Database Reference
In-Depth Information
Listing 8-3.
Use Reflection to Get OS User Identity
//import com.sun.security.auth.module.NTSystem;
import
java.lang.reflect.Method;
//NTSystem mNTS = new NTSystem();
Class mNTS =
Class.forName
( "com.sun.security.auth.module.NTSystem" );
//String name = mNTS.getName();
Method classMethod
= mNTS.
getMethod
( "getName" );
String name = ( String )
classMethod.invoke
(
mNTS.newInstance()
);
Notice first in this code that we no longer import the Windows specific class,
NTSystem
. We would
not be able to compile code with that
import
statement on a UNIX platform. Instead, we are importing
the reflection class,
Method
.
Method
can represent any specific method in a class.
Next, notice that we do not instantiate an
NTSystem
class, as we had done before. Now we get an
NTSystem
class by using the
Class.forName()
method and giving the fully qualified name of
NTSystem
.
Where have we seen this before? Oh that's right; we used this syntax when we load the
OracleDriver
.
Using this syntax, the compiler has no trouble—it sees the fully qualified name as a
String
, so even if
NTSystem
doesn't exist on a UNIX box, you can compile this code there.
Next, we know we need to access a method named
getName()
, so we pass the name of the method to
Class.getMethod()
, which returns a
Method
class,
classMethod
representing the
getName()
method.
We do not yet have an instance of
NTSystem
, but we have a handle,
mNTS
, to what might amount to a
static
class. Our next step requires that we call the
getName()
method on an instance of
NTSystem
. To call
the method, we call
classMethod.invoke()
, but we need a real instance (object) of
NTSystem
, so we
instantiate the object by calling
Class.newInstance()
.
At this point, our instance of
NTSystem
returns the OS user name from the
getName()
method.
However, because we are calling this through the
Method
class, we will get an
Object
type returned, which
we need to cast as a
String
.
We will do more with reflection when we get to Chapter 10. There we use reflection to restore classes
and objects from storage in the Oracle database and from transmission over the network. In the end, we
will read their members and call their methods.
Assure More Stringent OS Identity
What would we like to know before we accept the
NTSystem
report of the user ID? We'd like to know first
that we are on a Windows client. One possible pursuit of spoofing our code would be to run on a UNIX
client with an imposter class named
com.sun.security.auth.module.NTSystem
found in the client
CLASSPATH
. There would be problems trying to accomplish that, but we will avoid the issue by simply
assuring we are on a Windows machine. See Listing 8-4.
Knowing we are on a Windows client also informs us about which JAAS source to use:
NTSystem
instead of UnixSystem.
Listing 8-4.
Get OS User Identity, getOSUserID()
private static String
expectedDomain
= "ORGDOMAIN";
//System.getProperties().
list(System.out)
;
if( (
System.getProperty("os.arch").equals("x86")
||
System.getProperty("os.arch").endsWith("64")
) &&