Menu
▾
▴
Re: [Unity-idm-discuss] custom servlet endpoint authentication
|
From: Terefang V. <ter...@gm...> - 2015-01-22 15:28:02
|
hi!
> All examples will refer to the unity-server-rest module which is the most
> similar.
>
> 1) You need to define a contract (interface) for authenticators to
> retrieve credentials from your binding. As in your case it is low level
> then your retrievals should be servlet filters. Example: CXFAuthentication
> (which uses interceptros)
> 2) You will have to implement a credential retrieval (implementing a
> contract from (1)) for each credential which you are going to use with this
> binding. Retrievals are responsible for getting a credential in a transport
> specific way and then use a provided verificator to check it. Examples:
> HttpBasicRetrieval*
> 3) You will need to code a class that will be responsible for collecting a
> complete authentication result, by retrieving authn results from all
> authenticators (guys from (2)) and feeding it to generic Unity code to get
> a composite decision. It will be another servelt filter in your case. See
> AuthenticationInterceptor.
> 4) You will need a code that will install all authenticators (of course
> Unity ensures that only compatible authenticators can be used used) on an
> endpoint (i.e. it will install the filters, including the final one from
> (3)). Example: RESTEndpoint#installAuthnInterceptors()
>
> Yes, this is quite a lot of work, and rather difficult - you have to
> understand in details what happens, what is the order of invocation etc.
>
ok, all that works now :-)
although i have implemented it according to your list, i think a can merge
the two filters into one.
to get the most out of it i authenticate as a special created "websvc" to
get a maximum of visibility.
i would like to implement the follow api:
---
public interface JsonRpcInterface
{
public boolean userExists(String userName);
public boolean userExists(String userName, String context);
public Collection<String> authenticateUser(String userName, String
password);
public Collection<String> authenticateUser(String userName, String
password, String context);
public Collection<String> resolveGroups(String userName);
public Collection<String> resolveGroups(String userName, String context);
public Collection<String> resolveRoles(String userName);
public Collection<String> resolveRoles(String userName, String context);
public Map<String,String> resolveAttributes(String userName);
public Map<String,String> resolveAttributes(String userName, String
context);
}
---
userExists/resolveGroups/resolveAttributes already work as expected
resolveRoles will be implemented with a translation profile config later.
but i have no idea how i can implement "authenticateUser" -- surely i
cannot use the bindauthn
of the endpoint since they are only for the webservice authn/z.
how would i resolve an authenticator-name configured in the endpoints
private config ?
how would i resolve any of the preconfigured authenticators
(pwdWeb,ldapWeb,...) ?
from spring appcontext?
cheers,
--
terefang
--
Schonmal davon gehoert, dass nicht jeder linux user gleich ein
programmierer ist, der alles, was er selber braucht, auch selber
programmiert, installiert, patched, hacked oder portiert?
Urks? Das ist doch nur eine Legende.....
|
