Custom authentication implementation

WebNMS Framework

javageek

in WebNMS Framework • 10 years ago

dear all,

i implemented my own authentication by extending NmsAuthenticationAPI.

i want fetch user detail (first phase of handshake) by my my own database and policy but webnms do it by itself

and i just can have some policy in verifyCredentials method and it is not useful for me; because it it after

the get user details phase.

is it possible to query user details from my own database and table?

thanks for any help.

Replies(4)

venkatram.. Employee

Re: Custom authentication implementation

10 years ago

Hi

We understand your issue as follows:
Users present in radius but in not WebNMS, unable to login. (Please correct us if we are wrong)

Solution: In your extended authentication implementation class, you have to override both the getChallenge methods as follows:

If No such user message is thrown, then neither NULL nor No such user should be thrown.
Instead some dummy text should be returned:
For eg see the below implementation:

public String getChallenge(String user) throws RemoteException, AuthenticationException
{
        try{
                return super.getChallenge(user);
        }
        catch(AuthenticationException exp)
        {
                if(exp.getMessage().indexOf("No such user") != -1)
                {
                        return "authorized";
                }
        }
        return null;
}
public String getChallenge(String user, Properties props) throws RemoteException, AuthenticationException
{
        try{
                return super.getChallenge(user,props);
        }
        catch(AuthenticationException exp)
        {
                if(exp.getMessage().indexOf("No such user") != -1)
                {
                        return "authorized";
                }
        }
        return null;
}

In addition, there is also one more restriction in WebNMS.

Only Authentication in is allowed from external sources and is pluggable.
But authorization is not externally pluggable. It isto be done inside the WebNMS.

(i.e) If a user exist in radius (OR any other 3rd party authentication server), then the same user should also be present in WebNMS (But his password need not be maintained in DB).

This could be ensured in runtime as shown below:

1. After the RADIUS authentication has succeeded, you need to check whether that particular user is present in Web NMS. For this, the belowcode snippet could be used:

AuthorizationAdmin admin =(AuthorizationAdmin)NmsUtil.getAPI("NmsAuthAdminAPI");

admin.isUserNamePresent(userName);

Here the method, AuthorizationAdmin.isUserNamePresent() will return true if the username ispresent in NMS else it would return false.

2. Now if the username is not present in WebNMS, it can be addedin Web NMS using the below code:

UserConfigAPI config =(UserConfigAPI)NmsUtil.getAPI("UserConfigAPI");

config.createNewAccount(username,password,groupName);

We have done the above changes in RadiusAuthenticationImpl.java & have got a zip at WebNMS wiki (This also contains updated conf files which are mentioned in the Custom Authentication doc)
We believe this answers your query. Please get back to us with the modified sources & code snippets for any further clarification in this regard.

Thanks & regards
Venkatramanan

[WebNMS Support]

javageek

Re: Re: Custom authentication implementation

10 years ago

Dear Venkatramanan,

Thanks very very much for your complete answer. that is my problem.

i had done something like your suggestion for authentication.

But you has mentioned we can not have out own authorization system. i read the developers guide

and there was mentioned by implementing of AuthorizationEngine and AuthorizationAdmin interfaces we

can have our authentication system. for example we could implement isAuthorized(....),getAthorizedOpertaions(),

getOperationForUser() in AuthorizationEngine interface and methods such isUserPresent() , createUser() , assignUserToGroup() in AuhtorizationAdmin and etc to have our authorization system.

this is very important for us to have our authorization system. i have a authentication and authorization system

which i use that in all our programs. i define all security rules there.

Please guide me and say why "Only Authentication in is allowed from external sources and is pluggable.

But authorization is not externally pluggable. It isto be done inside the WebNMS."

thanks very much again.

All the best

venkatram.. Employee

Re: Custom authentication implementation

10 years ago

So far WebNMS customers have been looking for only custom authentication and they have been implementing only authentication. Since the process to implement custom authorization is quite long (overriding every method in the interface, understand what it does, having custom prepared statements for every process, etc.) and tedious (and was not so essential), they have not implemented custom authorization.

We too have not tested the same (But we had rigorously tested for custom authentication).

Only due to the above reasons, we requested you not to go with custom authorization.

Hence we can guide you better if you explain why it is essential for you to write custom authorization along with the sources you had written to achieve it.
In addition, please provide the developer guide link you had mentioned (about custom authorization)

Regards

Venkatramanan

[WebNMS Support]

javageek

Re: Re: Custom authentication implementation

10 years ago

Dear Venkatramanan

as i said before, i have control access system which i use it in all my applications for authentication and authorization.

all off users and their roles are defined there.so i want to have all my security data in my database not in WebNMS.

a table at section 5.24.3.1 authorization startup options mentioned that we can have our implementation for AuthorizationEngineImpl and AuthorizationAdminImpl.

Regards

Top Reply

Response title

Attachments

New to this Portal?