Sun Java System Web Server 7.0 Update 4 NSAPI Developer's Guide

AuthTrans() Example

This simple example of an AuthTrans function demonstrates how to use your own custom methods to verify that the user name and password that a remote client provides is accurate. This program uses a hard-coded table of user names and passwords and checks a given user's password against the one in the static data array. The userdb parameter is not used in this function.

AuthTrans directives work in conjunction with PathCheck directives. Generally, an AuthTrans function checks whether the user name and password associated with the request are acceptable. However, it does not allow or deny access to the request. The PathCheck function handles access.

AuthTrans functions get the user name and password from the headers associated with the request. When a client initially makes a request, the user name and password are unknown. The AuthTrans function and PathCheck function reject the request, because the user name and password have not yet been submitted. When the client receives the rejection, the usual response is to present a dialog box asking the user for their user name and password. The client then submits the request again, this time including the user name and password in the headers.

In this example, the hardcoded-auth function, which is invoked during the AuthTrans step, checks whether the user name and password correspond to an entry in the hard-coded table of users and passwords.

Installing the AuthTrans() Example

To install the function on the Web Server, add the following Init directive to magnus.conf to load the compiled function:

Init fn=load-modules 
     shlib="path" 
     funcs=hardcoded-auth

Inside the default object in obj.conf, add the following AuthTrans directive:


AuthTrans fn=basic-auth 
          auth-type="basic" 
          userfn=hardcoded-auth
          userdb=unused

         

Note that this function does not actually enforce authorization requirements. It only takes given information and tells the server whether it is correct. The PathCheck function require-auth performs the enforcement. Therefore, add the following PathCheck directive:

PathCheck fn=require-auth 
          realm="test realm" 
          auth-type="basic"

The source code for this example is in the auth.c file in the install-dir/samples/nsapi/directory.