While researching JAAS I scratch-coded this interesting bit:
final String name = "Bob the Builder"; final LoginContext context = new LoginContext(name, null, null, getNTConfiguration(name)); context.login(); context.logout();
Of course, the secret is in getNTConfiguration
:
static Configuration getNTConfiguration(final String name) { final Mapoptions = new HashMap () { { put("debug", "true"); put("debugNative", "true"); } }; final AppConfigurationEntry[] appConfigurationEntry = new AppConfigurationEntry[]{ new AppConfigurationEntry(NT_LOGIN_MODULE_NAME, REQUIRED, options), }; final Map entries = new HashMap () { { put(name, appConfigurationEntry); } }; return new Configuration() { public AppConfigurationEntry[] getAppConfigurationEntry(final String name) { return entries.get(name); } public void refresh() { } }; }
And the super-secret is the value of NT_LOGIN_MODULE_NAME
: "com.sun.security.auth.module.NTLoginModule".
The output when I run using all the debug options is:
An attempt was made to reference a token that does not exist. [NTLoginModule] succeeded importing info: user name = boxley user SID = S-1-5-21-123456789-839522115-1060284298-38670 user domain = MYDOMAIN user domain SID = S-1-5-21-123456789-839522115-1060284298 user primary group = S-1-5-21-123456789-839522115-1060284298-513 user group = S-1-1-0 user group = S-1-5-32-544 user group = S-1-5-32-545 user group = S-1-5-4 user group = S-1-5-11 user group = S-1-5-5-0-77027 user group = S-1-2-0 impersonation token = 7120 [NTLoginModule] completed logout processing getting access token [getToken] OpenThreadToken error [1008]: [getToken] got user access token getting user info [getUser] Got TokenUser info [getUser] userName: boxley, domainName = MYDOMAIN [getUser] userSid: S-1-5-21-123456789-839522115-1060284298-38670 [getUser] domainSid: S-1-5-21-123456789-839522115-1060284298 getting primary group [getPrimaryGroup] Got TokenPrimaryGroup info [getPrimaryGroup] primaryGroup: S-1-5-21-123456789-839522115-1060284298-513 getting supplementary groups [getGroups] Got TokenGroups info [getGroups] group 0: S-1-5-21-123456789-839522115-1060284298-513 [getGroups] group 1: S-1-1-0 [getGroups] group 2: S-1-5-32-544 [getGroups] group 3: S-1-5-32-545 [getGroups] group 4: S-1-5-4 [getGroups] group 5: S-1-5-11 [getGroups] group 6: S-1-5-5-0-77027 [getGroups] group 7: S-1-2-0 getting impersonation token [getImpersonationToken] token = 7120
2 comments:
LoginContext lc = new LoginContext(name, null, null, getNTConfiguration(name));
AFAIK, such a constructor doesnot exist for LoginContext
http://java.sun.com/j2se/1.4.2/docs/api/javax/security/auth/login/LoginContext.html
It is in the JDK5 docs:
http://java.sun.com/j2se/1.5.0/docs/api/javax/security/auth/login/LoginContext.html#LoginContext(java.lang.String,%20javax.security.auth.Subject,%20javax.security.auth.callback.CallbackHandler,%20javax.security.auth.login.Configuration)
Post a Comment