Package waffle.windows.auth

Examples of waffle.windows.auth.IWindowsIdentity


* users and groups.
*/
public class LocalWindowsUserInformationSource extends WindowsUserInformationSource {
    @Override
    public UserInformation authenticate(String principal, Password password) {
        IWindowsIdentity identity = null;
        try {
            identity = getProvider().logonDomainUser(principal, ".", password.getPasswordString());
            if (identity.isGuest()) {
                return null;
            } else {
                return buildUserInformation(identity, null);
            }
        } catch (Win32Exception ex) {
            return null;
        } finally {
            if (identity != null) {
                identity.dispose();
            }
        }
    }
View Full Code Here


    private String serverName;

    @Override
    public UserInformation authenticate(String principal, Password password) {
        initialize();
        IWindowsIdentity identity = null;
        try {
            // TODO: handle UPN and SAM formats to specify domain
            identity = getProvider().logonDomainUser(principal, serverName, password.getPasswordString());
            if (identity.isGuest()) {
                return null;
            } else {
                return buildUserInformation(identity, serverName);
            }
        } catch (Win32Exception ex) {
            return null;
        } finally {
            if (identity != null) {
                identity.dispose();
            }
        }
    }
View Full Code Here

        // strip default domain from username@domain
        username = username.substring(0, username.lastIndexOf('@'));
      }
    }

    IWindowsIdentity identity = null;
    try {
      if (username.indexOf('@') > -1 || username.indexOf('\\') > -1) {
        // manually specified domain
        identity = waffle.logonUser(username, new String(password));
      } else {
        // no domain specified, use default domain
        identity = waffle.logonDomainUser(username, defaultDomain, new String(password));
      }
    } catch (Win32Exception e) {
      logger.error(e.getMessage());
      return null;
    }

    if (identity.isGuest() && !settings.getBoolean(Keys.realm.windows.allowGuests, false)) {
      logger.warn("Guest account access is disabled");
      identity.dispose();
      return null;
    }

        UserModel user = userManager.getUserModel(username);
        if (user == null) {
          // create user object for new authenticated user
          user = new UserModel(username.toLowerCase());
        }

        // create a user cookie
        setCookie(user, password);

        // update user attributes from Windows identity
        user.accountType = getAccountType();
        String fqn = identity.getFqn();
        if (fqn.indexOf('\\') > -1) {
          user.displayName = fqn.substring(fqn.lastIndexOf('\\') + 1);
        } else {
          user.displayName = fqn;
        }
        user.password = Constants.EXTERNAL_ACCOUNT;

        Set<String> groupNames = new TreeSet<String>();
         for (IWindowsAccount group : identity.getGroups()) {
           groupNames.add(group.getFqn());
        }

         if (settings.getBoolean(Keys.realm.windows.permitBuiltInAdministrators, true)) {
           if (groupNames.contains("BUILTIN\\Administrators")) {
             // local administrator
             user.canAdmin = true;
           }
        }

        // TODO consider mapping Windows groups to teams

        // push the changes to the backing user service
        updateUser(user);

        // cleanup resources
        identity.dispose();

        return user;
    }
View Full Code Here

    protected final AuthenticationInfo doGetAuthenticationInfo(final AuthenticationToken authToken) {
        AuthenticationInfo authenticationInfo = null;
        if (authToken instanceof UsernamePasswordToken) {
            final UsernamePasswordToken token = (UsernamePasswordToken) authToken;
            final String username = token.getUsername();
            IWindowsIdentity identity = null;
            try {
                LOGGER.debug("Attempting login for user {}", username);
                identity = this.provider.logonUser(username, new String(token.getPassword()));
                if (identity.isGuest()) {
                    LOGGER.debug("Guest identity for user {}; denying access", username);
                    throw new AuthenticationException("Guest identities are not allowed access");
                }
                final Object principal = new WaffleFqnPrincipal(identity);
                authenticationInfo = buildAuthenticationInfo(token, principal);
                LOGGER.debug("Successful login for user {}", username);
            } catch (RuntimeException e) {
                LOGGER.debug("Failed login for user {}: {}", username, e.getMessage());
                LOGGER.trace("{}", e);
                throw new AuthenticationException("Login failed", e);
            } finally {
                if (identity != null) {
                    identity.dispose();
                }
            }
        }
        return authenticationInfo;
    }
View Full Code Here

        final String username = request.getParameter("j_username");
        final String password = request.getParameter("j_password");

        this.log.debug("logging in: {}", username);

