Authenticating an External User

The authenticate() method is responsible for authenticating an external user. It is invoked during the authentication process if the user is identifier as an external user. In the case of external users this method is invoked in place of the configured authentication.

Note: If an alternative authentication mechanism, e.g. LDAP, is configured, the external users must be able to authenticate against this mechanism.

/**
   * The implementation of this method should validate the identifier and
   * password and return the result of the validation. If the information is
   * valid, the codetable code SecurityStatus.LOGIN should be returned.
   *
   * @param identifier The identifier of the external user.
   * @param password The password as array of characters.
   * @param userType The type of external user.
   *
   * @return The status of the authentication in the form of a codetable code.
   *
   * @throws AppException Generic Exception Signature.
   * @throws InformationalException Generic Exception Signature.
   */

  public abstract String authenticate(String identifier,
    char[] password, String userType)
    throws AppException, InformationalException;

The input parameters to the method include an identifier, the digested password as an array of characters, and the type of the external user to be authenticated.

The userType parameter is intended to allow for support of multiple types of external users that require different authentication mechanisms. The use of this parameter depends on the custom implementation.

The expected result of this method will be an entry from the curam.util.codetable.SECURITYSTATUS codetable. In the case of successful authentication the result must be:

curam.util.codetable.SECURITYSTATUS.LOGIN

For authentication failures this codetable contains a number of entries, including BADUSER , BADPWD and PWDEXPIRED . This codetable can be extended to include custom codes as detailed in the Cúram Server Developer's Guide.

The authentication result returned by this method is automatically logged in the AuthenticationLog database table. For more information on this table see the Cúram Server Developers Guide.

The abstract class PublicAccessUser also defines the following abstract methods that any concrete subclass must implement:

Method upgradeSafePasswordValidation() is required to allow for password comparison and is defined as follows:

public final boolean upgradeSafePasswordValidation(
final String userName,
final String storedPasswordHash,
final String plaintextPassword)

Method setPassword() is to allow the implementor to persist the password (e.g. a new password) in the case of crypto upgrades. So this method gets called when the upgradeSafePasswordValidation() method is called. Here is the method definition:
```
public abstract void setPassword(String username, String hashedPassword)
throws AppException, InformationalException;
```

See the associated JavaDoc of the PublicAccessUser class for more details regarding the above methods.