Presentation is loading. Please wait.

Presentation is loading. Please wait.

The ICAT pluggable authentication system Tom Griffin, STFC ISIS Facility NOBUGS 2012 ICAT Workshop

Published byDarcy Allison Modified over 9 years ago

Similar presentations

Presentation on theme: "The ICAT pluggable authentication system Tom Griffin, STFC ISIS Facility NOBUGS 2012 ICAT Workshop"— Presentation transcript:

1 The ICAT pluggable authentication system Tom Griffin, STFC ISIS Facility NOBUGS 2012 ICAT Workshop tom.griffin@stfc.ac.uk

2 History ICAT 3 – compile time changeable user single plug-in ICAT 4.0/4.1 – deploy time changeable single plug-in ICAT 4.2 – new ‘Authenticator’ interface. New login method signature. Multiple plugins. ‘Live’ configurable. IP address parameter

3 3.3 ‘Login’ method String sessionId = port.login(“tom", “mypassword");

4 4.2 ‘Login’ method String sessionId = port.login(“tom", “mypassword"); Login.Credentials.Entry usernameEntry = new Login.Credentials.Entry(); usernameEntry.setKey("username"); usernameEntry.setValue("tom"); Login.Credentials.Entry passwordEntry = new Login.Credentials.Entry(); passwordEntry.setKey("password"); passwordEntry.setValue(“mypassword"); Login.Credentials creds = new Login.Credentials(); creds.getEntry().add(usernameEntry); creds.getEntry().add(passwordEntry); String sessionId = port.login("db", creds);

5 4.2 ‘Login’ method Login.Credentials.Entry certEntry = new Login.Credentials.Entry(); usernameEntry.setKey(“certificate"); usernameEntry.setValue(“24854854642516545487865465487465487…"); Login.Credentials creds = new Login.Credentials(); creds.getEntry().add(certEntry); String sessionId = port.login(“certificate", creds);

6 4.2 ‘Login’ method Login.Credentials.Entry certEntry = new Login.Credentials.Entry(); usernameEntry.setKey(“certificate"); usernameEntry.setValue(“24854854642516545487865465487465487…"); Login.Credentials creds = new Login.Credentials(); creds.getEntry().add(certEntry); String sessionId = port.login(“certificate", creds);

7 Authenticator Interface public interface Authenticator { Authentication authenticate(Map credentials, String remoteAddr) throws IcatException; } Also provides ‘AddressChecker’ Validates calling IP address against a pattern Can be optionally called by Authenticator implementation

8 Example – ‘db’ Simple classes, packages as JAR then EAR

9 Example – ‘db’ @PostConstruct private void init() { File f = new File("authn_db.properties"); Properties props = null; props = new Properties(); props.load(new FileInputStream(f)); String authips = props.getProperty("ip"); if (authips != null) { addressChecker = new AddressChecker(authips); } mechanism = props.getProperty("mechanism"); log.debug("Initialised DB_Authenticator"); }

10 Example – ‘db’ @Override public Authentication authenticate(Map credentials, String remoteAddr) throws IcatException { if (addressChecker != null) { if (!addressChecker.check(remoteAddr)) { throw new IcatException(IcatException.IcatExceptionType.SESSION, "authn_db does not allow log in from your IP address " + remoteAddr); } String username = credentials.get("username"); String password = credentials.get("password"); Passwd passwd = this.manager.find(Passwd.class, username); if (!passwd.getEncodedPassword().equals(password)) { throw new IcatException(IcatException.IcatExceptionType.SESSION, "The username and password do not match"); } log.info(username + " logged in succesfully"); return new Authentication(username, mechanism); }

11 Example – ‘LDAP’ Simple classes, packages as JAR then EAR

12 Example – ‘LDAP’ @PostConstruct private void init() { File f = new File("authn_ldap.properties"); Properties props = null; props = new Properties(); props.load(new FileInputStream(f)); //same IP address checker stuff as before String providerUrl = props.getProperty("provider_url"); if (providerUrl == null) { String msg = "provider_url not defined in " + f.getAbsolutePath(); log.fatal(msg); throw new IllegalStateException(msg); } String securityPrincipal = props.getProperty("security_principal"); if (securityPrincipal == null) { String msg = "security_principal not defined in " + f.getAbsolutePath(); log.fatal(msg); throw new IllegalStateException(msg); }...

13 Example – ‘LDAP’... if (securityPrincipal.indexOf('%') < 0) { String msg = "security_principal value must include a % to be substituted by the user name " + f.getAbsolutePath(); log.fatal(msg); throw new IllegalStateException(msg); } this.providerUrl = providerUrl; this.securityPrincipal = securityPrincipal; // Note that the mechanism is optional mechanism = props.getProperty("mechanism"); log.debug("Initialised LDAP_Authenticator"); }

14 Example – ‘LDAP’ @Override public Authentication authenticate(Map credentials, String remoteAddr) throws IcatException { if (addressChecker != null) { if (!addressChecker.check(remoteAddr)) { throw new IcatException(IcatException.IcatExceptionType.SESSION, "authn_db does not allow log in from your IP address " + remoteAddr); } String username = credentials.get("username"); String password = credentials.get("password"); log.info("Checking username/password with ldap server");

15 Example – ‘LDAP’ Hashtable authEnv = new Hashtable (); authEnv.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); authEnv.put(Context.PROVIDER_URL, providerUrl); authEnv.put(Context.SECURITY_AUTHENTICATION, "simple"); authEnv.put(Context.SECURITY_PRINCIPAL, securityPrincipal.replace("%", username)); authEnv.put(Context.SECURITY_CREDENTIALS, password); try { new InitialDirContext(authEnv); } catch (NamingException e) { throw new IcatException(IcatException.IcatExceptionType.SESSION, "The username and password do not match"); } log.info(username + " logged in succesfully"); return new Authentication(username, mechanism); }

