/**
* A windows principal.
*
* @param windowsIdentity Windows identity.
* @param principalFormat Principal format.
* @param roleFormat Role format.
*/
public WindowsPrincipal(
IWindowsIdentity windowsIdentity,
PrincipalFormat principalFormat,
PrincipalFormat roleFormat) {
_identity = windowsIdentity;
_fqn = windowsIdentity.getFqn();
_sid = windowsIdentity.getSid();
_sidString = windowsIdentity.getSidString();
_groups = getGroups(windowsIdentity.getGroups());
_roles = getRoles(windowsIdentity, principalFormat, roleFormat);
}
/**
* Returns a list of user principal objects.
*
* @param windowsIdentity Windows identity.
* @param principalFormat Principal format.
* @return A list of user principal objects.
*/
private static List<String> getPrincipalNames(
IWindowsIdentity windowsIdentity, PrincipalFormat principalFormat) {
List<String> principals = new ArrayList<String>();
switch (principalFormat) {
case fqn:
principals.add(windowsIdentity.getFqn());
break;
case sid:
principals.add(windowsIdentity.getSidString());
break;
case both:
principals.add(windowsIdentity.getFqn());
principals.add(windowsIdentity.getSidString());
break;
case none:
break;
}
return principals;
}
/**
* A windows principal.
*
* @param windowsIdentity Windows identity.
* @param realm Authentication realm.
* @param principalFormat Principal format.
* @param roleFormat Role format.
*/
public GenericWindowsPrincipal(
IWindowsIdentity windowsIdentity,
Realm realm,
PrincipalFormat principalFormat,
PrincipalFormat roleFormat) {
super(
realm,
windowsIdentity.getFqn(),
"",
getRoles(windowsIdentity, principalFormat, roleFormat));
_sid = windowsIdentity.getSid();
_sidString = windowsIdentity.getSidString();
_groups = getGroups(windowsIdentity.getGroups());
}
@Override
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) req;
HttpServletResponse response = (HttpServletResponse) res;
_log.debug(
"{} {}, contentlength: {}",
request.getMethod(),
request.getRequestURI(),
Integer.valueOf(request.getContentLength()));
AuthorizationHeader authorizationHeader = new AuthorizationHeader(request);
// authenticate user
if (!authorizationHeader.isNull()
&& _provider.isSecurityPackageSupported(authorizationHeader.getSecurityPackage())) {
// log the user in using the token
IWindowsIdentity windowsIdentity = null;
try {
windowsIdentity = _provider.doFilter(request, response);
if (windowsIdentity == null) {
return;
}
} catch (IOException e) {
_log.warn("error logging in user: {}", e.getMessage());
_log.trace("{}", e);
sendUnauthorized(response, true);
return;
}
if (!_allowGuestLogin && windowsIdentity.isGuest()) {
_log.warn("guest login disabled: {}", windowsIdentity.getFqn());
sendUnauthorized(response, true);
return;
}
try {
_log.debug(
"logged in user: {} ({})", windowsIdentity.getFqn(), windowsIdentity.getSidString());
WindowsPrincipal principal =
new WindowsPrincipal(windowsIdentity, _principalFormat, _roleFormat);
_log.debug("roles: {}", principal.getRolesString());
Authentication authentication =
new WindowsAuthenticationToken(
principal, _grantedAuthorityFactory, _defaultGrantedAuthority);
SecurityContextHolder.getContext().setAuthentication(authentication);
_log.info("successfully logged in user: {}", windowsIdentity.getFqn());
} finally {
windowsIdentity.dispose();
}
}
chain.doFilter(request, response);
}
