/** * Logout a user. * * <p>This method removes the Principals that were added by the <code>commit</code> method. * * @exception LoginException if the logout fails. * @return true in all cases since this <code>LoginModule</code> should not be ignored. */ public boolean logout() throws LoginException { if (subject.isReadOnly()) { cleanState(); throw new LoginException("Subject is read-only"); } Set principals = subject.getPrincipals(); principals.remove(ldapPrincipal); principals.remove(userPrincipal); if (authzIdentity != null) { principals.remove(authzPrincipal); } // clean out state cleanState(); succeeded = false; commitSucceeded = false; ldapPrincipal = null; userPrincipal = null; authzPrincipal = null; if (debug) { System.out.println("\t\t[LdapLoginModule] logged out Subject"); } return true; }
/** * Logout the user * * <p>This method removes the Principals associated with the {@code Subject}. * * @exception LoginException if the logout fails * @return true in all cases (this {@code LoginModule} should not be ignored). */ public boolean logout() throws LoginException { if (subject.isReadOnly()) { throw new LoginException("logout Failed: Subject is Readonly"); } // remove the added Principals from the Subject subject.getPrincipals().remove(userPrincipal); subject.getPrincipals().remove(UIDPrincipal); subject.getPrincipals().remove(GIDPrincipal); for (int i = 0; i < supplementaryGroups.size(); i++) { subject.getPrincipals().remove(supplementaryGroups.get(i)); } // clean out state ss = null; succeeded = false; commitSucceeded = false; userPrincipal = null; UIDPrincipal = null; GIDPrincipal = null; supplementaryGroups = new LinkedList<UnixNumericGroupPrincipal>(); if (debug) { System.out.println("\t\t[UnixLoginModule]: " + "logged out Subject"); } return true; }
/** * Commit the authentication (second phase). * * <p>This method is called if the LoginContext's overall authentication succeeded (the relevant * REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules succeeded). * * <p>If this LoginModule's own authentication attempt succeeded (the importing of the Unix * authentication information succeeded), then this method associates the Unix Principals with the * {@code Subject} currently tied to the {@code LoginModule}. If this LoginModule's authentication * attempted failed, then this method removes any state that was originally saved. * * @exception LoginException if the commit fails * @return true if this LoginModule's own login and commit attempts succeeded, or false otherwise. */ public boolean commit() throws LoginException { if (succeeded == false) { if (debug) { System.out.println( "\t\t[UnixLoginModule]: " + "did not add any Principals to Subject " + "because own authentication failed."); } return false; } else { if (subject.isReadOnly()) { throw new LoginException("commit Failed: Subject is Readonly"); } if (!subject.getPrincipals().contains(userPrincipal)) subject.getPrincipals().add(userPrincipal); if (!subject.getPrincipals().contains(UIDPrincipal)) subject.getPrincipals().add(UIDPrincipal); if (!subject.getPrincipals().contains(GIDPrincipal)) subject.getPrincipals().add(GIDPrincipal); for (int i = 0; i < supplementaryGroups.size(); i++) { if (!subject.getPrincipals().contains(supplementaryGroups.get(i))) subject.getPrincipals().add(supplementaryGroups.get(i)); } if (debug) { System.out.println("\t\t[UnixLoginModule]: " + "added UnixPrincipal,"); System.out.println("\t\t\t\tUnixNumericUserPrincipal,"); System.out.println("\t\t\t\tUnixNumericGroupPrincipal(s),"); System.out.println("\t\t\t to Subject"); } commitSucceeded = true; return true; } }
/** * Complete user authentication. * * <p>This method is called if the LoginContext's overall authentication succeeded (the relevant * REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules succeeded). * * <p>If this LoginModule's own authentication attempt succeeded (checked by retrieving the * private state saved by the <code>login</code> method), then this method associates an <code> * LdapPrincipal</code> and one or more <code>UserPrincipal</code>s with the <code>Subject</code> * located in the <code>LoginModule</code>. If this LoginModule's own authentication attempted * failed, then this method removes any state that was originally saved. * * @exception LoginException if the commit fails * @return true if this LoginModule's own login and commit attempts succeeded, or false otherwise. */ public boolean commit() throws LoginException { if (succeeded == false) { return false; } else { if (subject.isReadOnly()) { cleanState(); throw new LoginException("Subject is read-only"); } // add Principals to the Subject Set principals = subject.getPrincipals(); if (!principals.contains(ldapPrincipal)) { principals.add(ldapPrincipal); } if (debug) { System.out.println( "\t\t[LdapLoginModule] " + "added LdapPrincipal \"" + ldapPrincipal + "\" to Subject"); } if (!principals.contains(userPrincipal)) { principals.add(userPrincipal); } if (debug) { System.out.println( "\t\t[LdapLoginModule] " + "added UserPrincipal \"" + userPrincipal + "\" to Subject"); } if (authzPrincipal != null && (!principals.contains(authzPrincipal))) { principals.add(authzPrincipal); if (debug) { System.out.println( "\t\t[LdapLoginModule] " + "added UserPrincipal \"" + authzPrincipal + "\" to Subject"); } } } // in any case, clean out state cleanState(); commitSucceeded = true; return true; }
public boolean isMemberOf(List roleNames) { boolean result = false; Set possibleUsers = subject.getPrincipals(RealmRole.class); Iterator itr = possibleUsers.iterator(); while (itr.hasNext()) { RealmRole role = (RealmRole) itr.next(); Realm realm = role.getRealm(); String realmFullName = realm.getFullName(); String roleSimpleName = role.getName(); if ((realmFullName.length() > 0) && roleSimpleName.startsWith(realmFullName)) { // Format is "<realm full name>\<role name>" roleSimpleName = roleSimpleName.substring(realmFullName.length() + 1); } if (roleNames.contains(roleSimpleName)) { result = true; break; } } return result; }
private Principal userPrincipal() { Set possibleUsers = subject.getPrincipals(RealmUser.class); return (Principal) possibleUsers.iterator().next(); }