        IWindowsIdentity windowsIdentity;
        try {
            windowsIdentity = this.auth.logonUser(username, password);
        } catch (Exception e) {
            this.log.error(e.getMessage());
            this.log.trace("{}", e);
            return false;
        }

        // disable guest login
        if (!this.allowGuestLogin && windowsIdentity.isGuest()) {
            this.log.warn("guest login disabled: {}", windowsIdentity.getFqn());
            return false;
        }

        try {
            this.log.debug("successfully logged in {} ({})", username, windowsIdentity.getSidString());

            final GenericWindowsPrincipal windowsPrincipal = new GenericWindowsPrincipal(windowsIdentity,
                    this.principalFormat, this.roleFormat);

            this.log.debug("roles: {}", windowsPrincipal.getRolesString());

            // create a session associated with this request if there's none
            final HttpSession session = request.getSession(true);
            this.log.debug("session id: {}", session == null ? "null" : session.getId());

            register(request, response, windowsPrincipal, "FORM", windowsPrincipal.getName(), null);
            this.log.info("successfully logged in user: {}", windowsPrincipal.getName());
        } finally {
            windowsIdentity.dispose();
        }

        return true;
    }
View Full Code Here

        // authenticate user
        if (!authorizationHeader.isNull()) {

            // log the user in using the token
            IWindowsIdentity windowsIdentity;
            try {
                windowsIdentity = this.providers.doFilter(request, response);
                if (windowsIdentity == null) {
                    return;
                }
            } catch (IOException e) {
                LOGGER.warn("error logging in user: {}", e.getMessage());
                LOGGER.trace("{}", e);
                sendUnauthorized(response, true);
                return;
            }

            IWindowsImpersonationContext ctx = null;
            try {
                if (!this.allowGuestLogin && windowsIdentity.isGuest()) {
                    LOGGER.warn("guest login disabled: {}", windowsIdentity.getFqn());
                    sendUnauthorized(response, true);
                    return;
                }

                LOGGER.debug("logged in user: {} ({})", windowsIdentity.getFqn(), windowsIdentity.getSidString());

                HttpSession session = request.getSession(true);
                if (session == null) {
                    throw new ServletException("Expected HttpSession");
                }

                Subject subject = (Subject) session.getAttribute("javax.security.auth.subject");
                if (subject == null) {
                    subject = new Subject();
                }

                WindowsPrincipal windowsPrincipal = null;
                if (this.impersonate) {
                    windowsPrincipal = new AutoDisposableWindowsPrincipal(windowsIdentity, this.principalFormat,
                            this.roleFormat);
                } else {
                    windowsPrincipal = new WindowsPrincipal(windowsIdentity, this.principalFormat, this.roleFormat);
                }

                LOGGER.debug("roles: {}", windowsPrincipal.getRolesString());
                subject.getPrincipals().add(windowsPrincipal);
                session.setAttribute("javax.security.auth.subject", subject);

                LOGGER.info("successfully logged in user: {}", windowsIdentity.getFqn());

                request.getSession().setAttribute(PRINCIPALSESSIONKEY, windowsPrincipal);

                NegotiateRequestWrapper requestWrapper = new NegotiateRequestWrapper(request, windowsPrincipal);

                if (this.impersonate) {
                    LOGGER.debug("impersonating user");
                    ctx = windowsIdentity.impersonate();
                }

                chain.doFilter(requestWrapper, response);
            } finally {
                if (this.impersonate && ctx != null) {
                    LOGGER.debug("terminating impersonation");
                    ctx.revertToSelf();
                } else {
                    windowsIdentity.dispose();
                }
            }

            return;
        }
View Full Code Here

    @Override
    protected Principal doLogin(final Request request, final String username, final String password)
            throws ServletException {
        this.log.debug("logging in: {}", username);
        IWindowsIdentity windowsIdentity;
        try {
            windowsIdentity = this.auth.logonUser(username, password);
        } catch (Exception e) {
            this.log.error(e.getMessage());
            this.log.trace("{}", e);
            return super.doLogin(request, username, password);
        }
        // disable guest login
        if (!this.allowGuestLogin && windowsIdentity.isGuest()) {
            this.log.warn("guest login disabled: {}", windowsIdentity.getFqn());
            return super.doLogin(request, username, password);
        }
        try {
            this.log.debug("successfully logged in {} ({})", username, windowsIdentity.getSidString());
            final GenericWindowsPrincipal windowsPrincipal = new GenericWindowsPrincipal(windowsIdentity,
                    this.principalFormat, this.roleFormat);
            this.log.debug("roles: {}", windowsPrincipal.getRolesString());
            return windowsPrincipal;
        } finally {
            windowsIdentity.dispose();
        }
    }
View Full Code Here

