Commit 4ee693f7 authored by Gaston Dombiak's avatar Gaston Dombiak Committed by gato

Initial version. JM-281

git-svn-id: http://svn.igniterealtime.org/svn/repos/wildfire/trunk@4157 b35dd754-fafc-0310-a699-88a17e54d16e
parent 092f335d
/**
* $RCSfile$
* $Revision: $
* $Date: 2006-04-20 10:46:24 -0500 (Thu, 20 Apr 2006) $
*
* Copyright (C) 2004 Jive Software. All rights reserved.
*
* This software is published under the terms of the GNU Public License (GPL),
* a copy of which is included in this distribution.
*/
package org.jivesoftware.wildfire.sasl;
/**
* Provider for authorization policies. Policy decisions are
* not based on any storage or specific options. They are
* ment to be broad sweeping policies, and are often implemented
* with a simple pattern matching algorithm. For a large
* majority of sites, a policy will be all that is required.
*
* Users that wish to integrate with their own authorization
* system must extend this class and implement the
* AuthorizationProvider interface then register the class
* with Wildfire in the <tt>wildfire.xml</tt> file. An entry
* in that file would look like the following:
*
* <pre>
* &lt;provider&gt;
* &lt;authorizationpolicy&gt;
* &lt;classlist&gt;com.foo.auth.CustomPolicyProvider&lt;/classlist&gt;
* &lt;/authorizationpolicy&gt;
* &lt;/provider&gt;</pre>
*
* @author Jay Kline
*/
public abstract class AbstractAuthorizationPolicy implements AuthorizationProvider {
/**
* Returns true if the principal is explicity authorized to the JID
*
* @param username The username requested.
* @param principal The principal requesting the username.
* @return true is the user is authorized to be principal
*/
public abstract boolean authorize(String username, String principal);
/**
* Returns the short name of the Policy
*
* @return The short name of the Policy
*/
public abstract String name();
/**
* Returns a description of the Policy
*
* @return The description of the Policy.
*/
public abstract String description();
}
\ No newline at end of file
/**
* $RCSfile$
* $Revision: $
* $Date: 2006-04-07 09:28:54 -0500 (Fri, 07 Apr 2006) $
*
* Copyright (C) 2004 Jive Software. All rights reserved.
*
* This software is published under the terms of the GNU Public License (GPL),
* a copy of which is included in this distribution.
*/
package org.jivesoftware.wildfire.sasl;
import java.util.Collection;
/**
* Provider for authorization. Unlike the AbstractAuthorizationPolicy
* class, this is intended for classes that need a more "heavyweight"
* solution, often that requires consulting some storage or external
* entity about each specific case. This class allows individual mappings
* between authenticated principals and usernames, and if the storage
* mechanism allows it, management of those mappings.
*
* Users that wish to integrate with their own authorization
* system must extend this class and implement the
* AuthorizationProvider interface then register the class
* with Wildfire in the <tt>wildfire.xml</tt> file. An entry
* in that file would look like the following:
*
* <pre>
* &lt;provider&gt;
* &lt;authorizationpolicy&gt;
* &lt;classlist&gt;com.foo.auth.CustomPolicyProvider&lt;/classlist&gt;
* &lt;/authorizationpolicy&gt;
* &lt;/provider&gt;</pre>
*
* @author Jay Kline
*/
public abstract class AbstractAuthorizationProvider implements AuthorizationProvider {
/**
* Returns true if the principal is explicity authorized to the JID
*
* @param username The username requested.
* @param principal The principal requesting the username.
* @return true is the user is authorized to be principal
*/
public abstract boolean authorize(String username, String principal);
/**
* Returns a String Collection of principals that are authorized to use
* the named user.
*
* @param username The username.
* @return A String Collection of principals that are authorized.
*/
public abstract Collection<String> getAuthorized(String username);
/**
* Returns true if this AuthorizationProvider supports changing the
* list of authorized principals for users.
*
* @return true if updating the list of authorized principals is
* supported by this AuthorizationProvider.
*/
public abstract boolean isWritable();
/**
* Add a single authorized principal to use the named user.
*
* @param username The username.
* @param principal The principal authorized to use the named user.
* @throws UnsupportedOperationException If this AuthorizationProvider cannot be updated.
*/
public abstract void addAuthorized(String username, String principal) throws UnsupportedOperationException;
/**
* Add a Collection of users authorized to use the named user.
