Implement the ControlAuthenticator
interface to create a control authentication handler.
This example demonstrates how to implement a control authentication
handler in Java™.
Note: A detailed example will be added soon.
-
Edit the etc/Server.xml configuration file to include a
name that the control authentication handler can register with.
Include the
control-authentication-handler element in the
list of authentication handlers. The order of the list defines the order in
which the authentication handlers are called. The value of the
handler-name attribute is the name that your control
authentication handler registers as. For
example:
<security>
<authentication-handlers>
<-- Include a local authentication handler that can authenticate the control client -->
<authentication-handler class="com.example.LocalHandler" />
<-- Register your control authentication handler -->
<control-authentication-handler handler-name="before-system-handler" />
</authentication-handlers>
</security>
The
client that registers your control authentication handler must first
authenticate with the Diffusion™ server. Configure a local
authentication handler that allows the client to connect.
-
Start the Diffusion server.
- On UNIX®-based systems, run the
diffusion.sh command in the
diffusion_installation_dir/bin
directory.
- On Windows™ systems, run the
diffusion.bat command in the
diffusion_installation_dir\bin
directory.
-
Create a Java class that implements
ControlAuthenticator.
-
Create a simple client that registers your control authentication handler with
the Diffusion server.
-
Start your client.
It connects to the Diffusion server and registers the control
authentication handler with the name
before-system-handler.
When a client authenticates, the Diffusion server forwards the
authentication request to the authentication handler you have registered. Your
authentication handler can ALLOW, DENY, or ABSTAIN from the authentication decision. If
your authentication handler returns an ALLOW or DENY decision, this decision is used as
the response to the authenticating client. If your authentication handler returns an
ABSTAIN decision, the Diffusion server forwards the authentication request
to the next authentication handler. For more information, see Authentication.