I've gone ahead and added this as a separate Improvement item in JIRA. FTPSERVER-54 (Expand authentication capability of UserManager interface)
The current authenticate method in the UserManager interface allows for UserManager implmentations to authenticate login requests with just username and password. Given the support for FTPS and client certificate checking, it would make sense to include additional information for authentication purposes. By including the RequestHandler, we could get access to the control socket (for information like the client IP address) as well as get the client's certificate chain in case the Socket is an instance of SSLSocket. Once the client certificate is available, a UserManager implementation can perform 2 factor authentication by matching the user login with parameters within the client certificate. Hope it's ok - it's my first entry! Thanks, Gary -----Original Message----- From: Clinton Foster [mailto:[EMAIL PROTECTED] Sent: Wednesday, November 29, 2006 3:27 PM To: [email protected] Subject: Re: [jira] Created: (FTPSERVER-52) Add onLoginFail() to Ftplet interface This is exactly the sort of thing I was thinking of. In my case I simply wanted to log a message from my custom user manager indicating the IP address of the client for whom authentication failed. But this is better handled by ftplet.onLoginFail(), as I think most people seem to be favoring. But the case you made for providing access to the RequestHandler from FtpUserManager.authenticate() makes sense. And there could be other possibilities such as a specialized user manager that needs to take the client IP address into account when performing authentication. It seems to me this merits a separate item in the issue tracking system. Perhaps you could add one with your example below? Clint ------------------------------------------------------------------------ -- On 11/29/06 9:10 AM, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> wrote: > I don't know if this suggestion is misplaced, but one thing I would > suggest is to have the authenticate call of the of the UserManager > interface include the RequestHandler and that the RequestHandler provide > an interface to get Socket information. It can be used to pass IP > information as part of the user authentication, but more importantly, it > can be used to get access to Certificate information if it is an SSL > socket and client authentication is enabled. In my implementation, I've > needed to evaluate contents of the Subject in the certificate with the > login used in order to provide 2 factor authentication. An additional > interface to UserManager might be an authenticate method that just takes > an array of Certificates to provide for certificate based > authentication. > > -----Original Message----- > From: Dave Roberts [mailto:[EMAIL PROTECTED] > Sent: Wednesday, November 29, 2006 4:16 AM > To: [email protected] > Subject: Re: [jira] Created: (FTPSERVER-52) Add onLoginFail() to Ftplet > interface > > It was 28/11/2006 21:56, when Niklas Gustavsson wrote: > >> What do you all think of this RFE? I would be happy to add the >> onLoginFail() method to the FtpLet interface if you don't disagree. > > Agreed, onLoginFail() seems the best place to me, but I wonder if it > needs to be complemented with an onLoginOk(), both of which could be > called after the user is set within the FtpRequestImpl object, so > that the user information is available to the FtpLet. > > It also gives the application developer the opportunity to perform > some additional authentication on the user, if required. >