*
* @param username The username.
* @param principals The Collection of principals authorized to use the named user.
* @throws UnsupportedOperationException If this AuthorizationProvider cannot be updated.
*/
public abstract void addAuthorized(String username, Collection<String> principals) throws UnsupportedOperationException;
/**
* Set the users authorized to use the named user. All existing principals listed
* will be removed.
*
* @param username The username.
* @param principals The Collection of principals authorized to use the named user.
* @throws UnsupportedOperationException If this AuthorizationProvider cannot be updated.
*/
public abstract void setAuthorized(String username, Collection<String> principals) throws UnsupportedOperationException;
/**
* Returns the short name of the Policy
*
* @return The short name of the Policy
*/
public abstract String name();
/**
* Returns a description of the Policy
*
* @return The description of the Policy.
*/
public abstract String description();
}
\ No newline at end of file
/**
* $RCSfile$
* $Revision: $
* $Date: 2006-04-07 09:28:54 -0500 (Fri, 07 Apr 2006) $
*
* Copyright (C) 2004 Jive Software. All rights reserved.
*
* This software is published under the terms of the GNU Public License (GPL),
* a copy of which is included in this distribution.
*/
package org.jivesoftware.wildfire.sasl;
import org.jivesoftware.util.ClassUtils;
import org.jivesoftware.util.JiveGlobals;
import org.jivesoftware.util.Log;
import java.util.ArrayList;
import java.util.Collection;
import java.util.StringTokenizer;
/**
* Manages the AuthorizationProvider objects.
* <p/>
* Overall description of the authentication and authorization process:
* <p/>
* After a client connects, and idicates a desire to use SASL, the
* SASLAuthentication object decides which SASL mechanisms to advertise,
* and then performs the authentication. If authentication is successful,
* the XMPPCallbackHandler is asked to handle() an AuthorizeCallback. The
* XMPPCallbackHandler asks the AuthorizationManager to authorize the
* principal to the requested username. The AuthorizationManager manages
* a list of AuthorizationProvider classes, and tries them one at a time
* and returns true with the first AuthorizationProvider that authorizes
* the principal to the username. If no classes authorize the principal,
* false is returned, which traces all the way back to give the client an
* unauthorized message. Its important to note that the message the client
* recieves will give no indication if the principal authentiated successfully,
* you will need to check the server logs for that information.
*
* @author Jay Kline
*/
public class AuthorizationManager {
private static ArrayList<AuthorizationProvider> providers =
new ArrayList<AuthorizationProvider>();
private static AuthorizationManager instance = new AuthorizationManager();
static {
String classList = JiveGlobals.getXMLProperty("provider.authorization.classList");
if (classList != null) {
StringTokenizer st = new StringTokenizer(classList, " ,\t\n\r\f");
while (st.hasMoreTokens()) {
String s_provider = st.nextToken();
try {
Class c_provider = ClassUtils.forName(s_provider);
AuthorizationProvider provider =
(AuthorizationProvider) (c_provider.newInstance());
Log.debug("AuthorizationManager: Loaded " + s_provider);
providers.add(provider);
} catch (Exception e) {
Log.error("Error loading AuthorizationProvider: " + s_provider + "\n" + e);
}
}
}
if (providers.isEmpty()) {
Log.debug("No AuthorizationProvider's found. Loading DefaultAuthorizationPolicy");
providers.add(new DefaultAuthorizationPolicy());
}
}
private AuthorizationManager() {
}
/**
* Returns the currently-installed AuthorizationProvider. Warning: You
* should not be calling the AuthorizationProvider directly to perform
* authorizations, it will not take into account the policy selected in
* the <tt>wildfire.xml</tt>. Use @see{authorize} in this class, instead.
*
* @return the current AuthorizationProvider.
*/
public static Collection<AuthorizationProvider> getAuthorizationProviders() {
return providers;
}
/**
* Returns a singleton AuthorizationManager instance.
*
* @return a AuthorizationManager instance.
*/
public static AuthorizationManager getInstance() {
return instance;
}
/**
* Authorize the authenticated used to the requested username. This uses the
* selected the selected AuthenticationProviders.
*
* @return true if the user is authorized.
