Custom Authentication Handler

Question

Hi I have a requirement where App A consumes restful services exposed by CQ. Some of these are from author and some are from publisher. In case of author we need to provide authentication for consuming restful services exposed by CQ. This authentication should be done against client DS server before passing credentials to CQ. For this I planned to create Custom Authentication handler. Some issue in this custom authentication handler. Here there is no form based authentication.

Public class CustomAuthHandler implements AuthenticationHandler {

//implements

extractCredentials():

requestCredentials():

dropCredentials():

}

I will be mapping this handler to my restful service path (it is servlet path). This authentication handler triggers and extractCredentials() method will be called. Here I am doing 3rd party authentication if it is success I will extract credentials from request header and send AuthenticationInfo object. It works fine. In case of failure also it works fine. But I just added return false in requestCredentials() method and nothing in dropCredentials(). As per API we need to give login form in requestCredentials and cleanup any sessions in dropCredentials but I am not sure what exactly I need to implement in these 2 methods for my requirement.

Sham_HC · Accepted Answer

You can always returns false atrequestCredentials because looking at your handler implementation never requests credentials itself. Instead it is provided through a different form.In dropCredentials can be used to remove the token node/ cookie that needs cleanup on logout .

smacdonald2008 · Answer

Here is a good community artilce that may help you. It talks about creating a custom authentication handler:http://www.wemblog.com/2013/03/how-to-create-custom-authentication.htmlHTH

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded