Authenticating using custom authentication API

Top  Previous  Next

The custom authentication API provides you with a way to authenticate users using your own business rules. The custom authentication API is recommended when the other authentication modules (Database, LDAP, Domain) do not meet your needs.  To implement your own authentication provider you must perform the following:

 

1.  Create a class which implements the com.jscape.inet.mft.subsystems.authentication.AuthenticationService class.

 

2.  Overload the public void authenticate(Credentials creds) method, throwing a com.jscape.inet.mft.subsystems.authentication.AuthenticationException exception if authentication fails.

 

3.  Create a JAR file that contains the compiled version of your com.jscape.inet.mft.subsystems.authentication.AuthenticationService implementation.  To compile your authentication class you will need to include the ftpserver.jar library in your classpath.  The ftpserver.jar library may be found in the libs directory for JSCAPE MFT Server.

 

4.  Place the JAR file created in step 3 as well as any needed 3rd party JAR files into the libs/ext directory of your JSCAPE MFT Server installation.

 

5.  Shutdown any open instances of JSCAPE MFT Server Manager and restart the JSCAPE Secure FTP Server Service.

 

6.  Open JSCAPE MFT Server Manager and select the "Authentication" node.

 

7.  Change "Service type" to "Custom User Authentication".  Type in the class name created in step 1 into the "Authentication class" field.

 

Figure 86

 

clip0086

 

Authentication class - The custom authentication class name.

 

Create account if not found - This allows for accounts to be created automatically upon successful authentication.  If selected, an account will be created automatically (if it does not exist already) and user will be granted access to the "Default login directory" upon login.  For example, if enabled and value is set to C:\users\%username%, then when user jsmith authenticates successfully an account for jsmith will be created automatically and user jsmith will be granted full access to the C:\users\jsmith directory.  If the "Default login directory" does not exist it will be automatically created upon successful authentication.  If you do not wish for accounts to be created automatically then do not enable this option.

 

 

Example

 

package test.jscape;

 

import com.jscape.inet.mft.subsystems.authentication.AuthenticationException;

import com.jscape.inet.mft.subsystems.authentication.Credentials;

import com.jscape.inet.mft.subsystems.authentication.AuthenticationService;

 

/**

* Example class to implement IP/user based authentication

*/

public class UserIPAuthentication implements AuthenticationService {

 

 private static final String username = "jsmith";

 private static final String password = "secret";

 private static final String ip = "127.0.0.1";

 

 /**

  * Authenticate user credentials

  */

 public void authenticate(Credentials creds) throws AuthenticationException {

         if(creds.getLogin().equals(username) && creds.getPassword().equals(password)

                         && creds.getClientIp().equals(ip)) {

                 // ignore

         } else {

                 throw new AuthenticationException("Authentication failed: " + creds.getLogin() +

                                 ":" + creds.getClientIp() + ":" + creds.getPassword());

         }                

 }

}

 

The example above authenticates successfully if the username is "jsmith", the password is "secret" and the client IP address is "127.0.0.1".

 

See also

 

Setting authentication preferences