Authentication Refactoring

For my work on SAML 2.0 Plugin the best approach was to refactor the authentication (login and logout) mechanism in ApiServlet class. This work aims to refactor such mechanisms which are accessible against an interface.

Author: Rohit Yadav


  • Both login and logout APIs are implemented as a class that extend BaseCmd and they implement the following interface
  • public interface APIAuthenticator {

        public String authenticate(String command, Map<String, Object[]> params,

                                   HttpSession session, String remoteAddress, String responseType,

                                   StringBuilder auditTrailSb, final HttpServletResponse resp) throws ServerApiException;

        public APIAuthenticationType getAPIType();


  • The authenticate method is used for both login and logout mechanism, the getAPIType() returns an enum using which one can determine what kind of API class is that:
    public enum APIAuthenticationType {



  • A pluggable service is created to serve the purpose of implementation of a AuthenticationManager and to expose these auth APIs to the consumer such as the apidoc, apidiscovery etc. 

    public interface APIAuthenticationManager extends PluggableService {

        public APIAuthenticator getAPIAuthenticator(String name);


  • The present/default login and logout apis are implemented (in DefaultLoginAPIAuthenticatorCmd and DefaultLogoutAPIAuthenticatorCmd) just like any API Cmd class but the execute() will skip any work, instead the logic is implemented in authenticate() as enforced the the APIAuthenticator interface.

  • APIAuthenticationManagerImpl implements a APIAuthenticationManager which exposes getCommands() to return list of cmd classes it knows about and a method getAPIAuthenticator(String command) which takes in a String command and returns a class that implements the command API.

  • Suitably LoginResponse and LogoutResponse are implemented, also used by the apidoc/discovery consumers
  • Hard coded api docs from Xml Doc Writers were removed
  • No labels