Building a Java plugin for external authentication
The first step in integrating a Java authentication plugin is building the plugin. The plugin must be built using Java 7 or 8.
The external authentication service must be multi-thread safe. In other words, Hybrid Data Pipeline must be able to safely have multiple threads call authenticate() on the same Java plugin object at the same time. The Hybrid Data Pipeline service must also be able to create multiple instances of the plugin.
Take the following steps to build a Java plugin to use with an external authentication service.
1. Create a Java class that implements the Java authentication plugin interface, according to substeps a, b, and c.
The Java authentication plugin interface is defined in the <install_dir>/ddcloud/dev/lib/authjavaplugin.jar, where <install_dir> is the installation directory of a Hybrid Data Pipeline server.
a. After creating an instance of the Java plugin, Hybrid Data Pipeline will call the init() method in the object to initialize the object with configuration information.
attributes: a JSON object that can provide useful values for initialization, such as an authentication server name. Multiple authentication services can use the same plugin as long as the appropriate attributes are provided via the JSON object. Hybrid Data Pipeline passes a HashMap representation of the JSON object for any authentication service configured to use the plugin and registered via the Authentication API.
logger: an object that can be used to log information, such as failed authentication or errors that occurred when authenticating a user. The log entries are collected in a separate file named extauth<date>.log located in the .../ddcloud/das/server/logs/das subdirectory.
b. The following method is called by the Hybrid Data Pipeline service to release or close resources in the event Hybrid Data Pipeline shuts down or the authentication service is updated.
void destroy()
c. The Hybrid Data Pipeline service calls the following method to authenticate the Hybrid Data Pipeline end user.
username: the username persisted by an authentication service. Referred to as the authUserName in the Users API.
password: the password provided by the end user.
ipAddress: the IP Address of the end user machine.
If the user cannot be authenticated, an error is returned. When the plugin returns false, Hybrid Data Pipeline will return an invalid username and password error. If the plugin throws an exception, Hybrid Data Pipeline will return an error indicating the service is unavailable.
2. Compile the Java class implemented in Step 1 with any other Java classes needed to implement the authentication methods.