Interface CtsSecurity::AuthService

This specifies an interface for performing authentication, access control and security auditing at the session level. User can write an implementation of this interface and configure a server level authentication service by setting the server property 'com.sybase.jaguar.server.authservice' to the component name that implements this interface.

Note that, this is not a replacement to Jaguar's role based access control mechanism. Role based access control is applied at the Jaguar package/component (and/or method) level. Also, if SSL or OS based authentication is configured in the server, Jaguar will authenticate users based on the configured method(s) before invoking this authentication service.

Operation Index

checkSession

Operations

checkSession
Check the session information to optionally authenticate the user, and/or to allow/disallow access to the Jaguar server. User implementations could check the current authentication status and perform additional authentication if any required. It can also check any information that is deemed important to decide whether to allow access to server to continue. This includes checking host, username, password and ssl parameters. Client session's SSL parameters can be obtained (currently) by instantiating CtsSecurity/UserCredentials component. In future releases, an additional interface SSLSessionInfo will be supported on the server side to retrieve the relevant client SSL session information. Implementation of this method would use the supplied sessionInfo object and retrieve the required information from it using CtsSecurity::SessionInfo interface. This method could also write relevant session information to a file for auditing purposes.
```
    long checkSession
    (
        in CtsSecurity::SessionInfo sessInfo
    );
```
This method will be called by the Jaguar server,
- for each new client session after Jaguar has verified user authentication and before it proceeds to continue processing the client requests on that session.
- whenever the session authentication expires (this timeout period can be set using the server property 'com.sybase.jaguar.server.authtimeout').
- for each new TDS connection after Jaguar has performed user authentication and before running TDS connect handler (if any configured).
Return values of this method are,

Return Value Meaning

AUTH_SUCCEED Jaguar internal dispatcher will proceed with the processing of the client requests on this session.

AUTH_FAIL Jaguar rejects the client session.

Please refer to Jaguar sample directory for a sample implementation of this interface.

Return Value	Meaning
AUTH_SUCCEED	Jaguar internal dispatcher will proceed with the processing of the client requests on this session.
AUTH_FAIL	Jaguar rejects the client session.

Generated by Sybase EAServer 4.1