Pluggable Authentication Driver

The use of pluggable authentication drivers with a BI Beans application is optional, is external to BI Beans, and must be registered and turned on if used. You can use one driver to handle authentication for the BI Beans Catalog, and another driver to handle authentication for the OLAP service.

When a user attempts to start an application and make a connection, the authentication driver (if registered), is invoked before the connection driver.

AuthenticationProvider interface specification

A pluggable authentication driver must implement the AuthenticationProvider interface from the oracle.dss.security package.


public interface AuthenticationProvider {   public void authenticate(Hashtable properties) throws BISecurityException; }

Authenticate method specification

Incoming arguments to the authenticate method allow information to be passed from the application to the authentication driver. The authenticate method authenticates the user and, when successful, adds information to the incoming arguments.

By default, no authentication driver is used. If you implement a pluggable authentication driver, the authenticate method is invoked only upon connection to a data store (such as the BI Beans Catalog or an OLAP data source). The authentication driver is called first and can pass the required user name and password to the BI Beans Catalog connection driver or to the OLAP connection driver. The authentication driver can throw a BISecurityException to the BI Beans runtime environment, if the authentication fails.

You can pass parameters from the authentication driver to the connection driver by setting additional properties in the hash table in the authenticate method. The updated hash table is made available to the appropriate pluggable connection driver. For example, you can authenticate users with multiple names by allowing all users to connect to the data source using the same name. With this single name, there is only one connection to the data source.

Authentication at the application level

If you will authenticate at the application-level (that is, during startup), then Oracle Application Server Single Sign-On or another such mechanism is invoked first, before the application starts to run. Once Oracle Application Server Single Sign-On has authenticated the user, it writes a cookie to the browser and allows the application to run.