See: Description
| Interface | Description |
|---|---|
| Authenticator |
An interface to be implemented by an ICAT authenticator plugin.
|
| Class | Description |
|---|---|
| AddressChecker |
Utility to check IP4 and IP6 addresses for acceptability.
|
| Authentication |
An authentication object holding both the raw user name and the mechanism
To support multiple authentication mechanism at a site, an authentication object holds both the
name of the mechanism and the user name authenticated by that mechanism.
|
Provides the classes necessary to create an ICAT authentication plugin.
All plugins must conform to the Authenticator interface. An authenticator must implement one
method, authenticate, which returns an Authentication.
To support multiple authentication mechanism at a site, an authentication object holds both the name of the mechanism and the user name authenticated by that mechanism. The mechanism may be null if there is only one plugin deployed of if the deployer is sure that user names found by different mechanisms will never be the same.
It is recommended that the implementation allows the mechanism part of the authentication object to be configured by a properties file. If the deployer chooses to publish the mechanism, then it is recommended that it is the same string as that used for the mnemonic configured in the icat.properties file for that plugin and that it is short such as "db" or "ldap".
In the case where a plugin performs some mapping from an external system to a local identity, such as might occur with Umbrella then the mnemonic for the plugin should be something meaningful to the user - e.g. "umbrella" but the mechanism returned inside the authentication object, if configured, should relate to the local system.
Copyright © 2013 The ICAT Collaboration. All Rights Reserved.