Authenticator: Difference between revisions

From Obsidian Scheduler
Jump to navigationJump to search
Newer edit →
Created page with "Out-of-the-box Obsidian includes 2 authentication providers. Native authentication, which is managed in the database, and LDAP-supported authentication. But you also have the opt..."
 
No edit summary
Line 48: Line 48:
     //usernameis "financeGuy"
     //usernameis "financeGuy"
     //pass is "mystrongpass"
     //pass is "mystrongpass"
     //these are valid credentials, but user does not have any rights to Obsidian
     //credentials are valid, but user does not have any rights to Obsidian


     throw new AuthenticationFailedException(String.format("User [%s] is not authorized to use Obsidian Scheduler.", username));
     throw new AuthenticationFailedException(String.format("User [%s] is not authorized to use Obsidian Scheduler.", username));
Line 67: Line 67:
     //usernameis "fredScheduler"
     //usernameis "fredScheduler"
     //pass is "badpass"
     //pass is "badpass"
     //this is invalid
     //credentials are invalid


     throw new AuthenticationFailedException(String.format("User [%s] could not be authenticated.", username));
     throw new AuthenticationFailedException(String.format("User [%s] could not be authenticated.", username));
Line 80: Line 80:
     //usernameis "fredScheduler"
     //usernameis "fredScheduler"
     //pass is "mystrongpassword"
     //pass is "mystrongpassword"
     //this is valid, he has WRITE_ROLE
     //credentials are valid, he has WRITE_ROLE


     User user = new User(username);
     User user = new User(username);
Line 95: Line 95:
     //usernameis "tinaOperator"
     //usernameis "tinaOperator"
     //pass is "mystrongpassword"
     //pass is "mystrongpassword"
     //this is valid, Tina has default access
     //credentials are valid, Tina has default access


     return new User(username);
     return new User(username);
Line 108: Line 108:
     //usernameis "newGuy"
     //usernameis "newGuy"
     //pass is "mystrongpassword"
     //pass is "mystrongpassword"
     //this is valid, the intern has LIMITED_READ_ROLE access
     //credentials are valid, the intern has LIMITED_READ_ROLE access


     User user = new User(username);
     User user = new User(username);

Revision as of 03:12, 15 September 2013

Out-of-the-box Obsidian includes 2 authentication providers. Native authentication, which is managed in the database, and LDAP-supported authentication. But you also have the option to implement your own authenticator or even customize our LDAP authenticator. Below you'll find directions on how to do both. Before you get started, make sure you are familiar with the Roles that Obsidian defines to allow assignment of access restrictions.

Developing an Authenticator

Obsidian uses any valid implementation of the com.carfey.suite.security.Authenticator interface.


Implementation of a Custom Authenticator

com.carfey.suite.security.User authenticate(String username, String pass) throws com.carfey.suite.security.Authenticator.AuthenticationFailedException

This method authenticates and returns a user with roles defined. Given a user name and a password either return a valid com.carfey.suite.security.User object or throw a com.carfey.suite.security.Authenticator.AuthenticationFailedException.


If authentication is successful, the com.carfey.suite.security.User returned must have all its role memberships defined. This is done using the com.carfey.suite.security.Role class. The assignment of Roles to a User can be done using any of the public constructors/setters or logical combination thereof defined below. 

public User(String userId)

public User(String userId, Set<Role> roles, String firstName, String lastName, String email, boolean active*)

public User(String userId, List<Role> roles, String firstName, String lastName, String email, boolean active*)

public void setRoles(Set<Role> roles)

public void setRoles(List<Role> roles)

* Note: If you wish to implement active user enabling/disabling, you must do so in your Authenticator throwing com.carfey.suite.security.Authenticator.AuthenticationFailedException when inactive users attempt to login.

Roles

There are convenience constants that you should use in defining your role memberships. They can be found at com.carfey.ops.Constant. The constants are ADMIN_ROLE, WRITE_ROLE, LIMITED_READ_ROLE and API_ROLE. Default rights are assumed for any authenticated user. Therefore, if someone authenticates that should not have access, throw a com.carfey.suite.security.Authenticator.AuthenticationFailedException.

When assigning the user's com.carfey.suite.security.Roles, use the constructor public Role(String roleId, String roleName) using the appropriate constant for both the roleId and roleName.

Putting it All Together

Finance attempts to log in to Obsidian, gives valid credentials but should not be accessing Obsidian. 

import static com.carfey.ops.Constant.*;

import com.carfey.suite.security.Authenticator.AuthenticationFailedException;
import com.carfey.suite.security.Role;
import com.carfey.suite.security.User;


public User authenticate(String username, String pass) throws AuthenticationFailedException {
    //usernameis "financeGuy"
    //pass is "mystrongpass"
    //credentials are valid, but user does not have any rights to Obsidian

    throw new AuthenticationFailedException(String.format("User [%s] is not authorized to use Obsidian Scheduler.", username));
}

Fred logs in using his username fredScheduler and his password badpass. You determine that his password is invalid. 

import static com.carfey.ops.Constant.*;

import com.carfey.suite.security.Authenticator.AuthenticationFailedException;
import com.carfey.suite.security.Role;
import com.carfey.suite.security.User;


public User authenticate(String username, String pass) throws AuthenticationFailedException {
    //usernameis "fredScheduler"
    //pass is "badpass"
    //credentials are invalid

    throw new AuthenticationFailedException(String.format("User [%s] could not be authenticated.", username));
}

Fred logs in using his username fredScheduler and his password mystrongpassword. You determine that his password is valid and matches with the user and he has WRITE_ROLE rights. 


public User authenticate(String username, String pass) throws AuthenticationFailedException {
    //usernameis "fredScheduler"
    //pass is "mystrongpassword"
    //credentials are valid, he has WRITE_ROLE

    User user = new User(username);
    user.setRoles(Arrays.asList(new Role(WRITE_ROLE, WRITE_ROLE)));
    return user;
}

Tina logs in using her username tinaOperator and her password mystrongpassword. You determine that her password is valid and matches with the user and she has Default rights. 


public User authenticate(String username, String pass) throws AuthenticationFailedException {
    //usernameis "tinaOperator"
    //pass is "mystrongpassword"
    //credentials are valid, Tina has default access

    return new User(username);
}

The intern logs in using his username newGuy and his password mystrongpassword. You determine that his password is valid and matches with the user and he has LIMITED_READ_ROLE rights. 


public User authenticate(String username, String pass) throws AuthenticationFailedException {
    //usernameis "newGuy"
    //pass is "mystrongpassword"
    //credentials are valid, the intern has LIMITED_READ_ROLE access

    User user = new User(username);
    user.setRoles(Arrays.asList(new Role(LIMITED_READ_ROLE, LIMITED_READ_ROLE)));
    return user;
}
Retrieved from "https://wiki.obsidianscheduler.com/doc/index.php?title=Authenticator&oldid=981"