/** * A windows principal. * * @param windowsIdentity Windows identity. * @param principalFormat Principal format. * @param roleFormat Role format. */ public WindowsPrincipal( IWindowsIdentity windowsIdentity, PrincipalFormat principalFormat, PrincipalFormat roleFormat) { _identity = windowsIdentity; _fqn = windowsIdentity.getFqn(); _sid = windowsIdentity.getSid(); _sidString = windowsIdentity.getSidString(); _groups = getGroups(windowsIdentity.getGroups()); _roles = getRoles(windowsIdentity, principalFormat, roleFormat); }
/** * Returns a list of user principal objects. * * @param windowsIdentity Windows identity. * @param principalFormat Principal format. * @return A list of user principal objects. */ private static List<String> getPrincipalNames( IWindowsIdentity windowsIdentity, PrincipalFormat principalFormat) { List<String> principals = new ArrayList<String>(); switch (principalFormat) { case fqn: principals.add(windowsIdentity.getFqn()); break; case sid: principals.add(windowsIdentity.getSidString()); break; case both: principals.add(windowsIdentity.getFqn()); principals.add(windowsIdentity.getSidString()); break; case none: break; } return principals; }
/** * A windows principal. * * @param windowsIdentity Windows identity. * @param realm Authentication realm. * @param principalFormat Principal format. * @param roleFormat Role format. */ public GenericWindowsPrincipal( IWindowsIdentity windowsIdentity, Realm realm, PrincipalFormat principalFormat, PrincipalFormat roleFormat) { super( realm, windowsIdentity.getFqn(), "", getRoles(windowsIdentity, principalFormat, roleFormat)); _sid = windowsIdentity.getSid(); _sidString = windowsIdentity.getSidString(); _groups = getGroups(windowsIdentity.getGroups()); }
@Override public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) res; _log.debug( "{} {}, contentlength: {}", request.getMethod(), request.getRequestURI(), Integer.valueOf(request.getContentLength())); AuthorizationHeader authorizationHeader = new AuthorizationHeader(request); // authenticate user if (!authorizationHeader.isNull() && _provider.isSecurityPackageSupported(authorizationHeader.getSecurityPackage())) { // log the user in using the token IWindowsIdentity windowsIdentity = null; try { windowsIdentity = _provider.doFilter(request, response); if (windowsIdentity == null) { return; } } catch (IOException e) { _log.warn("error logging in user: {}", e.getMessage()); _log.trace("{}", e); sendUnauthorized(response, true); return; } if (!_allowGuestLogin && windowsIdentity.isGuest()) { _log.warn("guest login disabled: {}", windowsIdentity.getFqn()); sendUnauthorized(response, true); return; } try { _log.debug( "logged in user: {} ({})", windowsIdentity.getFqn(), windowsIdentity.getSidString()); WindowsPrincipal principal = new WindowsPrincipal(windowsIdentity, _principalFormat, _roleFormat); _log.debug("roles: {}", principal.getRolesString()); Authentication authentication = new WindowsAuthenticationToken( principal, _grantedAuthorityFactory, _defaultGrantedAuthority); SecurityContextHolder.getContext().setAuthentication(authentication); _log.info("successfully logged in user: {}", windowsIdentity.getFqn()); } finally { windowsIdentity.dispose(); } } chain.doFilter(request, response); }