This Confluence has been LDAP enabled, if you are an ASF Committer, please use your LDAP Credentials to login. Any problems file an INFRA jira ticket please.

Child pages
  • Authentication Refactoring
Skip to end of metadata
Go to start of metadata

Authentication Refactoring

For my work on SAML 2.0 Plugin the best approach was to refactor the authentication (login and logout) mechanism in ApiServlet class. This work aims to refactor such mechanisms which are accessible against an interface.

Author: Rohit Yadav

Work

  • Both login and logout APIs are implemented as a class that extend BaseCmd and they implement the following interface
  • public interface APIAuthenticator {

        public String authenticate(String command, Map<String, Object[]> params,

                                   HttpSession session, String remoteAddress, String responseType,

                                   StringBuilder auditTrailSb, final HttpServletResponse resp) throws ServerApiException;

        public APIAuthenticationType getAPIType();

    }

  • The authenticate method is used for both login and logout mechanism, the getAPIType() returns an enum using which one can determine what kind of API class is that:
    public enum APIAuthenticationType {

        LOGIN_API, LOGOUT_API

    }

  • A pluggable service is created to serve the purpose of implementation of a AuthenticationManager and to expose these auth APIs to the consumer such as the apidoc, apidiscovery etc. 

    public interface APIAuthenticationManager extends PluggableService {

        public APIAuthenticator getAPIAuthenticator(String name);

    }

  • The present/default login and logout apis are implemented (in DefaultLoginAPIAuthenticatorCmd and DefaultLogoutAPIAuthenticatorCmd) just like any API Cmd class but the execute() will skip any work, instead the logic is implemented in authenticate() as enforced the the APIAuthenticator interface.

  • APIAuthenticationManagerImpl implements a APIAuthenticationManager which exposes getCommands() to return list of cmd classes it knows about and a method getAPIAuthenticator(String command) which takes in a String command and returns a class that implements the command API.

  • Suitably LoginResponse and LogoutResponse are implemented, also used by the apidoc/discovery consumers
  • Hard coded api docs from Xml Doc Writers were removed
  • No labels