Interface CtsSecurity::AuthService

This specifies an interface for performing authentication.

Operation Index

• checkSession

Operations

• checkSession

  Check the session information to optionally authenticate the user, and/or to allow/disallow access to the EAServer server. User implementations could check the current authentication status and perform additional authentication if any required. It can also check any information that is deemed important to decide whether to allow access to server to continue. This includes checking host, username, password and ssl parameters. Client session's SSL parameters can be obtained (currently) by instantiating CtsSecurity/UserCredentials component. In future releases, an additional interface SSLSessionInfo will be supported on the server side to retrieve the relevant client SSL session information. Implementation of this method would use the supplied sessionInfo object and retrieve the required information from it using CtsSecurity::SessionInfo interface. This method could also write relevant session information to a file for auditing purposes.

      long checkSession
      (
          in CtsSecurity::SessionInfo sessInfo
      );
  

  This method will be called by the EAServer server,

  • for each new client session after Jaguar has verified user authentication and before it proceeds to continue processing the client requests on that session.
  • whenever the session authentication expires (this timeout period can be set using the server property 'com.sybase.jaguar.server.authtimeout').
  • for each new TDS connection after EAServer has performed user authentication and before running TDS connect handler (if any configured).

  Return values of this method are,

  Return Value	Meaning
  AUTH_SUCCEED	EAServer internal dispatcher will proceed with the processing of the client requests on this session.
  AUTH_FAIL	EAServer rejects the client session.

  Please refer to EAServer sample directory for a sample implementation of this interface.