Sunday, August 23, 2015

Writing Authority Connector for Apache ManifoldCF

Writing Authority Connector for Apache ManifoldCF


My interest in Apache ManifoldCF has been growing, this time I decided to spend some time on writing about the an Authority connector for ManifoldCF,  writing an authority connector is pretty much the same as repository connector, but it aim of a such connector is to retrieve some token values for the user against the repository.  One thing to keep remember about some default assumptions made by the ManifoldCF framework, that is, if you don’t specify any authority connector for your repository connector Manifold assumes by default it is Active Directory in charge, hence for these cases access token Active Directory SID. A more complete description is available here.

Security Model





How does ManifoldCF uses the authority connector? Framework will invoke all the authority connectors that are configured in ManifoldCF, and retrieve the tokens against each of those repositories. When you invoke the authority service which is available at http://<host>:8345/mcf-authority-service/UserACLs location it will scrap all the tokens against these repos.  Let say you have following authority connectors configured,  JIRAAuthorityConnector, ActiveDirectoryAuthorityConnector, LDAPAuthorityConnector and if you pass a username to retrieve the relevant tokens, authority connectors which understand this username will return the access tokens for that username. Finally all these tokens amalgamated and return as json. More over there is something called authority groups, when you create an authority connector you have to create it under a authority group, and a authority connector will belong to only one authority group. This allows some separation, means that token are valid only within the group.  For the complete understanding of how the ManifoldCF works, it is described in following location which is pretty good explanatory.



Ok, how can you get the access tokens for the user/username. it can be invoked from following http://localhost:8345/mcf-authority-service/UserACLs?username= leagueofshadows, and it will return tokens either in form of access tokens or deny tokens, if both present deny token will win over any access tokens
Sample,

AUTHORIZED:amazons3
TOKEN:myauthoritygroup:kuhajeyan

Overview of writing a authority connector.

So typically you would start extending from base connector org.apache.manifoldcf.authorities.authorities.BaseAuthorityConnector, so as it was about implementing/overriding some methods with repository connector there are few methods which you may have implement, flowingly

Method
What it should do
getAuthorizationResponse()
Obtain the authorization response, given a user name
outputConfigurationHeader()
Output the head-section part of an authority connection ConfigParams editing page
outputConfigurationBody()
Output the body-section part of an authority connection ConfigParams editing page
processConfigurationPost()
Receive and process form data from an authority connection ConfigParams editing page
viewConfiguration()
Output the viewing HTML for an authority connection ConfigParams object

And,
Connect – Some connection key values are initialized here.
Check – This will periodically check the, connection status. Some meaningful readable string is returned to inform the user/admin about the connection status at an instance.
isConnected – will return a boolean telling if the connection is alive or otherwise.
viewConfiguration – will be called when body of configuration page is displayed
outputConfigurationHeader – will be called in the header section of configuration page
outputConfigurationBody – will be called in body section of configuration page, but difference is that, this will be called when configuration is saved and posted
processConfigurationPost – will be called to process when configuration is posted
getAuthorizationResponse – Get the access token for a username against the repository
getDefaultAuthorizationResponse – Gets the default access token for the repository

Mainly we need to look into the implementation of getAuthorizationResponse here, returning the access token and how you want the tokens to be formatted (but it should be finally a string array) is solely dependent on your preference. A typical very simplem implementation would look like this
@Override
                public AuthorizationResponse getAuthorizationResponse(String userName)
                                                throws ManifoldCFException {
                                if (checkUserExists(userName))
                                                return new AuthorizationResponse(new String[] { userName },
                                                                                AuthorizationResponse.RESPONSE_OK);
                                return RESPONSE_USERNOTFOUND;
                }

A fully implemented version of code is available at this location
Posted by at
Labels:

1 comment:

  1. GeorgeSeptember 30, 2021 at 11:15 PM

    Automated Forex Trading : exness login Is An Automated Forex Investing Software. It Is An Algorithmic Trading Software That Provides Automated Forex Trading Signals.

    ReplyDelete

Subscribe to: Post Comments (Atom)