Sun Java System Access Manager 7 2005Q4 Administration Guide

Validation Plug-in Interface

An administrator can write username or password validation logic suitable to their realm, and plug this into the Authentication Service. (This functionality is supported only by the LDAP and Membership authentication modules.) Before authenticating the user or changing the password, Access Manager will invoke this plug-in. If the validation is successful, authentication continues; if it fails, an authentication failed page will be thrown. The plug-in extends the class which is part of the Service Management SDK. Information on this SDK can be found in the package in the Access Manager Javadocs.

ProcedureTo Write and Configure a Validation Plug-in

  1. The new plug-in class will extend the AMUserPasswordValidation class and implement the validateUserID() and validatePassword() methods. AMException should be thrown if validation fails.

  2. Compile the plug-in class and place the .class file in the desired location. Update the classpath so that it is accessible by the Access Manager during runtime.

  3. Login to the Access Manager console as top-level administrator. Click on the Service Management tab, and get to the attributes for the Administration Service. Type the name of the plug-in class (including the package name) in the UserID & Password Validation Plugin Class field.

  4. Logout and login.