    }

    @Override
    public Authentication authenticate(final Authentication authentication) {
        final UsernamePasswordAuthenticationToken auth = (UsernamePasswordAuthenticationToken) authentication;
        final IWindowsIdentity windowsIdentity = this.authProvider.logonUser(auth.getName(), auth.getCredentials()
                .toString());
        LOGGER.debug("logged in user: {} ({})", windowsIdentity.getFqn(), windowsIdentity.getSidString());

        if (!this.allowGuestLogin && windowsIdentity.isGuest()) {
            LOGGER.warn("guest login disabled: {}", windowsIdentity.getFqn());
            throw new GuestLoginDisabledAuthenticationException(windowsIdentity.getFqn());
        }

        final WindowsPrincipal windowsPrincipal = new WindowsPrincipal(windowsIdentity, this.principalFormat,
                this.roleFormat);
        LOGGER.debug("roles: {}", windowsPrincipal.getRolesString());

        final WindowsAuthenticationToken token = new WindowsAuthenticationToken(windowsPrincipal,
                this.grantedAuthorityFactory, this.defaultGrantedAuthority);

        LOGGER.info("successfully logged in user: {}", windowsIdentity.getFqn());
        return token;
    }
View Full Code Here

        // authenticate user
        if (!authorizationHeader.isNull()
                && this.provider.isSecurityPackageSupported(authorizationHeader.getSecurityPackage())) {

            // log the user in using the token
            IWindowsIdentity windowsIdentity;

            try {
                windowsIdentity = this.provider.doFilter(request, response);
                if (windowsIdentity == null) {
                    return;
                }
            } catch (IOException e) {
                LOGGER.warn("error logging in user: {}", e.getMessage());
                LOGGER.trace("{}", e);
                sendUnauthorized(response, true);
                return;
            }

            if (!this.allowGuestLogin && windowsIdentity.isGuest()) {
                LOGGER.warn("guest login disabled: {}", windowsIdentity.getFqn());
                sendUnauthorized(response, true);
                return;
            }

            try {
                LOGGER.debug("logged in user: {} ({})", windowsIdentity.getFqn(), windowsIdentity.getSidString());

                final WindowsPrincipal principal = new WindowsPrincipal(windowsIdentity, this.principalFormat,
                        this.roleFormat);

                LOGGER.debug("roles: {}", principal.getRolesString());

                final Authentication authentication = new WindowsAuthenticationToken(principal,
                        this.grantedAuthorityFactory, this.defaultGrantedAuthority);

                SecurityContextHolder.getContext().setAuthentication(authentication);

                LOGGER.info("successfully logged in user: {}", windowsIdentity.getFqn());

            } finally {
                windowsIdentity.dispose();
            }
        }

        chain.doFilter(request, response);
    }
View Full Code Here

                sendError(response, HttpServletResponse.SC_SERVICE_UNAVAILABLE);
                return false;
            }

            // create and register the user principal with the session
            final IWindowsIdentity windowsIdentity = securityContext.getIdentity();

            // disable guest login
            if (!this.allowGuestLogin && windowsIdentity.isGuest()) {
                this.log.warn("guest login disabled: {}", windowsIdentity.getFqn());
                sendUnauthorized(response);
                return false;
            }

            try {
                this.log.debug("logged in user: {} ({})", windowsIdentity.getFqn(), windowsIdentity.getSidString());

                final GenericWindowsPrincipal windowsPrincipal = new GenericWindowsPrincipal(windowsIdentity,
                        this.principalFormat, this.roleFormat);

                this.log.debug("roles: {}", windowsPrincipal.getRolesString());

                principal = windowsPrincipal;

                // create a session associated with this request if there's none
                final HttpSession session = request.getSession(true);
                this.log.debug("session id: {}", session == null ? "null" : session.getId());

                // register the authenticated principal
                register(request, response, principal, securityPackage, principal.getName(), null);
                this.log.info("successfully logged in user: {}", principal.getName());

            } finally {
                windowsIdentity.dispose();
            }

            return true;
        }
View Full Code Here

TOP

Related Classes of waffle.windows.auth.IWindowsIdentity

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.