This specifies an interface for performing authentication, access control and security auditing at the session level. User can write an implementation of this interface and configure a server level authentication service by setting the server property 'com.sybase.jaguar.server.authservice' to the component name that implements this interface.
The authentication service can additionally implement the CtsServices::ControlService to provide ability to refresh the component during a server refresh. Component refresh provides ability to perhaps re-read a configuration file used by the authentication component, or refresh an internal cache used by the component WITHOUT the need to restart the server. The ControlService has 1 method 'control'. This method must be implemented by the user defined authentication service in addition to the checkSession method defined below.
During a server refresh, EAServer will attempt to invoke the control method on the authentication service with the argument 'refresh'. A return value of 1 from the method is considered a success. Any other return value is treated as an error condition and the authentication service will be disabled. If the component does not implement the CtsServices::ControlService interface, then no error/warning is logged by the server.
Note that, this is not a replacement to EAServer's role based access control mechanism. Role based access control is applied at the EAServer package/component (and/or method) level. Also, if SSL or OS based authentication is configured in the server, EAServer will authenticate users based on the configured method(s) before invoking this authentication service.
Check the session information to optionally authenticate the user, and/or to allow/disallow access to the EAServer server. User implementations could check the current authentication status and perform additional authentication if any required. It can also check any information that is deemed important to decide whether to allow access to server to continue. This includes checking host, username, password and ssl parameters. Client session's SSL parameters can be obtained (currently) by instantiating CtsSecurity/UserCredentials component. In future releases, an additional interface SSLSessionInfo will be supported on the server side to retrieve the relevant client SSL session information. Implementation of this method would use the supplied sessionInfo object and retrieve the required information from it using CtsSecurity::SessionInfo interface. This method could also write relevant session information to a file for auditing purposes.
long checkSession
(
in CtsSecurity::SessionInfo sessInfo
);
This method will be called by the EAServer server,
Return values of this method are,
| Return Value | Meaning |
|---|---|
| AUTH_SUCCEED | EAServer internal dispatcher will proceed with the processing of the client requests on this session. |
| AUTH_FAIL | EAServer rejects the client session. |
Please refer to EAServer sample directory for a sample implementation of this interface.