예제 #1
0
  /**
   * Logout a user.
   *
   * <p>This method removes the Principals that were added by the <code>commit</code> method.
   *
   * @exception LoginException if the logout fails.
   * @return true in all cases since this <code>LoginModule</code> should not be ignored.
   */
  public boolean logout() throws LoginException {
    if (subject.isReadOnly()) {
      cleanState();
      throw new LoginException("Subject is read-only");
    }
    Set principals = subject.getPrincipals();
    principals.remove(ldapPrincipal);
    principals.remove(userPrincipal);
    if (authzIdentity != null) {
      principals.remove(authzPrincipal);
    }

    // clean out state
    cleanState();
    succeeded = false;
    commitSucceeded = false;

    ldapPrincipal = null;
    userPrincipal = null;
    authzPrincipal = null;

    if (debug) {
      System.out.println("\t\t[LdapLoginModule] logged out Subject");
    }
    return true;
  }
예제 #2
0
  /**
   * Logout the user
   *
   * <p>This method removes the Principals associated with the {@code Subject}.
   *
   * @exception LoginException if the logout fails
   * @return true in all cases (this {@code LoginModule} should not be ignored).
   */
  public boolean logout() throws LoginException {

    if (subject.isReadOnly()) {
      throw new LoginException("logout Failed: Subject is Readonly");
    }
    // remove the added Principals from the Subject
    subject.getPrincipals().remove(userPrincipal);
    subject.getPrincipals().remove(UIDPrincipal);
    subject.getPrincipals().remove(GIDPrincipal);
    for (int i = 0; i < supplementaryGroups.size(); i++) {
      subject.getPrincipals().remove(supplementaryGroups.get(i));
    }

    // clean out state
    ss = null;
    succeeded = false;
    commitSucceeded = false;
    userPrincipal = null;
    UIDPrincipal = null;
    GIDPrincipal = null;
    supplementaryGroups = new LinkedList<UnixNumericGroupPrincipal>();

    if (debug) {
      System.out.println("\t\t[UnixLoginModule]: " + "logged out Subject");
    }
    return true;
  }
예제 #3
0
  /**
   * Commit the authentication (second phase).
   *
   * <p>This method is called if the LoginContext's overall authentication succeeded (the relevant
   * REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules succeeded).
   *
   * <p>If this LoginModule's own authentication attempt succeeded (the importing of the Unix
   * authentication information succeeded), then this method associates the Unix Principals with the
   * {@code Subject} currently tied to the {@code LoginModule}. If this LoginModule's authentication
   * attempted failed, then this method removes any state that was originally saved.
   *
   * @exception LoginException if the commit fails
   * @return true if this LoginModule's own login and commit attempts succeeded, or false otherwise.
   */
  public boolean commit() throws LoginException {
    if (succeeded == false) {
      if (debug) {
        System.out.println(
            "\t\t[UnixLoginModule]: "
                + "did not add any Principals to Subject "
                + "because own authentication failed.");
      }
      return false;
    } else {
      if (subject.isReadOnly()) {
        throw new LoginException("commit Failed: Subject is Readonly");
      }
      if (!subject.getPrincipals().contains(userPrincipal))
        subject.getPrincipals().add(userPrincipal);
      if (!subject.getPrincipals().contains(UIDPrincipal))
        subject.getPrincipals().add(UIDPrincipal);
      if (!subject.getPrincipals().contains(GIDPrincipal))
        subject.getPrincipals().add(GIDPrincipal);
      for (int i = 0; i < supplementaryGroups.size(); i++) {
        if (!subject.getPrincipals().contains(supplementaryGroups.get(i)))
          subject.getPrincipals().add(supplementaryGroups.get(i));
      }

      if (debug) {
        System.out.println("\t\t[UnixLoginModule]: " + "added UnixPrincipal,");
        System.out.println("\t\t\t\tUnixNumericUserPrincipal,");
        System.out.println("\t\t\t\tUnixNumericGroupPrincipal(s),");
        System.out.println("\t\t\t to Subject");
      }

      commitSucceeded = true;
      return true;
    }
  }
예제 #4
0
  /**
   * Complete user authentication.
   *
   * <p>This method is called if the LoginContext's overall authentication succeeded (the relevant
   * REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules succeeded).
   *
   * <p>If this LoginModule's own authentication attempt succeeded (checked by retrieving the
   * private state saved by the <code>login</code> method), then this method associates an <code>
   * LdapPrincipal</code> and one or more <code>UserPrincipal</code>s with the <code>Subject</code>
   * located in the <code>LoginModule</code>. If this LoginModule's own authentication attempted
   * failed, then this method removes any state that was originally saved.
   *
   * @exception LoginException if the commit fails
   * @return true if this LoginModule's own login and commit attempts succeeded, or false otherwise.
   */
  public boolean commit() throws LoginException {

    if (succeeded == false) {
      return false;
    } else {
      if (subject.isReadOnly()) {
        cleanState();
        throw new LoginException("Subject is read-only");
      }
      // add Principals to the Subject
      Set principals = subject.getPrincipals();
      if (!principals.contains(ldapPrincipal)) {
        principals.add(ldapPrincipal);
      }
      if (debug) {
        System.out.println(
            "\t\t[LdapLoginModule] " + "added LdapPrincipal \"" + ldapPrincipal + "\" to Subject");
      }

      if (!principals.contains(userPrincipal)) {
        principals.add(userPrincipal);
      }
      if (debug) {
        System.out.println(
            "\t\t[LdapLoginModule] " + "added UserPrincipal \"" + userPrincipal + "\" to Subject");
      }

      if (authzPrincipal != null && (!principals.contains(authzPrincipal))) {
        principals.add(authzPrincipal);

        if (debug) {
          System.out.println(
              "\t\t[LdapLoginModule] "
                  + "added UserPrincipal \""
                  + authzPrincipal
                  + "\" to Subject");
        }
      }
    }
    // in any case, clean out state
    cleanState();
    commitSucceeded = true;
    return true;
  }
예제 #5
0
  public boolean isMemberOf(List roleNames) {
    boolean result = false;
    Set possibleUsers = subject.getPrincipals(RealmRole.class);
    Iterator itr = possibleUsers.iterator();
    while (itr.hasNext()) {
      RealmRole role = (RealmRole) itr.next();
      Realm realm = role.getRealm();
      String realmFullName = realm.getFullName();
      String roleSimpleName = role.getName();
      if ((realmFullName.length() > 0) && roleSimpleName.startsWith(realmFullName)) {
        // Format is "<realm full name>\<role name>"
        roleSimpleName = roleSimpleName.substring(realmFullName.length() + 1);
      }

      if (roleNames.contains(roleSimpleName)) {
        result = true;
        break;
      }
    }
    return result;
  }
예제 #6
0
 private Principal userPrincipal() {
   Set possibleUsers = subject.getPrincipals(RealmUser.class);
   return (Principal) possibleUsers.iterator().next();
 }