ConfD User Community

Authentication Callback using java


#1

Hi,
I am referring to confd user guide 6.6. I need to register authentication callback in java. But, I don’t see any java example in the document. I see .c example. Any pointer is appreciated.

Thanks,
Sumeet


#2

See ConfD javadoc com.tailf.dp Interface DpAuthCallback

Quick example:

import com.tailf.dp.DpAuthContext;
import com.tailf.dp.DpCallbackException;
import com.tailf.dp.DpCallbackExtendedException;
import com.tailf.dp.annotations.AuthCallback;
import com.tailf.dp.proto.AuthCBType;

public class SimpleAuthCb {
    @AuthCallback(callType = AuthCBType.AUTH)
    public boolean auth(DpAuthContext atx) throws DpCallbackException {
        System.out.println("Result = " + atx.isSuccess() +
                           ", method=" + atx.getMethod() +
                           ", userinfo= " + atx.getUserInfo());
        if (atx.getUserInfo().getUserName().equals("oper")) {
            atx.setError("BAD user %s", atx.getUserInfo().getUserName());
            return false;
        } else if (atx.getUserInfo().getUserName().equals("xyz")) {
            throw new DpCallbackExtendedException(
                       DpCallbackExtendedException.ERRCODE_ACCESS_DENIED,
                new smp(),
                "server",
                "DANGEROUS user %s",
                atx.getUserInfo().getUserName());
        }

        return true;

    }
}

#3

Thanks for this code example. But, how can I get what is the input provided? For example: what is the username and password entered before hitting this auth callback.

Regards,
Sumeet


#4

You do get the username from the callback. Getting and storing the password in cleartext would not be recommended for obvious reasons.

You asked for the auth callback. But it turns out that’s not what you want. If you don’t know how to do what you want to do, I suggest you instead describe what you want to do, and perhaps someone at this forum can help.


#5

I need to authenticate user, but not by using external program. My user is not in aaa. But, it is in CDB. I wanted to use auth callback and overriding with my logic where it checks for user exists in CDB, then match the password and return true or false based on this test. Thanks in advance.


#6

You can’t do the actual authentication with the authentication callback - as the documentation says: “…invoked whenever AAA has completed processing of an authentication attempt. In the case where the authentication was otherwise successful, the callback can still cause it to be rejected.”

If you want to implement the actual authentication, you need to use “external” authentication. Of course the executable for that can do whatever you want, including reading data from CDB and basing its decision on that.