Expand Collapse
Just a second...

Developing a local authenticator

Implement the Authenticator interface to create a local authenticator.

Local authenticators can be implemented only in Java™ .
Note: This topic is applicable to Diffusion on-premis only.
  1. Create a Java class that implements Authenticator. 
    private static class ExampleControlAuthenticationHandler
extends Stream.Default
implements ControlAuthenticator {

	private static final Map<String, byte[]> PASSWORDS = new HashMap<>();
	static {
		PASSWORDS.put("manager", "password".getBytes(Charset.forName("UTF-8")));
		PASSWORDS.put("guest", "asecret".getBytes(Charset.forName("UTF-8")));
		PASSWORDS.put("brian", "boru".getBytes(Charset.forName("UTF-8")));
		PASSWORDS.put("another", "apassword".getBytes(Charset.forName("UTF-8")));
		}
		
		@Override
		public void authenticate(
		String principal,
		Credentials credentials,
		Map<String, String> sessionProperties,
		Map<String, String> proposedProperties,
		Callback callback) {
					
			final byte[] passwordBytes = PASSWORDS.get(principal);
		
			// If the principal is in the table and has provided a valid password
			// then further processing of the properties may be applied
			if (passwordBytes != null &&
			credentials.getType() == Credentials.Type.PLAIN_PASSWORD &&
			Arrays.equals(credentials.toBytes(), passwordBytes)) {
		
				// The manager principal is allowed all proposed properties
				if ("manager".equals(principal)) {
				// manager allows all proposed properties
				callback.allow(proposedProperties);
				} 
		// The principal brian is allowed all proposed properties and also
		// gets the 'super' role added
			else if ("brian".equals(principal)) {
				final Map<String, String> result =
				new HashMap<>(proposedProperties);
				final Set<String> roles =
				Diffusion.stringToRoles(
				sessionProperties.get(Session.ROLES));
				roles.add("super");
				result.put(Session.ROLES, Diffusion.rolesToString(roles));
				callback.allow(result);
				}
		// All other valid principals are allowed but with no proposed
		// properties assigned to the session
			else {
			callback.allow();
			}
		}
		// If the principal is not in the table it is denied access
			else {
			callback.deny();
			}
	}
}
    1. Implement the authenticate method.
    2. Use the allow, deny, or abstain method on the Callback object to respond with the authentication decision.
  2. Package your compiled Java class in a JAR file and put the JAR file in the ext directory of your Diffusion™ Cloud installation.
    This includes the authenticator on the server classpath.
  3. Edit the etc/Server.xml configuration file to point to your authenticator.
    Include the authentication-handler element in the list of authenticators. The order of the list defines the order in which the authenticators are called. The value of the class attribute is the fully qualified name of your authenticator class. For example:
    <security>
    <authentication-handlers>
            
        <authentication-handler class="com.example.ExampleAuthenticationHandler" />
        
    </authentication-handlers>
</security>
  4. Start or restart the Diffusion Cloud server.
    • On UNIX® -based systems, run the diffusion.sh command in the diffusion_installation_dir/bin directory.
    • On Windows™ systems, run the diffusion.bat command in the diffusion_installation_dir\bin directory.