*/
public static boolean authorize(String authorId, String authenId) {
for (AuthorizationProvider ap : providers) {
if (ap.authorize(authorId, authenId)) {
return true;
}
}
return false;
}
}
/**
* $RCSfile$
* $Revision: $
* $Date: 2006-04-20 10:46:24 -0500 (Thu, 20 Apr 2006) $
*
* Copyright (C) 2004 Jive Software. All rights reserved.
*
* This software is published under the terms of the GNU Public License (GPL),
* a copy of which is included in this distribution.
*/
package org.jivesoftware.wildfire.sasl;
import org.jivesoftware.wildfire.auth.UnauthorizedException;
/**
* Provider interface for authorization policy. Users that wish to integrate with
* their own authorization system must implement this class and then register
* the implementation with Wildfire in the <tt>wildfire.xml</tt>
* file. An entry in that file would look like the following:
*
* <pre>
* &lt;provider&gt;
* &lt;authorizationpolicy&gt;
* &lt;className&gt;com.foo.auth.CustomPolicyProvider&lt;/className&gt;
* &lt;/authorizationpolicy&gt;
* &lt;/provider&gt;</pre>
*
* @author Jay Kline
*/
public interface AuthorizationPolicyProvider {
/**
* Returns if the principal is explicity authorized to the JID, throws
* an UnauthorizedException otherwise
*
* @param username The username requested.
* @param principal The principal requesting the username.
* @throws UnauthorizedException
*/
public void authorize(String username, String principal) throws UnauthorizedException;
}
\ No newline at end of file
/**
* $RCSfile$
* $Revision: $
* $Date: 2006-04-07 09:28:54 -0500 (Fri, 07 Apr 2006) $
*
* Copyright (C) 2004 Jive Software. All rights reserved.
*
* This software is published under the terms of the GNU Public License (GPL),
* a copy of which is included in this distribution.
*/
package org.jivesoftware.wildfire.sasl;
/**
* This is the interface the AuthorizationManager uses to
* conduct authorizations.
*
* Users that wish to integrate with their own authorization
* system must implement this interface, and are strongly
* encouraged to extend either the AbstractAuthoriationPolicy
* or the AbstractAuthorizationProvider classes which allow
* the admin console manage the classes more effectively.
* Register the class with Wildfire in the <tt>wildfire.xml</tt>
* file. An entry in that file would look like the following:
*
* <pre>
* &lt;provider&gt;
* &lt;authorizationpolicy&gt;
* &lt;classlist&gt;com.foo.auth.CustomPolicyProvider&lt;/classlist&gt;
* &lt;/authorizationpolicy&gt;
* &lt;/provider&gt;</pre>
*
* @author Jay Kline
*/
public interface AuthorizationProvider {
/**
* Returns true if the principal is explicity authorized to the JID
*
* @param username The username requested.
* @param principal The principal requesting the username.
* @return true is the user is authorized to be principal
*/
public boolean authorize(String username, String principal);
}
\ No newline at end of file
/**
* $RCSfile$
* $Revision: $
* $Date: 2006-04-20 10:46:24 -0500 (Thu, 20 Apr 2006) $
*
* Copyright (C) 2004 Jive Software. All rights reserved.
*
* This software is published under the terms of the GNU Public License (GPL),
* a copy of which is included in this distribution.
*/
package org.jivesoftware.wildfire.sasl;
import org.jivesoftware.wildfire.XMPPServer;
/**
* This policy will authorize any principal that matches exactly the full
* JID (REALM and server name must be the same if using GSSAPI) or any
* principal that matches exactly the username (without REALM or server
* name). This does exactly what users expect if not supplying a seperate
* principal for authentication.
*
* @author Jay Kline
*/
public class DefaultAuthorizationPolicy extends AbstractAuthorizationPolicy
implements AuthorizationProvider {
private String serverName;
public DefaultAuthorizationPolicy() {
serverName = XMPPServer.getInstance().getServerInfo().getName();
}
/**
* Returns true if the principal is explicity authorized to the JID
*
* @param username The username requested.
* @param principal The principal requesting the username.
* @return true is the user is authorized to be principal
*/
public boolean authorize(String username, String principal) {
return (principal.equals(username) || principal.equals(username + "@" + serverName));
}
/**
* Returns the short name of the Policy
*
* @return The short name of the Policy
*/
public String name() {
return "Default Policy";
}
/**
* Returns a description of the Policy
*
* @return The description of the Policy.
