To add custom verifications, the curam.util.security.CustomAuthenticator interface must be implemented. This interface contains one method - authenticateUser() . The authenticateUser() method is invoked for both default authentication and identity only authentication. The results of this method are expected to be an entry from the curam.util.codetable.SECURITYSTATUS codetable. In the case of successful authentication, the result must be curam.util.codetable.SECURITYSTATUS.LOGIN
For authentication failures anything, including null, can be returned. It is recommended though that another code from the curam.util.codetable.SECURITYSTATUS codetable be used. This codetable can be extended to include custom codes as detailed in the chapter on Code Tables in the Cúram Server Developer's Guide.
After the custom verifications are invoked, the authentication process will update the relevant fields on the Users database table. For example, if the result of the customized verifications is not SECURITYSTATUS.LOGIN the number of login failures is increased by 1, and if the break-in threshold is reached, the account will be disabled. Alternatively, if the result is SECURITYSTATUS.LOGIN , the login failures are reset to 0 and the last successful login field is updated.