Interface Repository

Interface CtsSecurity::AuthService

This specifies an interface for performing authentication, access control and security auditing at the session level. User can write an implementation of this interface and configure a server level authentication service by setting the server property '' to the component name that implements this interface.

The authentication service can additionally implement the CtsServices::ControlService to provide ability to refresh the component during a server refresh. Component refresh provides ability to perhaps re-read a configuration file used by the authentication component, or refresh an internal cache used by the component WITHOUT the need to restart the server. The ControlService has 1 method 'control'. This method must be implemented by the user defined authentication service in addition to the checkSession method defined below.

During a server refresh, EAServer will attempt to invoke the control method on the authentication service with the argument 'refresh'. A return value of 1 from the method is considered a success. Any other return value is treated as an error condition and the authentication service will be disabled. If the component does not implement the CtsServices::ControlService interface, then no error/warning is logged by the server.

Note that, this is not a replacement to EAServer's role based access control mechanism. Role based access control is applied at the EAServer package/component (and/or method) level. Also, if SSL or OS based authentication is configured in the server, EAServer will authenticate users based on the configured method(s) before invoking this authentication service.

Operation Index


Generated by Sybase EAServer 5.0