Database Reference
In-Depth Information
Listing 8-3. Use Reflection to Get OS User Identity
//import com.sun.security.auth.module.NTSystem;
import java.lang.reflect.Method;
//NTSystem mNTS = new NTSystem();
Class mNTS = Class.forName ( "com.sun.security.auth.module.NTSystem" );
//String name = mNTS.getName();
Method classMethod = mNTS. getMethod ( "getName" );
String name = ( String ) classMethod.invoke ( mNTS.newInstance() );
Notice first in this code that we no longer import the Windows specific class, NTSystem . We would
not be able to compile code with that import statement on a UNIX platform. Instead, we are importing
the reflection class, Method . Method can represent any specific method in a class.
Next, notice that we do not instantiate an NTSystem class, as we had done before. Now we get an
NTSystem class by using the Class.forName() method and giving the fully qualified name of NTSystem .
Where have we seen this before? Oh that's right; we used this syntax when we load the OracleDriver .
Using this syntax, the compiler has no trouble—it sees the fully qualified name as a String , so even if
NTSystem doesn't exist on a UNIX box, you can compile this code there.
Next, we know we need to access a method named getName() , so we pass the name of the method to
Class.getMethod() , which returns a Method class, classMethod representing the getName() method.
We do not yet have an instance of NTSystem , but we have a handle, mNTS , to what might amount to a
static class. Our next step requires that we call the getName() method on an instance of NTSystem . To call
the method, we call classMethod.invoke() , but we need a real instance (object) of NTSystem , so we
instantiate the object by calling Class.newInstance() .
At this point, our instance of NTSystem returns the OS user name from the getName() method.
However, because we are calling this through the Method class, we will get an Object type returned, which
we need to cast as a String .
We will do more with reflection when we get to Chapter 10. There we use reflection to restore classes
and objects from storage in the Oracle database and from transmission over the network. In the end, we
will read their members and call their methods.
Assure More Stringent OS Identity
What would we like to know before we accept the NTSystem report of the user ID? We'd like to know first
that we are on a Windows client. One possible pursuit of spoofing our code would be to run on a UNIX
client with an imposter class named com.sun.security.auth.module.NTSystem found in the client
CLASSPATH . There would be problems trying to accomplish that, but we will avoid the issue by simply
assuring we are on a Windows machine. See Listing 8-4.
Knowing we are on a Windows client also informs us about which JAAS source to use: NTSystem
instead of UnixSystem.
Listing 8-4. Get OS User Identity, getOSUserID()
private static String expectedDomain = "ORGDOMAIN";
//System.getProperties(). list(System.out) ;
if( ( System.getProperty("os.arch").equals("x86") ||
System.getProperty("os.arch").endsWith("64") ) &&
 
Search WWH ::




Custom Search