예제 #1
0
 /**
  * A windows principal.
  *
  * @param windowsIdentity Windows identity.
  * @param principalFormat Principal format.
  * @param roleFormat Role format.
  */
 public WindowsPrincipal(
     IWindowsIdentity windowsIdentity,
     PrincipalFormat principalFormat,
     PrincipalFormat roleFormat) {
   _identity = windowsIdentity;
   _fqn = windowsIdentity.getFqn();
   _sid = windowsIdentity.getSid();
   _sidString = windowsIdentity.getSidString();
   _groups = getGroups(windowsIdentity.getGroups());
   _roles = getRoles(windowsIdentity, principalFormat, roleFormat);
 }
예제 #2
0
  /**
   * Returns a list of user principal objects.
   *
   * @param windowsIdentity Windows identity.
   * @param principalFormat Principal format.
   * @return A list of user principal objects.
   */
  private static List<String> getPrincipalNames(
      IWindowsIdentity windowsIdentity, PrincipalFormat principalFormat) {

    List<String> principals = new ArrayList<String>();
    switch (principalFormat) {
      case fqn:
        principals.add(windowsIdentity.getFqn());
        break;
      case sid:
        principals.add(windowsIdentity.getSidString());
        break;
      case both:
        principals.add(windowsIdentity.getFqn());
        principals.add(windowsIdentity.getSidString());
        break;
      case none:
        break;
    }

    return principals;
  }
예제 #3
0
 /**
  * A windows principal.
  *
  * @param windowsIdentity Windows identity.
  * @param realm Authentication realm.
  * @param principalFormat Principal format.
  * @param roleFormat Role format.
  */
 public GenericWindowsPrincipal(
     IWindowsIdentity windowsIdentity,
     Realm realm,
     PrincipalFormat principalFormat,
     PrincipalFormat roleFormat) {
   super(
       realm,
       windowsIdentity.getFqn(),
       "",
       getRoles(windowsIdentity, principalFormat, roleFormat));
   _sid = windowsIdentity.getSid();
   _sidString = windowsIdentity.getSidString();
   _groups = getGroups(windowsIdentity.getGroups());
 }
  @Override
  public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
      throws IOException, ServletException {

    HttpServletRequest request = (HttpServletRequest) req;
    HttpServletResponse response = (HttpServletResponse) res;

    _log.debug(
        "{} {}, contentlength: {}",
        request.getMethod(),
        request.getRequestURI(),
        Integer.valueOf(request.getContentLength()));

    AuthorizationHeader authorizationHeader = new AuthorizationHeader(request);

    // authenticate user
    if (!authorizationHeader.isNull()
        && _provider.isSecurityPackageSupported(authorizationHeader.getSecurityPackage())) {

      // log the user in using the token
      IWindowsIdentity windowsIdentity = null;

      try {
        windowsIdentity = _provider.doFilter(request, response);
        if (windowsIdentity == null) {
          return;
        }
      } catch (IOException e) {
        _log.warn("error logging in user: {}", e.getMessage());
        _log.trace("{}", e);
        sendUnauthorized(response, true);
        return;
      }

      if (!_allowGuestLogin && windowsIdentity.isGuest()) {
        _log.warn("guest login disabled: {}", windowsIdentity.getFqn());
        sendUnauthorized(response, true);
        return;
      }

      try {
        _log.debug(
            "logged in user: {} ({})", windowsIdentity.getFqn(), windowsIdentity.getSidString());

        WindowsPrincipal principal =
            new WindowsPrincipal(windowsIdentity, _principalFormat, _roleFormat);

        _log.debug("roles: {}", principal.getRolesString());

        Authentication authentication =
            new WindowsAuthenticationToken(
                principal, _grantedAuthorityFactory, _defaultGrantedAuthority);

        SecurityContextHolder.getContext().setAuthentication(authentication);

        _log.info("successfully logged in user: {}", windowsIdentity.getFqn());

      } finally {
        windowsIdentity.dispose();
      }
    }

    chain.doFilter(request, response);
  }