*/
public String description() {
return "This policy will authorize any principal that matches exactly the full " +
"JID (REALM and server name must be the same if using GSSAPI) or any principal " +
"that matches exactly the username (without REALM or server name). This does " +
"exactly what users expect if not supplying a seperate principal for authentication.";
}
}
\ No newline at end of file
/**
* $RCSfile$
* $Revision: $
* $Date: 2006-04-07 09:28:54 -0500 (Fri, 07 Apr 2006) $
*
* Copyright (C) 2004 Jive Software. All rights reserved.
*
* This software is published under the terms of the GNU Public License (GPL),
* a copy of which is included in this distribution.
*/
package org.jivesoftware.wildfire.sasl;
import org.jivesoftware.database.DbConnectionManager;
import org.jivesoftware.util.LocaleUtils;
import org.jivesoftware.util.Log;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.util.ArrayList;
import java.util.Collection;
/**
* Provider for authorization using the default storage database. Checks
* if the authenticated principal is in the user's list of authorized
* principals.
*
* @author Jay Kline
*/
public class DefaultAuthorizationProvider extends AbstractAuthorizationProvider
implements AuthorizationProvider {
private static final String MATCH_AUTHORIZED =
"SELECT username FROM jiveSASLAuthorized WHERE username=? AND authorized=?";
private static final String GET_AUTHORIZED =
"SELECT authorized FROM jiveSASLAuthorized WHERE username=?";
private static final String INSERT_AUTHORIZED =
"INSERT into jiveSASLAuthorized (username,authorized) VALUES (?,?)";
private static final String DELETE_AUTHORIZED =
"DELETE FROM jiveSASLAuthorized WHERE username=? AND authorized=?";
private static final String DELETE_USER = "DELETE FROM jiveSASLAuthorized WHERE username=?";
/**
* Returns true if the principal is explicity authorized to the JID
*
* @param username The username requested.
* @param principal The principal requesting the username.
* @return true is the user is authorized to be principal
*/
public boolean authorize(String username, String principal) {
Connection con = null;
PreparedStatement pstmt = null;
try {
con = DbConnectionManager.getConnection();
pstmt = con.prepareStatement(MATCH_AUTHORIZED);
pstmt.setString(1, username);
pstmt.setString(2, principal);
ResultSet rs = pstmt.executeQuery();
return rs.next();
}
catch (Exception e) {
return false;
}
finally {
try { if (pstmt != null) { pstmt.close(); } }
catch (Exception e) { Log.error(e); }
try { if (con != null) { con.close(); } }
catch (Exception e) { Log.error(e); }
}
// not reachable
//return false;
}
/**
* Returns a String Collection of principals that are authorized to use
* the named user.
*
* @param username The username.
* @return A String Collection of principals that are authorized.
*/
public Collection<String> getAuthorized(String username) {
Connection con = null;
PreparedStatement pstmt = null;
Collection<String> authorized = new ArrayList<String>();
try {
con = DbConnectionManager.getConnection();
pstmt = con.prepareStatement(GET_AUTHORIZED);
pstmt.setString(1, username);
ResultSet rs = pstmt.executeQuery();
while (rs.next()) {
authorized.add(rs.getString("authorized"));
}
return authorized;
} catch (Exception e) {
return new ArrayList<String>();
}
finally {
try { if (pstmt != null) { pstmt.close(); } }
catch (Exception e) { Log.error(e); }
try { if (con != null) { con.close(); } }
catch (Exception e) { Log.error(e); }
}
}
/**
* Returns true.
*
* @return true
*/
public boolean isWritable() {
return true;
}
/**
* Add a single authorized principal to use the named user.
*
* @param username The username.
* @param principal The principal authorized to use the named user.
* @throws UnsupportedOperationException If this AuthorizationProvider cannot be updated.
*/
public void addAuthorized(String username, String principal)
throws UnsupportedOperationException {
if (authorize(username, principal)) {
// Already exists
return;
}
Connection con = null;
PreparedStatement pstmt = null;
try {
con = DbConnectionManager.getConnection();
pstmt = con.prepareStatement(INSERT_AUTHORIZED);
pstmt.setString(1, username);
pstmt.setString(2, principal);
pstmt.execute();
}
catch (Exception e) {
Log.error(LocaleUtils.getLocalizedString("admin.error"), e);
} finally {
try { if (pstmt != null) { pstmt.close(); } }
catch (Exception e) { Log.error(e); }
try { if (con != null) { con.close(); } }
catch (Exception e) { Log.error(e); }
}
}
/**
* Add a Collection of users authorized to use the named user.
