Package org.jivesoftware.openfire.auth

Class HybridAuthProvider

java.lang.Object
org.jivesoftware.openfire.auth.AuthMultiProvider
org.jivesoftware.openfire.auth.HybridAuthProvider
All Implemented Interfaces:
AuthProvider
public class HybridAuthProvider extends AuthMultiProvider
The hybrid auth provider allows up to three AuthProvider implementations to be strung together to do chained authentication checking. The algorithm is as follows:
  1. Attempt authentication using the primary provider. If that fails:
  2. If the secondary provider is defined, attempt authentication (otherwise return). If that fails:
  3. If the tertiary provider is defined, attempt authentication.
This class related to, but is distinct from MappedAuthProvider. The Hybrid variant of the provider iterates over providers, operating on the first applicable instance. The Mapped variant, however, maps each user to exactly one provider. To enable this provider, set the provider.auth.className system property to org.jivesoftware.openfire.auth.HybridAuthProvider. The primary, secondary, and tertiary providers are configured be setting system properties similar to the following:
  • hybridAuthProvider.primaryProvider = org.jivesoftware.openfire.auth.DefaultAuthProvider
  • hybridAuthProvider.secondaryProvider = org.jivesoftware.openfire.auth.NativeAuthProvider
Each of the chained providers can have a list of override users. If a user is in an override list, authentication will only be attempted with the associated provider (bypassing the chaining logic).

The primary provider is required, but all other properties are optional. Each provider should be configured as it is normally, using whatever XML configuration options it specifies. When using multiple providers of the same type, it typically is desirable to have distinct configuration for each provider. To do so, a property with the name 'config' can be used. If used, the value of this property is passed as a string to the constructor of the provider (for this to work, the provider must have a constructor that takes exactly one argument: a string). Typically, this value is used to reference another property name that the provider can use to obtain its information for, but the value is treated as an opaque string by this implementation. The full list of properties:

  • hybridAuthProvider.primaryProvider.className (required) -- the class name of the auth provider.
  • hybridAuthProvider.primaryProvider.config -- A value used by the auth provider for configuration (typically the name of another property).
  • hybridAuthProvider.primaryProvider.overrideList -- a comma-delimited list of usernames for which authentication will only be tried with this provider.
  • hybridAuthProvider.secondaryProvider.className -- the class name of the auth provider.
  • hybridAuthProvider.secondaryProvider.config -- A value used by the auth provider for configuration (typically the name of another property).
  • hybridAuthProvider.secondaryProvider.overrideList -- a comma-delimited list of usernames for which authentication will only be tried with this provider.
  • hybridAuthProvider.tertiaryProvider.className -- the class name of the auth provider.
  • hybridAuthProvider.tertiaryProvider.config -- A value used by the auth provider for configuration (typically the name of another property).
  • hybridAuthProvider.tertiaryProvider.overrideList -- a comma-delimited list of usernames for which authentication will only be tried with this provider.
Author:
Matt Tucker