We are planning to utilize connection managers and each connection manager will be used by a specific group of users in our organization. Based on our database design, there’'ll be distinct authentication sql for each group.
Our target therefore is to make the passwordSQL dynamic based on which connection manager was used by user.
How do you suggest we accomplish this?
I have more questions below which I think will help me a bit if I don’'t get concrete answer to the question above.
From the Openfire server end, how would we determine that the request came from which connection
manager? What would be the identifier?
Is it possible to append a connection identifier to the username? If so, how would that be done on the
Connection Manager side?
Just let me know if my questions are not clear enough.
as far as I know the IP address of the CM is always available together with the username as Openfire needs to route packets back to the user using the right CM.
So it should be possible to write an AuthProvider which checks this IP address to select the database to connect to.
Thanks for the response. I have a follow up question below.
From what I understand, it is not enough to create a class implementing AuthProvider and including this class in the openfire.xml basically because the IP address is not available in the AuthProvider interface as well as the AuthFactory class which calls the AuthProvider.
// from AuthFactory class
public static AuthToken authenticate(String username, String password)
throws UnauthorizedException
{
authProvider.authenticate(username, password);
return new AuthToken(username);
}
Any other way I can get the IP from somewhere in the auth package?
If none, I might need a PacketInterceptor. Is it possible to add a PacketInterceptor using the openfire.xml?
Thanks for helping a newbie.
Regards,
alona
p.s. Sorry for having posted this question in Support Forum instead of Dev Forum. Thought this won’'t require development.
it’'s really more a developer question, but as no one move threads around in this forum your only option would be to create a new thread in the right forum or to continue here.
I don’‘t know the code in detail and I usually don’‘t write much code for this project as it is very hard to add external code to it. I assume that it’'s a small overkill to get the xmpp instance within the auth provider to use it to query the data but it should be possible. Maybe there is also a public method to get the IP address or adding them is more simple.