Developing a composite control authentication handler
Extend the CompositeControlAuthenticationHandler class to combine the decisions from multiple control authentication handlers.
Using a composite control authentication handler reduces the number of messages that are sent between Diffusion™ Cloud and the client to perform authentication.
This example describes how to use a composite control authentication handler as part of a client remote from Diffusion Cloud.
When the client session starts, the composite control authentication handler calls the onActive methods of the individual control authentication handlers in the order in which they are passed in to the composite handler.
- If an individual handler responds with ALLOW, the composite handler responds with that decision to Diffusion Cloud and a list of any roles to assign to the authenticated principal.
- If an individual handler responds with DENY, the composite handler responds with that decision to Diffusion Cloud.
- If an individual handler responds with ABSTAIN, the composite handler calls the next individual handler in the list.
- If all individual handlers respond with ABSTAIN, the composite handler responds to Diffusion Cloud with an ABSTAIN decision.
When the client session closes, the composite control authentication handler calls the onClose methods of the individual control authentication handlers in the order in which they are passed in to the composite handler.
This page last modified: 2020/06/25