Developing a local authentication handler
Implement the Authenticator interface to create a local authentication handler.
Note: This topic is applicable to Diffusion on-premis
only.
-
Create a
Java
class that implements
Authenticator.
private static class ExampleControlAuthenticationHandler extends Stream.Default implements ControlAuthenticator { private static final Map<String, byte[]> PASSWORDS = new HashMap<>(); static { PASSWORDS.put("manager", "password".getBytes(Charset.forName("UTF-8"))); PASSWORDS.put("guest", "asecret".getBytes(Charset.forName("UTF-8"))); PASSWORDS.put("brian", "boru".getBytes(Charset.forName("UTF-8"))); PASSWORDS.put("another", "apassword".getBytes(Charset.forName("UTF-8"))); } @Override public void authenticate( String principal, Credentials credentials, Map<String, String> sessionProperties, Map<String, String> proposedProperties, Callback callback) { final byte[] passwordBytes = PASSWORDS.get(principal); // If the principal is in the table and has provided a valid password // then further processing of the properties may be applied if (passwordBytes != null && credentials.getType() == Credentials.Type.PLAIN_PASSWORD && Arrays.equals(credentials.toBytes(), passwordBytes)) { // The manager principal is allowed all proposed properties if ("manager".equals(principal)) { // manager allows all proposed properties callback.allow(proposedProperties); } // The principal brian is allowed all proposed properties and also // gets the 'super' role added else if ("brian".equals(principal)) { final Map<String, String> result = new HashMap<>(proposedProperties); final Set<String> roles = Diffusion.stringToRoles( sessionProperties.get(Session.ROLES)); roles.add("super"); result.put(Session.ROLES, Diffusion.rolesToString(roles)); callback.allow(result); } // All other valid principals are allowed but with no proposed // properties assigned to the session else { callback.allow(); } } // If the principal is not in the table it is denied access else { callback.deny(); } } }
- Implement the authenticate method.
- Use the allow, deny, or abstain method on the Callback object to respond with the authentication decision.
-
Package your compiled
Java
class in a
JAR
file
and put the
JAR
file in the ext directory of your
Diffusion™
Cloud
installation.
This includes the authentication handler on the server classpath.
-
Edit the etc/Server.xml configuration file to point to
your authentication handler.
Include the authentication-handler element in the list of authentication handlers. The order of the list defines the order in which the authentication handlers are called. The value of the class attribute is the fully qualified name of your authentication handler class. For example:
<security> <authentication-handlers> <authentication-handler class="com.example.ExampleAuthenticationHandler" /> </authentication-handlers> </security>
-
Start or restart the
Diffusion
Cloud
server.
- On UNIX® -based systems, run the diffusion.sh command in the diffusion_installation_dir/bin directory.
- On Windows™ systems, run the diffusion.bat command in the diffusion_installation_dir\bin directory.