NtlmUsernamePasswordAuthenticationToken xref

View Javadoc

1   /* Copyright 2004-2007 Acegi Technology Pty Limited
2    *
3    * Licensed under the Apache License, Version 2.0 (the "License");
4    * you may not use this file except in compliance with the License.
5    * You may obtain a copy of the License at
6    *
7    *     http://www.apache.org/licenses/LICENSE-2.0
8    *
9    * Unless required by applicable law or agreed to in writing, software
10   * distributed under the License is distributed on an "AS IS" BASIS,
11   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12   * See the License for the specific language governing permissions and
13   * limitations under the License.
14   */
15  
16  package org.springframework.security.ui.ntlm;
17  
18  import jcifs.smb.NtlmPasswordAuthentication;
19  
20  import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
21  import org.springframework.security.GrantedAuthority;
22  import org.springframework.security.util.AuthorityUtils;
23  
24  /**
25   * An NTLM-specific {@link UsernamePasswordAuthenticationToken} that allows any provider to bypass the problem of an
26   * empty password since NTLM does not retrieve the user's password from the PDC.
27   *
28   * @author Sylvain Mougenot
29   */
30  public class NtlmUsernamePasswordAuthenticationToken extends UsernamePasswordAuthenticationToken {
31  
32      private static final long serialVersionUID = 1L;
33  
34      /**
35       * Dummy authority array which is passed to the constructor of the parent class,
36       * ensuring that the "authenticated" property is set to "true" by default. See SEC-609.
37       */
38      private static final GrantedAuthority[] NTLM_AUTHENTICATED =
39              AuthorityUtils.stringArrayToAuthorityArray(new String[] {"NTLM_AUTHENTICATED"});
40  
41      /**
42       * Spring Security often checks password ; but we do not have one. This is the replacement password
43       */
44      public static final String DEFAULT_PASSWORD = "";
45  
46      /**
47       * Create an NTLM {@link UsernamePasswordAuthenticationToken} using the
48       * JCIFS {@link NtlmPasswordAuthentication} object.
49       *
50       * @param ntlmAuth        The {@link NtlmPasswordAuthentication} object.
51       * @param stripDomain    Uses just the username if <code>true</code>,
52       *                         otherwise use the username and domain name.
53       */
54      public NtlmUsernamePasswordAuthenticationToken(final NtlmPasswordAuthentication ntlmAuth, final boolean stripDomain) {
55          super((stripDomain) ? ntlmAuth.getUsername() : ntlmAuth.getName(), DEFAULT_PASSWORD, NTLM_AUTHENTICATED);
56      }
57  }