The example logon authenticator

The example logon authenticator shows how to implement the three methods: activateMaster(), activateSlave(), and slaveResponse().

It has a base class, examples.attributes.LogonAuthenticator, and three subclasses, one for the NTAuthenticator, one for the UnixAuthenticator, and one for the UseridAuthenticator. The base class provides common functionality and the subclasses provide functionality that is specific to the type of authenticator, that is NT, Unix, or Userid.

The activateMaster() method in the LogonAuthenticator class creates an empty MQeFields object and passes it into a method called prompt(). This is overridden in each of the subclasses, and in each case it displays a Java™ dialog box, collects data from it, masks the data with a simple exclusive OR operation, and adds the data to the MQeFields object. The exclusive OR is used in the example authenticators but in practice it does not provide much protection. The MQeFields object is dumped to provide a byte array which is returned by activateMaster(). The activateMaster() method is invoked on the queue manager that initiates access to the queue, so the dialog box is displayed by this queue manager.
public byte[] activateMaster(boolean local) throws Exception {
  MQeFields fields = new MQeFields();     
/* for request fields        */
  this.prompt(fields);                    
/* put up the dialog prompt  */
  return (fields.dump());                 
/* return ID                 */
}
The activateSlave() method receives the data returned by activateMaster(), restores it into an MQeFields object and passes the object into the validate() method. This is overridden in each of the subclasses, and in each case it validates the data in a way appropriate to the authenticator. For example, in the NTAuthenticator subclass, the validate() method unmasks the data and passes it to the logonUser() method. This method uses Java Native Interface (JNI) to access the Windows® security mechanism and check whether the user name and password are valid. If they are valid, the validate() method returns the user name, otherwise it throws an exception.
public byte[] activateSlave(boolean local,
                            byte    data[]) throws Exception {
  MQeFields fields = new MQeFields(data); /* work object              */
  try {
    authID = this.validate(fields);       
  /* get the auth ID value    */
    setAuthenticatedID(authID);           
  /* is it allowed ?          */
    super.activateSlave(local, data);     
  /* call ancestor            */
    trace("_:Logon " + authID);           
  /* trace                    */
    MQeFields result = new MQeFields();   
  /* reply object             */
    result.putAscii(Authentic_ID, authID);/* send id                  */
    return (result.dump());               
  /* send back as response    */
  }
  catch (Exception e) {                   
  /* error occured            */
    authID = null;                        
  /* make sure authID is null */
    setAuthenticatedID(null);             
  /* invalidate               */
    throw e;                              
  /* re-throw the exception   */
  }
}
If the user name is valid, the activateSlave() method calls setAuthenticatedID() to register the user name and the calls super.activateSlave() which puts out a log message. It issues a trace message, adds the user name to an MQeFields object, dumps this to a byte array and returns it. If the user name is not valid, validate() throws an exception. The activateSlave() method catches the exception, ensures the authenticated id is null and re-throws the exception.
The slaveResponse method() receives the byte array returned by activateSlave() and restores it into an MQeFields object. The user name that was validated by activateSlave() is extracted from this and passed to setAuthenticatedID().
public void slaveResponse(boolean local, byte data[]) 

throws Exception {   super.slaveResponse(local, data);       /* call ancestor*/   
MQeFields fields = new MQeFields(data);                      /* work object*/   
setAuthenticatedID(fields.getAscii(Authentic_ID));           /* id to check   */ 
}
These authenticators behave the same for both local and remote accesses, so they ignore the local parameter to these methods.

Terms of use | WebSphere software

(c) Copyright IBM Corporation 2004, 2005. All rights reserved.