Basic Password Authentication Example
The AgreementPartner
class you implement can exercise
any kind of access control you choose. It can perform straightforward
password protection, require payment or provide an interface to an
external micro-payment system.
This example shows a very simple implementation of
AgreementPartner
that provides basic password
authentication.
package com.mycompany.escenic.agreements; import neo.xredsys.content.agreement.*; public class PasswordAgreement implements AgreementPartner { AgreementConfig config; String realm = "Undefined"; java.util.Map users = new java.util.HashMap(); public PasswordAgreement() { config = new AgreementConfig(); config.setAuthentication(true); } public AgreementConfig getAgreementConfig() { return config; } public void setRealmName(String newRealm) { realm = newRealm; } public String getRealmName() { return realm; } public void addUser(String user, String password) { users.put(user, password); } public java.util.Set getUsers() { return users.keySet(); } public void service(AgreementRequest request, AgreementResponse response) { String username = request.getUserName(); if (username == null || username.equals("")) { response.setBasicAuthenticationRealm(realm); return; } String password = (String) users.get(username); if (password == null || request.getCredentials() == null) { response.setBasicAuthenticationRealm(realm); return; } if (!password.equals(request.getCredentials())) { response.setBasicAuthenticationRealm(realm); } } }
And here is the content of a .properties
file that
can be used to configure a PasswordAgreement
component:
$class=com.mycompany.escenic.agreements.PasswordAgreement realmName=TestRealm user.johndoe=johnspassword user.someone=secret
The first line specifies the class that is to be instantiated, and the
following lines contain th values of properties that are to be set.
After instantiating the class, the
Content Engine
automatically searches the rest of the file for properties that it can
set using the class's methods. In this case it sets
realmName
by calling
PasswordAgreement
's setRealmName()
method, and fills the users
HashMap by calling
addUser()
for every element of the mapped property
user
.
For detailed information about the .properties
file
format, see
Configuration
File Format.
In addition to these methods that allow instances to be automatically configured by the Content Engine, the class contains two other important components:
-
The
getAgreementConfig()
method, which returns anAgreementConfig
instance to the caller. This method is required by theAgreementPartner
interface. TheAgreementConfig
instance is used by the Content Engine to determine what items of information theAgreementPartner
requires in order to perform authorization. In this example, theAgreementConfig
'sauthentication
property is set totrue
.public PasswordAgreement() { config = new AgreementConfig(); config.setAuthentication(true); }
authentication
is defined here as meaning basic password authentication, so this setting indicates that thePasswordAgreement
requires a realm name, user name and password in order to carry out authentication.AgreementConfig
has other methods that you can use to add details of other information required for authorization. If, for example, successful authorization depends on the presence of one or more cookies on the user's computer, you must add this information using theAddCookieName()
method - otherwise theservice()
method won't have access to the cookies. -
The
service()
method, which is also required by theAgreementPartner
interface. This is the method that carries out the actual authorization:public void service(AgreementRequest request, AgreementResponse response) { String username = request.getUserName(); if (username == null || username.equals("")) { response.setBasicAuthenticationRealm(realm); return; } String password = (String) users.get(username); if (password == null || request.getCredentials() == null) { response.setBasicAuthenticationRealm(realm); return; } if (!password.equals(request.getCredentials())) { response.setBasicAuthenticationRealm(realm); }
The user's authorization data is passed in as an
AgreementRequest
object and compared with the user names and passwords in theusers
property. If no match is found, then the authentication request is rejected by setting therealm
property of theAgreementResponse
object that was supplied in theresponse
parameter. If this property is not set, then authentication succeeds and the user will be granted access to the protected content. If it is set, then authentication fails and the application will carry out an appropriate action such as displaying a login page.