Sun Java System Web Proxy Server 4.0.11 NSAPI Developer's Guide

AuthTrans Example

This simple example of an AuthTrans function demonstrates how to use custom methods to verify that the user name and password that a remote client provided is accurate. This program uses a hard-coded table of user names and passwords and checks a given user’s password against the one in the static data array. The userdb parameter is not used in this function.

AuthTrans directives work in conjunction with PathCheck directives. An AuthTrans function checks whether the user name and password associated with the request are acceptable. This directory does not allow or deny access to the request. Access is handled by a PathCheck function.

AuthTrans functions get the user name and password from the headers associated with the request. When a client initially makes a request, the user name and password are unknown. The AuthTrans function and PathCheck function therefore together to reject the request, because they can’t validate the user name and password. When the client receives the rejection, the usual response is to present a dialog box asking the user for the user name and password. The client then submits the request again, this time including the user name and password in the headers.

In this example, the hardcoded-auth function, which is invoked during the AuthTrans step, checks whether the user name and password correspond to an entry in the hard-coded table of users and passwords.

Installing the AuthTrans Example

To install the function on the Sun Java System Web Proxy Server, add the following Init directive to obj.conf to load the compiled function:

Init fn=load-modules shlib=yourlibrary funcs=hardcoded-auth

Inside the default object in obj.conf, add the following AuthTrans directive:

AuthTrans fn=basic-auth auth-type="basic" userfn=hardcoded-auth


This function does not enforce authorization requirements. The function only takes given information and informs the server whether the information is correct or not. The PathCheck function require-auth performs the enforcement, so add the following PathCheck directive as well:

PathCheck fn=require-auth realm="test realm" auth-type="basic"

AuthTrans Example Source Code

The source code for this example is in the auth.c file in the nsapi/examples/ or plugins/nsapi/examples subdirectory of the server root directory.

#include "nsapi.h"
typedef struct {
    char *name;
    char *pw;
} user_s;

static user_s user_set[] = {
    {"joe", "shmoe"},
    {"suzy", "creamcheese"},
    {NULL, NULL}

#include "frame/log.h"

#ifdef __cplusplus
extern "C"
NSAPI_PUBLIC int hardcoded_auth(pblock *param, Session *sn, Request *rq)
    /* Parameters given to us by auth-basic */
    char *pwfile = pblock_findval("userdb", param);
    char *user = pblock_findval("user", param);
    char *pw = pblock_findval("pw", param);

    /* Temp variables */
    register int x;

    for(x = 0; user_set[x].name != NULL; ++x) {
        /* If this isn’t the user we want, keep going */
        if(strcmp(user, user_set[x].name) != 0) continue;

        /* Verify password */
        if(strcmp(pw, user_set[x].pw)) {
             log_error(LOG_SECURITY, "hardcoded-auth", sn, rq,
                    "user %s entered wrong password", user);
            /* This will cause the enforcement function to ask */
            /* user again */
            return REQ_NOACTION;
        /* If we return REQ_PROCEED, the username will be accepted */
        return REQ_PROCEED;
    /* No match, have it ask them again */
    log_error(LOG_SECURITY, "hardcoded-auth", sn, rq,
        "unknown user %s", user);
    return REQ_NOACTION;