[jcifs] Role based Authorisation
Carsten
cad at halvotec.de
Tue Aug 10 15:19:11 GMT 2004
After successful authentication with jcifs 0.9.6 at a nt domain controller, I
tried to authorise the user based on the role by using jcifs-ext 0.9.4.
I have tried it out with the implementation of the AuthenticatedRequest from
the jcifs-ext:
public boolean isUserInRole(String role) {
logger.debug("checking Role '" + role + "'");
if (super.isUserInRole(role)) {
return true;
}
if (role == null) {
logger.warn("User cannot be in a role 'null'.");
return false;
}
Set groups = getGroups();
return (groups != null) ? groups.contains(role.toUpperCase()) : false;
}
private Set getGroups() {
if (groups != null) {
return groups;
}
try {
Principal principal = getUserPrincipal();
UserManagement userManagement;
String username;
if (principal instanceof NtlmPasswordAuthentication) {
NtlmPasswordAuthentication auth =
(NtlmPasswordAuthentication) principal;
username = auth.getUsername();
String target = auth.getDomain();
if ("?".equals(target)) target = null;
if (auth.getPassword() == null) auth = null;
userManagement = new UserManagement(target, auth);
} else {
username = principal.getName();
int index = username.indexOf('@');
if (index != -1) username = username.substring(0,
index);
userManagement = new UserManagement();
}
Set groups = new TreeSet();
GroupUsersInfo[] groupList =
userManagement.netUserGetGroups(username, 0);
if (groupList != null) {
for (int i = groupList.length - 1; i >= 0; i--) {
String groupName = groupList[i].name.toUpperCase
();
logger.debug("Got role from Domain: " +
groupName);
groups.add(groupName);
}
}
return (this.groups = groups);
} catch (Exception ex) {
logger.error("An error occured while getting the roles from
domain. " + ex.getMessage());
ex.printStackTrace();
return (groups = null);
}
}
The only output I've got was:
An error occured while getting the roles from domain. 5
The ErrorCode 5 is an NT Status for Access Violation, when I have followed the
source in the right way.
I think that it could has something to do with the nt privileges set at the
domain controller. But I don't know exactly which privileges are the right to
set.
Can anyone help me to solve this problem?
Thanks in advance
Carsten
More information about the jcifs
mailing list