Introduction
This interceptor is used to authenticate the current user before processing an operation. If the user is unknown, then an exception is thown.
Structure
The Class diagram for this interceptor is shown in this diagram.
The interface (Interceptor) describes all the method to be implemented. The abstract class BaseInterceptor only declare 2 new methods.
The AuthenticationService class implements all the needed methods, not all the interface's methods.
Operations
We won't have to implement every operations in the interceptor.
Here is the list of operations defined in the interface, and the list of operations we implement in AuthorizationService (the lacking methods are already implemented in the intermediate abstract class) :
Interface |
SchemaService |
---|---|
add |
|
addContextPartition |
|
bind |
|
compare |
|
delete |
|
destroy |
|
getMatchedName |
|
getRootDSE |
|
getSuffix |
|
hasEntry |
|
init |
|
Interface |
SchemaService |
---|---|
isSuffix |
|
list |
|
listSuffixes |
|
lookup |
|
modify |
|
modifyRn |
|
move |
|
removeContextPartition |
|
search |
|
unbind |
|
Add operation
We will just check that the user exists
Bind operation
When a user binds on the server, we will try to authenticate him, and if he is known, then we will create a structure (LdapPrincipal) and store it into the user's context. This structure will be used for each operation this user will ask the server to process, unless the context has been removed (unbind or connection timeout)
The authentication process can be complex. Here is the way it workd :
if the user is already binded
then return
if the authenticator list is empty
then
delegate the authentication to the nexus
if this authentication is successfull
then store the principal into the user's context and return
else
for each authenticator do
if the authenticator validates the user
then store the principal into the user's context and return
done
throw an exception, the user can't be authenticated.