skip to main content
Administering Hybrid Data Pipeline : Authentication : Integrating external authentication with a Java plugin : Building a Java plugin for external authentication

Try Now
Building a Java plugin for external authentication
The first step in integrating a Java authentication plugin is building the plugin. The plugin must be built using Java 7 or 8.
The external authentication service must be multi-thread safe. In other words, Hybrid Data Pipeline must be able to safely have multiple threads call authenticate() on the same Java plugin object at the same time. The Hybrid Data Pipeline service must also be able to create multiple instances of the plugin.
Take the following steps to build a Java plugin to use with an external authentication service.
1. Create a Java class that implements the Java authentication plugin interface, according to substeps a, b, and c.
The Java authentication plugin interface is:
The Java authentication plugin interface is defined in the <install_dir>/ddcloud/dev/lib/authjavaplugin.jar, where <install_dir> is the installation directory of a Hybrid Data Pipeline server.
See Java authentication plugin interface syntax for the syntax of the interface definition.
See Java authentication plugin sample for an example plugin.
a. After creating an instance of the Java plugin, Hybrid Data Pipeline will call the init() method in the object to initialize the object with configuration information.
void init(HashMap(String, Object) attributes, Logger logger)
attributes: a JSON object that can provide useful values for initialization, such as an authentication server name. Multiple authentication services can use the same plugin as long as the appropriate attributes are provided via the JSON object. Hybrid Data Pipeline passes a HashMap representation of the JSON object for any authentication service configured to use the plugin and registered via the Authentication API.
logger: an object that can be used to log information, such as failed authentication or errors that occurred when authenticating a user. The log entries are collected in a separate file named extauth<date>.log located in the .../ddcloud/das/server/logs/das subdirectory.
b. The following method is called by the Hybrid Data Pipeline service to release or close resources in the event Hybrid Data Pipeline shuts down or the authentication service is updated.
void destroy()
c. The Hybrid Data Pipeline service calls the following method to authenticate the Hybrid Data Pipeline end user.
boolean authenticate(String username, String password, String ipAddress)
username: the username persisted by an authentication service. Referred to as the authUserName in the Users API.
password: the password provided by the end user.
ipAddress: the IP Address of the end user machine.
If the user cannot be authenticated, an error is returned. When the plugin returns false, Hybrid Data Pipeline will return an invalid username and password error. If the plugin throws an exception, Hybrid Data Pipeline will return an error indicating the service is unavailable.
2. Compile the Java class implemented in Step 1 with any other Java classes needed to implement the authentication methods.
The following command compiles the Java class.
javac -cp <install_dir>/ddcloud/dev/lib/authjavaplugin.jar ...
3. Package all the class files into a jar file.
The following command packages input files into the file custom_auth_plugin.jar.
jar cf custom_auth_plugin.jar <inputs>
What to do next:
The Java authentication plugin, in the form of the jar file, must be added to the Hybrid Data Pipeline environment.
* Java authentication plugin interface syntax
* Java authentication plugin sample