From commits-return-20361-apmail-directory-commits-archive=directory.apache.org@directory.apache.org Wed Nov 19 22:16:33 2008 Return-Path: Delivered-To: apmail-directory-commits-archive@www.apache.org Received: (qmail 72534 invoked from network); 19 Nov 2008 22:16:33 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 19 Nov 2008 22:16:33 -0000 Received: (qmail 40988 invoked by uid 500); 19 Nov 2008 22:16:42 -0000 Delivered-To: apmail-directory-commits-archive@directory.apache.org Received: (qmail 40933 invoked by uid 500); 19 Nov 2008 22:16:42 -0000 Mailing-List: contact commits-help@directory.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@directory.apache.org Delivered-To: mailing list commits@directory.apache.org Received: (qmail 40922 invoked by uid 99); 19 Nov 2008 22:16:42 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 19 Nov 2008 14:16:42 -0800 X-ASF-Spam-Status: No, hits=-1994.3 required=10.0 tests=ALL_TRUSTED,HTML_MESSAGE,MIME_HTML_ONLY X-Spam-Check-By: apache.org Received: from [140.211.11.140] (HELO brutus.apache.org) (140.211.11.140) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 19 Nov 2008 22:15:18 +0000 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id 05B6D234C29A for ; Wed, 19 Nov 2008 14:16:00 -0800 (PST) Message-ID: <147474301.1227132960021.JavaMail.www-data@brutus> Date: Wed, 19 Nov 2008 14:16:00 -0800 (PST) From: confluence@apache.org To: commits@directory.apache.org Subject: [CONF] Apache Directory Server v1.5: 2.4. Writing a custom authenticator (page edited) MIME-Version: 1.0 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Virus-Checked: Checked by ClamAV on apache.org
Page Edited : DIRxSRVx11 : 2.4. Writing a custom authenticator<= /a>

2.4. Writing a custom authenticator has been edited by Emmanuel L=C3=83=C2=A9charny (Nov 19, 2008).

=20

= (View changes)

Content:
<= colgroup>=
3D""= Work in progress

This site is in the process of being reviewed and updated.

3D""Warning

This page is out of date

<= /a>Using custom authenticators

Authenticator SPI provides a way to implement your own authentication me= chanism, for instance simple mechanism using password encryption such as MD= 5 or SHA1, or SASL mechanism. See the following example:

import javax.n=
aming.NamingException;

import org.apache.directory.server.core=
.authn.AbstractAuthenticator;
import org.apache.directory.server.core=
.authn.LdapPrincipal;
import org.apache.directory.server.core=
.jndi.ServerContext;
import org.apache.directory.shared.ldap=
.aci.AuthenticationLevel;
import org.apache.directory.shared.ldap=
.name.LdapDN;

public class CustomAuthenticator extends AbstractAuthenticator {
=09public CustomAuthenticator() {
=09=09// create authenticator that will handle=
 "simple" authentication mechanism
=09=09super("simple");
=09}

=09public void init() throws NamingException {
=09=09// ...
=09}

=09public LdapPrincipal authenticate(Ld=
apDN bindDn, ServerContext ctx) throws =
NamingException {
=09=09// ...

=09=09LdapPrincipal principal =3D AbstractAuthenticator.createLdapPrincipal=
(bindDn.toNormName(), AuthenticationLevel.SIMPLE);
=09=09// ..
=09=09return principal;

=09}
}

The authenticator class has to extend the org.apache.directory.server.co= re.authn.AbstractAuthenticator. This class needs to have a no-argument cons= tructor that calls the super() constructor with parameter the authenticatio= n mechanism it is going to handle. In the above example, MyAuthenticator cl= ass is going to handle the simple authentication mechanism.

You can optionally implement the init() method to initialize your authen= ticator class. This will be called when the authenticator is loaded by Apac= heDS during start-up.

When a client performs an authentication, ApacheDS will call the authent= icate() method. You can get the client authentication info from the server = context. After you authenticate the client, you need to return the authoriz= ation id. If the authentication fails, you should throw an LdapNoPermission= Exception.

When there are multiple authenticators registered with the same authenti= cation type, ApacheDS will try to use them in the order it was registered. = If one fails it will use the next one, until it finds one that successfully= authenticates the client.

To tell ApacheDS to load your custom authenticators, you need to specify= it in the server.xml. You can also optionally specify the location of a .p= roperties file containing the initialization parameters. See the following = example:

EXAMPLE BELOW IS NO LONGER VALID WITH XML CONFIGURATION

server.authenticators=3Dmyauthenticator yourauthenticator

server.authenticator.class.myauthenticator=3Dcom.mycompany.MyAuthenticator
server.authenticator.properties.myauthenticator=3Dmyauthenticator.propertie=
s

server.authenticator.class.yourauthenticator=3Dcom.yourcompany.YourAuthenti=
cator
server.authenticator.properties.yourauthenticator=3Dyourauthenticator.prope=
rties

Powered by Atlassian Confluence (Version: 2.2.9 Build:#527 Sep 07, 2006) - Bug/feature request

Unsubscribe or edit your notifications preferences