16 Example – ‘UO Web service’ @Override public Authentication authenticate(Map credentials, String remoteAddr) throws IcatException { if (addressChecker != null) { if (!addressChecker.check(remoteAddr)) { throw new IcatException(IcatException.IcatExceptionType.SESSION, "authn_db does not allow log in from your IP address " + remoteAddr); } String username = credentials.get("username"); String password = credentials.get("password"); try{ String sessionId = uoPort.login(username, password); } catch (Exception e) { thrown new IcatException(IcatException.IcatExceptionType.SESSION, "The username and password do not match"); } if (sessionId == null { throw new IcatException(IcatException.IcatExceptionType.SESSION, "The username and password do not match"); } log.info(username + " logged in succesfully"); return new Authentication(username, mechanism); }

17 Configuration Each mechanism can define it’s own config file

18 Configuration - ICAT

19 Questions? www.icatproject.org code.google.com/p/icatproject http://groups.google.com/group/icat-developers/ http://groups.google.com/group/icatgroup/ icat-developers@googlegroups.com icatgroup@googlegroups.com

Download ppt "The ICAT pluggable authentication system Tom Griffin, STFC ISIS Facility NOBUGS 2012 ICAT Workshop"

Similar presentations

CAS-NG A small enhancement to CAS 3 to provide new services.

CAS-NG A small enhancement to CAS 3 to provide new services.
METALOGIC s o f t w a r e © Metalogic Software Corporation 2004-2006 DACS Developer Overview DACS – the Distributed Access Control System.

METALOGIC s o f t w a r e © Metalogic Software Corporation DACS Developer Overview DACS – the Distributed Access Control System.
Securing web applications using Java EE Dr Jim Briggs 1.

Securing web applications using Java EE Dr Jim Briggs 1.
ASP.NET Security MacDonald Ch. 18 MIS 424 MIS 424 Professor Sandvig Professor Sandvig.

ASP.NET Security MacDonald Ch. 18 MIS 424 MIS 424 Professor Sandvig Professor Sandvig.
Lecture 10: Web Services. Outline Overview of Web Services Create a Web Service with Sun J2EE (JAX-RPC)

Lecture 10: Web Services. Outline Overview of Web Services Create a Web Service with Sun J2EE (JAX-RPC)
Introduction to z/OS Basics © 2006 IBM Corporation Chapter 13: z/OS HTTP Server.

Introduction to z/OS Basics © 2006 IBM Corporation Chapter 13: z/OS HTTP Server.
Blackboard Building Blocks Authentication Overview Tuesday, June 30, 2015 Tom Joyce, Product Manager, Platform Architecture & Database.

Blackboard Building Blocks Authentication Overview Tuesday, June 30, 2015 Tom Joyce, Product Manager, Platform Architecture & Database.
Introduction to the new mainframe © Copyright IBM Corp., 2005. All rights reserved. Chapter 13: z/OS HTTP Server.

Introduction to the new mainframe © Copyright IBM Corp., All rights reserved. Chapter 13: z/OS HTTP Server.
Role based Security in.NET By By Aasia Riasat Aasia RiasatCS-795.

Role based Security in.NET By By Aasia Riasat Aasia RiasatCS-795.
Project Implementation for COSC 5050 Distributed Database Applications Lab1.

Project Implementation for COSC 5050 Distributed Database Applications Lab1.
Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department

Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department
August 25, 20151 SSO with Microsoft Active Directory Presented by: Craig Larrabee.

August 25, SSO with Microsoft Active Directory Presented by: Craig Larrabee.
Ron Bean Mt. San Antonio College Scott Claypool SARS Software Products, Inc Session Number:ND-5.

Ron Bean Mt. San Antonio College Scott Claypool SARS Software Products, Inc Session Number:ND-5.
Corso di Formazione Sodalia “Enterprise Java Beans” JNDI Java Naming and Directory Interface.

Corso di Formazione Sodalia “Enterprise Java Beans” JNDI Java Naming and Directory Interface.
W. Sliwinski – eLTC – 7March08 1 LSA & Safety – Integration of RBAC and MCS in the LHC control system.

W. Sliwinski – eLTC – 7March08 1 LSA & Safety – Integration of RBAC and MCS in the LHC control system.
SelfDiagnose “who is to blame” ernest micklei, April 2007.

SelfDiagnose “who is to blame” ernest micklei, April 2007.
WaveMaker Visual AJAX Studio 4.0 Training Authentication.

WaveMaker Visual AJAX Studio 4.0 Training Authentication.
LDS Account Integration. Disclaimer This is a training NOT a presentation. – Be prepared to learn and participate in labs Please ask questions Prerequisites:

LDS Account Integration. Disclaimer This is a training NOT a presentation. – Be prepared to learn and participate in labs Please ask questions Prerequisites:
AN OVERVIEW OF SERVLET TECHNOLOGY SERVER SETUP AND CONFIGURATION WEB APPLICATION STRUCTURE BASIC SERVLET EXAMPLE Java Servlets - Compiled By Nitin Pai.

AN OVERVIEW OF SERVLET TECHNOLOGY SERVER SETUP AND CONFIGURATION WEB APPLICATION STRUCTURE BASIC SERVLET EXAMPLE Java Servlets - Compiled By Nitin Pai.
Chapter 5 Java Servlets. Objectives Explain the nature of a servlet and its operation Use the appropriate servlet methods in a web application Code the.

Chapter 5 Java Servlets. Objectives Explain the nature of a servlet and its operation Use the appropriate servlet methods in a web application Code the.

Similar presentations

Ads by Google