Expand Collapse
Just a second...

Developing a local authentication handler

Implement the Authenticator interface to create a local authentication handler.

Local authentication handlers can be implemented only in Java™ .
Note: This topic is applicable to Diffusion on-premis only.
  1. Create a Java class that implements Authenticator. 
    private static class ExampleControlAuthenticationHandler
extends Stream.Default
implements ControlAuthenticator {

	private static final Map<String, byte[]> PASSWORDS = new HashMap<>();
	static {
		PASSWORDS.put("manager", "password".getBytes(Charset.forName("UTF-8")));
		PASSWORDS.put("guest", "asecret".getBytes(Charset.forName("UTF-8")));
		PASSWORDS.put("brian", "boru".getBytes(Charset.forName("UTF-8")));
		PASSWORDS.put("another", "apassword".getBytes(Charset.forName("UTF-8")));
		}
		
		@Override
		public void authenticate(
		String principal,
		Credentials credentials,
		Map<String, String> sessionProperties,
		Map<String, String> proposedProperties,
		Callback callback) {
					
			final byte[] passwordBytes = PASSWORDS.get(principal);
		
			// If the principal is in the table and has provided a valid password
			// then further processing of the properties may be applied
			if (passwordBytes != null &&
			credentials.getType() == Credentials.Type.PLAIN_PASSWORD &&
			Arrays.equals(credentials.toBytes(), passwordBytes)) {
		
				// The manager principal is allowed all proposed properties
				if ("manager".equals(principal)) {
				// manager allows all proposed properties
				callback.allow(proposedProperties);
				} 
		// The principal brian is allowed all proposed properties and also
		// gets the 'super' role added
			else if ("brian".equals(principal)) {
				final Map<String, String> result =
				new HashMap<>(proposedProperties);
				final Set<String> roles =
				Diffusion.stringToRoles(
				sessionProperties.get(Session.ROLES));
				roles.add("super");
				result.put(Session.ROLES, Diffusion.rolesToString(roles));
				callback.allow(result);
				}
		// All other valid principals are allowed but with no proposed
		// properties assigned to the session
			else {
			callback.allow();
			}
		}
		// If the principal is not in the table it is denied access
			else {
			callback.deny();
			}
	}
}
    1. Implement the authenticate method.
    2. Use the allow, deny, or abstain method on the Callback object to respond with the authentication decision.
  2. Package your compiled Java class in a JAR file and put the JAR file in the ext directory of your Diffusion™ installation.
    This includes the authentication handler on the server classpath.
  3. Edit the etc/Server.xml configuration file to point to your authentication handler.
    Include the authentication-handler element in the list of authentication handlers. The order of the list defines the order in which the authentication handlers are called. The value of the class attribute is the fully qualified name of your authentication handler class. For example:
    <security>
    <authentication-handlers>
            
        <authentication-handler class="com.example.ExampleAuthenticationHandler" />
        
    </authentication-handlers>
</security>
  4. Start or restart the Diffusion server.
    • On UNIX® -based systems, run the diffusion.sh command in the diffusion_installation_dir/bin directory.
    • On Windows™ systems, run the diffusion.bat command in the diffusion_installation_dir\bin directory.