com.wm.security.auth
Interface Module


public interface Module

This interface defines the methods that must be implemented to create a pluggable authentication module. Classes that implement this interface must contain all the logic needed to authenticate a user's credentails using an external authentication system.

If you implement a pluggable authentication module, you must also implement a corresponding factory for the module. At run time, the processToken(Token) method is invoked and the appropriate authentication token passed. A valid user ID must be returned from an authentication module if the supplied token is deemed valid.

For information about creating pluggable authentication modules, see "Customizing Authentication" in the webMethods Integration Server Administrator's Guide.

See Also:
ModuleFactory, Token

Method Summary
 java.lang.String getMechanism()
          Indicates the type of authentication information (i.e., Token objects) that this module processes.
 java.lang.String processToken(Token token)
          Authenticates the user information in the specified Token.
 

Method Detail

getMechanism

java.lang.String getMechanism()
Indicates the type of authentication information (i.e., Token objects) that this module processes. For example, you might return the string basic if your module authenticates basic user name and password information.

Note: The value returned by this method must match the value produced by the getType method in the Token objects that you want this Module to process.

Returns:
A String specifying the type of authentication information that this object processes.
See Also:
Token.getType()

processToken

java.lang.String processToken(Token token)
Authenticates the user information in the specified Token. If the authentication information in the Token is valid, your implementation of this method must return the user ID that will be used to log the requestor on to the webMethods Integration Server. If the authentication information is invalid (for example, if Token contains an invalid user name and/or password), your implementation must return null.

Note: At run time, an authentication module will only receive Token objects that match the mechanism it supports. For example, if a module is registered as a "basic" mechanism, then it will only receive Token objects whose type is "basic".

Parameters:
token - A Token containing the authentication information that is to be processed.
Returns:
A String containing the authenticated user ID or null if authentication fails.