For just the AuthN part I think you need to implement the
LoginModulePlugin rather than implementing the login protocol (eg
Httpbasic, form etc).
So
LoginModulePlugin.canHandle(credentials) should return true for
credentials that have some hope of being authenticated agains LDAP.
and
LoginModulePlugin.getAuthentication(Principal principal,
Credentials creds)
should return something capable of authenticating the credentials
(probably already has done so).
Ian
On 30 Jul 2009, at 15:25, Carl Hall wrote:
I'm writing an authentication handler that should use ldap for user
information. My general steps are below. Please let me know where
I'm wrong or where things could be done better.
LdapAuthHandler -> AuthenticationHandler, LoginModulePlugin {
AuthenticationInfo authenticate(..) {
// if previous auth info is available in the request or session
(don't assume session is available), put memento in request and return
auth info.
// else if user/pass in the request, construct and return auth info
// else, return null
}
}
LdapLoginServlet -> SlingAllMethodsServlet {
void doPost(..) {
// if auth info from auth info from auth handler is available in
request, use it to look up user in ldap. if lookup is successful,
store info in session, redirect to lading page.
// else, send error (403)
}
}
