/** * Commit the authentication (second phase). * * <p>This method is called if the LoginContext's overall authentication succeeded (the relevant * REQUIRED, REQUISITE, SUFFICIENT and OPTIONAL LoginModules succeeded). * * <p>If this LoginModule's own authentication attempt succeeded (the importing of the Unix * authentication information succeeded), then this method associates the Unix Principals with the * <code>Subject</code> currently tied to the <code>LoginModule</code>. If this LoginModule's * authentication attempted failed, then this method removes any state that was originally saved. * * <p> * * @exception LoginException if the commit fails * @return true if this LoginModule's own login and commit attempts succeeded, or false otherwise. */ public boolean commit() throws LoginException { if (succeeded == false) { if (debug) { System.out.println( "\t\t[UnixLoginModule]: " + "did not add any Principals to Subject " + "because own authentication failed."); } return false; } else { if (subject.isReadOnly()) { throw new LoginException("commit Failed: Subject is Readonly"); } if (!subject.getPrincipals().contains(userPrincipal)) subject.getPrincipals().add(userPrincipal); if (!subject.getPrincipals().contains(UIDPrincipal)) subject.getPrincipals().add(UIDPrincipal); if (!subject.getPrincipals().contains(GIDPrincipal)) subject.getPrincipals().add(GIDPrincipal); for (int i = 0; i < supplementaryGroups.size(); i++) { if (!subject.getPrincipals().contains(supplementaryGroups.get(i))) subject.getPrincipals().add(supplementaryGroups.get(i)); } if (debug) { System.out.println("\t\t[UnixLoginModule]: " + "added UnixPrincipal,"); System.out.println("\t\t\t\tUnixNumericUserPrincipal,"); System.out.println("\t\t\t\tUnixNumericGroupPrincipal(s),"); System.out.println("\t\t\t to Subject"); } commitSucceeded = true; return true; } }
/** * Logout the user * * <p>This method removes the Principals associated with the <code>Subject</code>. * * <p> * * @exception LoginException if the logout fails * @return true in all cases (this <code>LoginModule</code> should not be ignored). */ public boolean logout() throws LoginException { if (subject.isReadOnly()) { throw new LoginException("logout Failed: Subject is Readonly"); } // remove the added Principals from the Subject subject.getPrincipals().remove(userPrincipal); subject.getPrincipals().remove(UIDPrincipal); subject.getPrincipals().remove(GIDPrincipal); for (int i = 0; i < supplementaryGroups.size(); i++) { subject.getPrincipals().remove(supplementaryGroups.get(i)); } // clean out state ss = null; succeeded = false; commitSucceeded = false; userPrincipal = null; UIDPrincipal = null; GIDPrincipal = null; supplementaryGroups = new LinkedList<UnixNumericGroupPrincipal>(); if (debug) { System.out.println("\t\t[UnixLoginModule]: " + "logged out Subject"); } return true; }