Authenticating using custom authentication API

The custom authentication API provides you with a way to authenticate users using your own business rules. The custom authentication API is recommended when the other built-in authentication modules (Database, LDAP, Domain) do not meet your needs.  To implement your own authentication provider you must perform the following:

 

  1. Create a class which implements the com.jscape.inet.mft.subsystems.authentication.AuthenticationService class.

     

  2. Overload the public void authenticate(Credentials creds) method, throwing a com.jscape.inet.mft.subsystems.authentication.AuthenticationException exception if authentication fails.

     

  3. Create a JAR file that contains the compiled version of your com.jscape.inet.mft.subsystems.authentication.AuthenticationService implementation. To compile your authentication class you will need to include the ftpserver.jar library in your classpath.  The ftpserver.jar library may be found in the libs directory for MFT Server.

     

  4. Place the JAR file created in Step 3 as well as any needed 3rd party JAR files into the libs/ext directory of your MFT Server installation.

     

  5. Restart the MFT Server Service.

     

  6. Open MFT Server Manager and select the ACCOUNTS > Authentication > Authentication tab.

     

  7. Change Service type to custom authentication.  Type in the class name created in Step 1 into the Authentication class field.

 

clip0086

 

Authentication class - The custom authentication class name.

 

Create user if not found using template - This allows for accounts to be created automatically upon successful authentication.  If selected, an account will be created automatically (if it does not exist already) using the specified User Template.

 

Convert username before creation to - If enabled, the username supplied will be converted to specified case before passing username to specified User Template.

 

Example

 

package test.jscape;

 

import com.jscape.inet.mft.subsystems.authentication.AuthenticationException;

import com.jscape.inet.mft.subsystems.authentication.Credentials;

import com.jscape.inet.mft.subsystems.authentication.AuthenticationService;

 

/**

*Example class to implement IP/user based authentication

*/

 

public class UserIPAuthentication implements AuthenticationService {

 

 private static final String username = "jsmith";

 private static final String password = "secret";

 private static final String ip = "127.0.0.1";

 

 /**

 *Authenticate user credentials

 */

 public void authenticate(Credentials creds) throws AuthenticationException {

         if(creds.getLogin().equals(username) && creds.getPassword().equals(password)

                         && creds.getClientIp().equals(ip)) {

                 // ignore

         } else {

                 throw new AuthenticationException("Authentication failed: " + creds.getLogin() +

                                 ":" + creds.getClientIp() + ":" + creds.getPassword());

         }                

 }

}

 

The example above authenticates successfully if the username is "jsmith", the password is "secret" and the client IP address is "127.0.0.1".

 

See also

 

Setting authentication preferences