Exemple #1
0
  /**
   * Commit the authentication (second phase).
   *
   * <p>This method is called if the LoginContext's overall authentication succeeded (the relevant
   * REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules succeeded).
   *
   * <p>If this LoginModule's own authentication attempt succeeded (the importing of the Unix
   * authentication information succeeded), then this method associates the Unix Principals with the
   * <code>Subject</code> currently tied to the <code>LoginModule</code>. If this LoginModule's
   * authentication attempted failed, then this method removes any state that was originally saved.
   *
   * <p>
   *
   * @exception LoginException if the commit fails
   * @return true if this LoginModule's own login and commit attempts succeeded, or false otherwise.
   */
  public boolean commit() throws LoginException {
    if (succeeded == false) {
      if (debug) {
        System.out.println(
            "\t\t[UnixLoginModule]: "
                + "did not add any Principals to Subject "
                + "because own authentication failed.");
      }
      return false;
    } else {
      if (subject.isReadOnly()) {
        throw new LoginException("commit Failed: Subject is Readonly");
      }
      if (!subject.getPrincipals().contains(userPrincipal))
        subject.getPrincipals().add(userPrincipal);
      if (!subject.getPrincipals().contains(UIDPrincipal))
        subject.getPrincipals().add(UIDPrincipal);
      if (!subject.getPrincipals().contains(GIDPrincipal))
        subject.getPrincipals().add(GIDPrincipal);
      for (int i = 0; i < supplementaryGroups.size(); i++) {
        if (!subject.getPrincipals().contains(supplementaryGroups.get(i)))
          subject.getPrincipals().add(supplementaryGroups.get(i));
      }

      if (debug) {
        System.out.println("\t\t[UnixLoginModule]: " + "added UnixPrincipal,");
        System.out.println("\t\t\t\tUnixNumericUserPrincipal,");
        System.out.println("\t\t\t\tUnixNumericGroupPrincipal(s),");
        System.out.println("\t\t\t to Subject");
      }

      commitSucceeded = true;
      return true;
    }
  }
Exemple #2
0
  /**
   * Logout the user
   *
   * <p>This method removes the Principals associated with the <code>Subject</code>.
   *
   * <p>
   *
   * @exception LoginException if the logout fails
   * @return true in all cases (this <code>LoginModule</code> should not be ignored).
   */
  public boolean logout() throws LoginException {

    if (subject.isReadOnly()) {
      throw new LoginException("logout Failed: Subject is Readonly");
    }
    // remove the added Principals from the Subject
    subject.getPrincipals().remove(userPrincipal);
    subject.getPrincipals().remove(UIDPrincipal);
    subject.getPrincipals().remove(GIDPrincipal);
    for (int i = 0; i < supplementaryGroups.size(); i++) {
      subject.getPrincipals().remove(supplementaryGroups.get(i));
    }

    // clean out state
    ss = null;
    succeeded = false;
    commitSucceeded = false;
    userPrincipal = null;
    UIDPrincipal = null;
    GIDPrincipal = null;
    supplementaryGroups = new LinkedList<UnixNumericGroupPrincipal>();

    if (debug) {
      System.out.println("\t\t[UnixLoginModule]: " + "logged out Subject");
    }
    return true;
  }
Exemple #3
0
  /**
   * Authenticate the user (first phase).
   *
   * <p>The implementation of this method attempts to retrieve the user's Unix <code>Subject</code>
   * information by making a native Unix system call.
   *
   * <p>
   *
   * @exception FailedLoginException if attempts to retrieve the underlying system information fail.
   * @return true in all cases (this <code>LoginModule</code> should not be ignored).
   */
  public boolean login() throws LoginException {

    long[] unixGroups = null;

    ss = new UnixSystem();

    if (ss == null) {
      succeeded = false;
      throw new FailedLoginException(
          "Failed in attempt to import " + "the underlying system identity information");
    } else {
      userPrincipal = new UnixPrincipal(ss.getUsername());
      UIDPrincipal = new UnixNumericUserPrincipal(ss.getUid());
      GIDPrincipal = new UnixNumericGroupPrincipal(ss.getGid(), true);
      if (ss.getGroups() != null && ss.getGroups().length > 0) {
        unixGroups = ss.getGroups();
        for (int i = 0; i < unixGroups.length; i++) {
          UnixNumericGroupPrincipal ngp = new UnixNumericGroupPrincipal(unixGroups[i], false);
          if (!ngp.getName().equals(GIDPrincipal.getName())) supplementaryGroups.add(ngp);
        }
      }
      if (debug) {
        System.out.println("\t\t[UnixLoginModule]: " + "succeeded importing info: ");
        System.out.println("\t\t\tuid = " + ss.getUid());
        System.out.println("\t\t\tgid = " + ss.getGid());
        unixGroups = ss.getGroups();
        for (int i = 0; i < unixGroups.length; i++) {
          System.out.println("\t\t\tsupp gid = " + unixGroups[i]);
        }
      }
      succeeded = true;
      return true;
    }
  }