
053:
054: private NTDomainPrincipal domain;
055:
056: private NTSidUserPrincipal userSid;
057:
058: private NTSidDomainPrincipal domainSid;
059:
060: private NTSidPrimaryGroupPrincipal mainGroupSid;
061:
062: private NTSidGroupPrincipal[] groupsSids;
063:
064: private NTNumericCredential credential;
065:
066: public void initialize(Subject subject, CallbackHandler cbHandler,
067: Map<String, ?> sharedState, Map<String, ?> options) {
068: if (subject == null) {
069: throw new NullPointerException(Messages
070: .getString("auth.03")); //$NON-NLS-1$
071: }
072: if (options == null) {
073: throw new NullPointerException(Messages
074: .getString("auth.04")); //$NON-NLS-1$
075: }
076: this .subject = subject;
077: //cbHandler - unused in this version
078: //sharedState - unused
079: this .options = options;
080: }
081:
082: /**
083: * Clears information stored in this object.
084: */
085: private void clear() {
086: if (sys != null) {
087: sys.free();
088: }
089: user = null;
090: domain = null;
091: userSid = null;
092: domainSid = null;
093: mainGroupSid = null;
094: groupsSids = null;
095: credential = null;
096: }
097:
098: /**
099: * Aborts the login() attempt and clears its information.
100: */
101: public boolean abort() throws LoginException {
102: clear();
103: return true;
104: }
105:
106: /**
107: * Commits the login().
108: */
109: public boolean commit() throws LoginException {
110: if (subject.isReadOnly()) {
111: throw new LoginException(Messages.getString("auth.05")); //$NON-NLS-1$
112: }
113: Set<Principal> ps = subject.getPrincipals();
114:
115: if (!ps.contains(user)) {
116: ps.add(user);
117: }
118:
119: if (!ps.contains(domain)) {
120: ps.add(domain);
121: }
122:
123: if (!ps.contains(userSid)) {
124: ps.add(userSid);
125: }
126:
127: if (!ps.contains(domainSid)) {
128: ps.add(domainSid);
129: }
130:
131: if (!ps.contains(mainGroupSid)) {
132: ps.add(mainGroupSid);
133: }
134:
135: for (NTSidGroupPrincipal element : groupsSids) {
136: if (!ps.contains(element)) {
137: ps.add(element);
138: }
139: }
140: Set<Object> creds = subject.getPrivateCredentials();
141: if (!creds.contains(credential)) {
142: creds.add(credential);
143: }
144: return true;
145: }
146:
147: /**
148: * Performs query to NTSystem to retrieve user's security information.
149: */
150: public boolean login() throws LoginException {
151: if (sys != null) {
152: sys.free();
153: } else {
154: sys = new NTSystem(options);
155: }
156: sys.load();
157:
158: user = new NTUserPrincipal(sys.getName());
159: domain = new NTDomainPrincipal(sys.getDomain());
160: domainSid = new NTSidDomainPrincipal(sys.getDomainSID());
161: userSid = new NTSidUserPrincipal(sys.getUserSID());
162:
163: mainGroupSid = sys.mainGroup;
164: groupsSids = sys.groups;
165: credential = new NTNumericCredential(sys
166: .getImpersonationToken());
167:
168: return true;
169: }
170:
171: /**
172: * Wipes out the information stored in the Subject at the commit() stage,
173: * then clears clears an info store in its own fields.
174: */
175: public boolean logout() throws LoginException {
176: if (subject.isReadOnly()) {
177: throw new LoginException(Messages.getString("auth.05")); //$NON-NLS-1$
178: }
179: Set<Principal> ps = subject.getPrincipals();
180:
181: if (user != null) {
182: ps.remove(user);
183: }
184: if (domain != null) {
185: ps.remove(domain);
186: }
187: if (userSid != null) {
188: ps.remove(userSid);
189: }
190: if (domainSid != null) {
191: ps.remove(domainSid);
192: }
193: if (mainGroupSid != null) {
194: ps.remove(mainGroupSid);
195: }
196: if (groupsSids != null) {
197: for (NTSidGroupPrincipal element : groupsSids) {
198: ps.remove(element);
199: }
200: }
201:
202: if (credential != null) {
203: Set<Object> creds = subject.getPrivateCredentials();
204: creds.remove(credential);
205: }
206:
207: clear();
208: return true;
209: }
210: }
|