*
* @param username The username.
* @param principals The Collection of principals authorized to use the named user.
* @throws UnsupportedOperationException If this AuthorizationProvider cannot be updated.
*/
public void addAuthorized(String username, Collection<String> principals)
throws UnsupportedOperationException {
for (String principal : principals) {
addAuthorized(username, principal);
}
}
/**
* Set the users authorized to use the named user. All existing principals listed
* will be removed.
*
* @param username The username.
* @param principals The Collection of principals authorized to use the named user.
* @throws UnsupportedOperationException If this AuthorizationProvider cannot be updated.
*/
public void setAuthorized(String username, Collection<String> principals)
throws UnsupportedOperationException {
Connection con = null;
PreparedStatement pstmt = null;
try {
con = DbConnectionManager.getConnection();
pstmt = con.prepareStatement(DELETE_USER);
pstmt.setString(1, username);
pstmt.execute();
addAuthorized(username, principals);
}
catch (Exception e) {
Log.error(LocaleUtils.getLocalizedString("admin.error"), e);
}
finally {
try { if (pstmt != null) { pstmt.close(); } }
catch (Exception e) { Log.error(e); }
try { if (con != null) { con.close(); } }
catch (Exception e) { Log.error(e); }
}
}
/**
* Returns the short name of the Policy
*
* @return The short name of the Policy
*/
public String name() {
return "Default Provider";
}
/**
* Returns a description of the Policy
*
* @return The description of the Policy.
*/
public String description() {
return "Provider for authorization using the default storage database.";
}
}
\ No newline at end of file
/**
* $RCSfile$
* $Revision: $
* $Date: 2006-04-20 10:46:24 -0500 (Thu, 20 Apr 2006) $
*
* Copyright (C) 2004 Jive Software. All rights reserved.
*
* This software is published under the terms of the GNU Public License (GPL),
* a copy of which is included in this distribution.
*/
package org.jivesoftware.wildfire.sasl;
/**
* This policy will authorize any principal who's username matches exactly
* the username of the JID. This means when cross realm authentication is
* allowed, user@REALM_A.COM and user@REALM_B.COM could both authorize as
* user@servername, so there is some risk here. But if usernames across the
*
* @author Jay Kline
*/
public class LazyAuthorizationPolicy extends AbstractAuthorizationPolicy implements AuthorizationProvider {
/**
* Returns true if the principal is explicity authorized to the JID
*
* @param username The username requested.
* @param principal The principal requesting the username.
* @return true is the user is authorized to be principal
*/
public boolean authorize(String username, String principal) {
return (principal.startsWith(username+"@"));
}
/**
* Returns the short name of the Policy
*
* @return The short name of the Policy
*/
public String name() {
return "Lazy";
}
/**
* Returns a description of the Policy
*
* @return The description of the Policy.
*/
public String description() {
return "This policy will authorize any principal who's username matches exactly the username of the JID. This means when cross realm authentication is allowed, user@REALM_A.COM and user@REALM_B.COM could both authorize as user@servername, so there is some risk here. But if usernames across the realms are unique, this can be very helpful.";
}
}
\ No newline at end of file
/**
* $RCSfile$
* $Revision: $
* $Date: 2006-04-20 10:46:24 -0500 (Thu, 20 Apr 2006) $
*
* Copyright (C) 2004 Jive Software. All rights reserved.
*
* This software is published under the terms of the GNU Public License (GPL),
* a copy of which is included in this distribution.
*/
package org.jivesoftware.wildfire.sasl;
import org.jivesoftware.util.JiveGlobals;
/**
* This policy will authorize any principal who:
*
* <li> Username of principal matches exactly the username of the JID </li>
* <li> The user principal's realm matches exactly the realm of the server.</li>
* Note that the realm may not match the servername, and in fact for this
* policy to be useful it will not match the servername. RFC3920 Section
* 6.1, item 7 states that if the principal (authorization entity) is the
* same as the JID (initiating entity), its MUST NOT provide an authorization
* identity. In practice however, GSSAPI will provide both. (Note: Ive
* not done extensive testing on this)
*
* @author Jay Kline
*/
public class StrictAuthorizationPolicy extends AbstractAuthorizationPolicy implements AuthorizationProvider {
/**
* Returns true if the principal is explicity authorized to the JID
*
* @param username The username requested.
