Class HybridAuthProvider

  • All Implemented Interfaces:
    AuthProvider

    public class HybridAuthProvider
    extends Object
    implements AuthProvider
    The hybrid auth provider allows up to three AuthProvider implementations to be strung together to do chained authentication checking. The algorithm is as follows:
    1. Attempt authentication using the primary provider. If that fails:
    2. If the secondary provider is defined, attempt authentication (otherwise return). If that fails:
    3. If the tertiary provider is defined, attempt authentication.
    This class related to, but is distinct from MappedAuthProvider. The Hybrid variant of the provider iterates over providers, operating on the first applicable instance. The Mapped variant, however, maps each user to exactly one provider. To enable this provider, set the provider.auth.className system property to org.jivesoftware.openfire.auth.HybridAuthProvider. The primary, secondary, and tertiary providers are configured be setting system properties similar to the following:
    • hybridAuthProvider.primaryProvider = org.jivesoftware.openfire.auth.DefaultAuthProvider
    • hybridAuthProvider.secondaryProvider = org.jivesoftware.openfire.auth.NativeAuthProvider
    Each of the chained providers can have a list of override users. If a user is in an override list, authentication will only be attempted with the associated provider (bypassing the chaining logic).

    The full list of properties:

    • hybridAuthProvider.primaryProvider.className (required) -- the class name of the auth provider.
    • hybridAuthProvider.primaryProvider.overrideList -- a comma-delimitted list of usernames for which authentication will only be tried with this provider.
    • hybridAuthProvider.secondaryProvider.className -- the class name of the auth provider.
    • hybridAuthProvider.secondaryProvider.overrideList -- a comma-delimitted list of usernames for which authentication will only be tried with this provider.
    • hybridAuthProvider.tertiaryProvider.className -- the class name of the auth provider.
    • hybridAuthProvider.tertiaryProvider.overrideList -- a comma-delimitted list of usernames for which authentication will only be tried with this provider.
    The primary provider is required, but all other properties are optional. Each provider should be configured as it is normally, using whatever XML configuration options it specifies.
    Author:
    Matt Tucker