[jcifs] Role based Authorisation

Carsten cad at halvotec.de
Tue Aug 10 15:19:11 GMT 2004 

After successful authentication with jcifs 0.9.6 at a nt domain controller, I 
tried to authorise the user based on the role by using jcifs-ext 0.9.4. 
I have tried it out with the implementation of the AuthenticatedRequest from 
the jcifs-ext:

public boolean isUserInRole(String role) {
	logger.debug("checking Role '" + role + "'");
	if (super.isUserInRole(role)) {
		return true;
	} 
	if (role == null) {
		logger.warn("User cannot be in a role 'null'.");
		return false;
	} 
	Set groups = getGroups();
	return (groups != null) ? groups.contains(role.toUpperCase()) : false;
}

private Set getGroups() {
	if (groups != null) {
		return groups;
	}
	 
	try {
		Principal principal = getUserPrincipal();
		UserManagement userManagement;
		String username;
		if (principal instanceof NtlmPasswordAuthentication) {
			NtlmPasswordAuthentication auth = 
				(NtlmPasswordAuthentication) principal;
			username = auth.getUsername();
			String target = auth.getDomain();
			if ("?".equals(target)) target = null;
			if (auth.getPassword() == null) auth = null;
			userManagement = new UserManagement(target, auth);
		} else {
			username = principal.getName();
			int index = username.indexOf('@');
			if (index != -1) username = username.substring(0, 
index);
			userManagement = new UserManagement();
		}
		Set groups = new TreeSet();
		GroupUsersInfo[] groupList =
			userManagement.netUserGetGroups(username, 0);
		if (groupList != null) {
			for (int i = groupList.length - 1; i >= 0; i--) {
				String groupName = groupList[i].name.toUpperCase
();
				logger.debug("Got role from Domain: " + 
groupName);
				groups.add(groupName);
			}
		}
		return (this.groups = groups);
	} catch (Exception ex) {
		logger.error("An error occured while getting the roles from 
domain. " + ex.getMessage());
		ex.printStackTrace();
		return (groups = null);
	}
}

The only output I've got was:

        An error occured while getting the roles from domain. 5

The ErrorCode 5 is an NT Status for Access Violation, when I have followed the 
source in the right way.
I think that it could has something to do with the nt privileges set at the 
domain controller. But I don't know exactly which privileges are the right to 
set.
Can anyone help me to solve this problem? 

Thanks in advance 

Carsten

More information about the jcifs mailing list