/**
* Commit the authentication (second phase).
*
* <p>This method is called if the LoginContext's overall authentication succeeded (the relevant
* REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules succeeded).
*
* <p>If this LoginModule's own authentication attempt succeeded (the importing of the Unix
* authentication information succeeded), then this method associates the Unix Principals with the
* {@code Subject} currently tied to the {@code LoginModule}. If this LoginModule's authentication
* attempted failed, then this method removes any state that was originally saved.
*
* @exception LoginException if the commit fails
* @return true if this LoginModule's own login and commit attempts succeeded, or false otherwise.
*/
public boolean commit() throws LoginException {
if (succeeded == false) {
if (debug) {
System.out.println(
"\t\t[UnixLoginModule]: "
+ "did not add any Principals to Subject "
+ "because own authentication failed.");
}
return false;
} else {
if (subject.isReadOnly()) {
throw new LoginException("commit Failed: Subject is Readonly");
}
if (!subject.getPrincipals().contains(userPrincipal))
subject.getPrincipals().add(userPrincipal);
if (!subject.getPrincipals().contains(UIDPrincipal))
subject.getPrincipals().add(UIDPrincipal);
if (!subject.getPrincipals().contains(GIDPrincipal))
subject.getPrincipals().add(GIDPrincipal);
for (int i = 0; i < supplementaryGroups.size(); i++) {
if (!subject.getPrincipals().contains(supplementaryGroups.get(i)))
subject.getPrincipals().add(supplementaryGroups.get(i));
}
if (debug) {
System.out.println("\t\t[UnixLoginModule]: " + "added UnixPrincipal,");
System.out.println("\t\t\t\tUnixNumericUserPrincipal,");
System.out.println("\t\t\t\tUnixNumericGroupPrincipal(s),");
System.out.println("\t\t\t to Subject");
}
commitSucceeded = true;
return true;
}
}
/**
* Logout the user
*
* <p>This method removes the Principals associated with the {@code Subject}.
*
* @exception LoginException if the logout fails
* @return true in all cases (this {@code LoginModule} should not be ignored).
*/
public boolean logout() throws LoginException {
if (subject.isReadOnly()) {
throw new LoginException("logout Failed: Subject is Readonly");
}
// remove the added Principals from the Subject
subject.getPrincipals().remove(userPrincipal);
subject.getPrincipals().remove(UIDPrincipal);
subject.getPrincipals().remove(GIDPrincipal);
for (int i = 0; i < supplementaryGroups.size(); i++) {
subject.getPrincipals().remove(supplementaryGroups.get(i));
}
// clean out state
ss = null;
succeeded = false;
commitSucceeded = false;
userPrincipal = null;
UIDPrincipal = null;
GIDPrincipal = null;
supplementaryGroups = new LinkedList<UnixNumericGroupPrincipal>();
if (debug) {
System.out.println("\t\t[UnixLoginModule]: " + "logged out Subject");
}
return true;
}
/**
* Authenticate the user (first phase).
*
* <p>The implementation of this method attempts to retrieve the user's Unix {@code Subject}
* information by making a native Unix system call.
*
* @exception FailedLoginException if attempts to retrieve the underlying system information fail.
* @return true in all cases (this {@code LoginModule} should not be ignored).
*/
public boolean login() throws LoginException {
long[] unixGroups = null;
try {
ss = new UnixSystem();
} catch (UnsatisfiedLinkError ule) {
succeeded = false;
throw new FailedLoginException(
"Failed in attempt to import "
+ "the underlying system identity information"
+ " on "
+ System.getProperty("os.name"));
}
userPrincipal = new UnixPrincipal(ss.getUsername());
UIDPrincipal = new UnixNumericUserPrincipal(ss.getUid());
GIDPrincipal = new UnixNumericGroupPrincipal(ss.getGid(), true);
if (ss.getGroups() != null && ss.getGroups().length > 0) {
unixGroups = ss.getGroups();
for (int i = 0; i < unixGroups.length; i++) {
UnixNumericGroupPrincipal ngp = new UnixNumericGroupPrincipal(unixGroups[i], false);
if (!ngp.getName().equals(GIDPrincipal.getName())) supplementaryGroups.add(ngp);
}
}
if (debug) {
System.out.println("\t\t[UnixLoginModule]: " + "succeeded importing info: ");
System.out.println("\t\t\tuid = " + ss.getUid());
System.out.println("\t\t\tgid = " + ss.getGid());
unixGroups = ss.getGroups();
for (int i = 0; i < unixGroups.length; i++) {
System.out.println("\t\t\tsupp gid = " + unixGroups[i]);
}
}
succeeded = true;
return true;
}