Just a second...

Developing a local authentication handler

Implement the Authenticator interface to create a local authentication handler.

Local authentication handlers can be implemented only in Java™ .
Note: This topic is applicable to Diffusion on-premis only.
  1. Create a Java class that implements Authenticator.
    private static class ExampleControlAuthenticationHandler
    extends Stream.Default
    implements ControlAuthenticator {
    
    	private static final Map<String, byte[]> PASSWORDS = new HashMap<>();
    	static {
    		PASSWORDS.put("manager", "password".getBytes(Charset.forName("UTF-8")));
    		PASSWORDS.put("guest", "asecret".getBytes(Charset.forName("UTF-8")));
    		PASSWORDS.put("brian", "boru".getBytes(Charset.forName("UTF-8")));
    		PASSWORDS.put("another", "apassword".getBytes(Charset.forName("UTF-8")));
    		}
    		
    		@Override
    		public void authenticate(
    		String principal,
    		Credentials credentials,
    		Map<String, String> sessionProperties,
    		Map<String, String> proposedProperties,
    		Callback callback) {
    					
    			final byte[] passwordBytes = PASSWORDS.get(principal);
    		
    			// If the principal is in the table and has provided a valid password
    			// then further processing of the properties may be applied
    			if (passwordBytes != null &&
    			credentials.getType() == Credentials.Type.PLAIN_PASSWORD &&
    			Arrays.equals(credentials.toBytes(), passwordBytes)) {
    		
    				// The manager principal is allowed all proposed properties
    				if ("manager".equals(principal)) {
    				// manager allows all proposed properties
    				callback.allow(proposedProperties);
    				} 
    		// The principal brian is allowed all proposed properties and also
    		// gets the 'super' role added
    			else if ("brian".equals(principal)) {
    				final Map<String, String> result =
    				new HashMap<>(proposedProperties);
    				final Set<String> roles =
    				Diffusion.stringToRoles(
    				sessionProperties.get(Session.ROLES));
    				roles.add("super");
    				result.put(Session.ROLES, Diffusion.rolesToString(roles));
    				callback.allow(result);
    				}
    		// All other valid principals are allowed but with no proposed
    		// properties assigned to the session
    			else {
    			callback.allow();
    			}
    		}
    		// If the principal is not in the table it is denied access
    			else {
    			callback.deny();
    			}
    	}
    }
    1. Implement the authenticate method.
    2. Use the allow, deny, or abstain method on the Callback object to respond with the authentication decision.
  2. Package your compiled Java class in a JAR file and put the JAR file in the ext directory of your Diffusion™ installation.
    This includes the authentication handler on the server classpath.
  3. Edit the etc/Server.xml configuration file to point to your authentication handler.
    Include the authentication-handler element in the list of authentication handlers. The order of the list defines the order in which the authentication handlers are called. The value of the class attribute is the fully qualified name of your authentication handler class. For example:
    <security>
        <authentication-handlers>
                
            <authentication-handler class="com.example.ExampleAuthenticationHandler" />
            
        </authentication-handlers>
    </security>
  4. Start or restart the Diffusion server.
    • On UNIX® -based systems, run the diffusion.sh command in the diffusion_installation_dir/bin directory.
    • On Windows™ systems, run the diffusion.bat command in the diffusion_installation_dir\bin directory.