* @param principal The principal requesting the username.
* @return true is the user is authorized to be principal
*/
public boolean authorize(String username, String principal) {
return (principal.equals(username+"@"+JiveGlobals.getXMLProperty("sasl.realm")));
}
/**
* Returns the short name of the Policy
*
* @return The short name of the Policy
*/
public String name() {
return "Strict Policy";
}
/**
* Returns a description of the Policy
*
* @return The description of the Policy.
*/
public String description() {
return "This policy will authorize any principal whos username matches exactly the username of the JID and whos realm matches exactly the realm of the server.";
}
}
\ No newline at end of file
/**
* $RCSfile$
* $Revision: $
* $Date: 2006-04-07 09:28:54 -0500 (Fri, 07 Apr 2006) $
*
* Copyright (C) 2004 Jive Software. All rights reserved.
*
* This software is published under the terms of the GNU Public License (GPL),
* a copy of which is included in this distribution.
*/
package org.jivesoftware.wildfire.sasl;
import org.jivesoftware.util.JiveGlobals;
import java.io.DataInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
/**
* Provider for authorization. Checks if the authenticated principal is in
* the user's .k5login file. A traditional Unix Kerberos methodology. The
* location of this file can be configured in the <tt>wildfire.xml</tt>
* file. An entry in that file would look like the following:
*
* <pre>
* &lt;unix&gt;
* &lt;k5login&gt; /home/{0}/.k5login &lt;/k5login&gt;
* &lt;/unix&gt;</pre>
*
* The string <tt>{0}</tt> will be replaced with the username.
*
* @author Jay Kline
*/
public class UnixK5LoginProvider extends AbstractAuthorizationProvider implements AuthorizationProvider {
/**
* Returns true if the principal is explicity authorized to the JID
*
* @param username The username requested.
* @param principal The principal requesting the username.
* @return true is the user is authorized to be principal
*/
public boolean authorize(String username, String principal) {
return getAuthorized(username).contains(principal);
}
/**
* Returns a String Collection of principals that are authorized to use
* the named user.
*
* @param username The username.
* @return A String Collection of principals that are authorized.
*/
public Collection<String> getAuthorized(String username) {
Collection<String> authorized = new ArrayList<String>();
try {
String filename = JiveGlobals.getXMLProperty("unix.k5login","/home/{0}/.k5login");
filename = filename.replace("{0}",username);
File k5login = new File(filename);
FileInputStream fis = new FileInputStream(k5login);
DataInputStream dis = new DataInputStream(fis);
String line;
while ( (line = dis.readLine() ) != null) {
authorized.add(line);
}
} catch (IOException e) {
//??
}
return authorized;
}
/**
* Returns false, this implementation is not writeable.
*
* @return False.
*/
public boolean isWritable() {
return false;
}
/**
* Always throws UnsupportedOperationException.
*
* @param username The username.
* @param principal The principal authorized to use the named user.
* @throws UnsupportedOperationException If this AuthorizationProvider cannot be updated.
*/
public void addAuthorized(String username, String principal) throws UnsupportedOperationException {
throw new UnsupportedOperationException();
}
/**
* Always throws UnsupportedOperationException.
*
* @param username The username.
* @param principals The Collection of principals authorized to use the named user.
*/
public void addAuthorized(String username, Collection<String> principals) throws UnsupportedOperationException {
throw new UnsupportedOperationException();
}
/**
* Always throws UnsupportedOperationException.
*
* @param username The username.
* @param principals The Collection of principals authorized to use the named user.
* @throws UnsupportedOperationException If this AuthorizationProvider cannot be updated.
*/
public void setAuthorized(String username, Collection<String> principals) throws UnsupportedOperationException {
throw new UnsupportedOperationException();
}
/**
* Returns the short name of the Policy
*
* @return The short name of the Policy
*/
public String name() {
return "Unix .k5login";
}
/**
* Returns a description of the Policy
*
* @return The description of the Policy.
*/
public String description() {
return "Checks if the authenticated principal is in the user's .k5login file. A traditional Unix Kerberos methodology.";
}
}
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment