Ejemplo de extensión del autenticador de dispositivo Edge
En el siguiente ejemplo se ilustra cómo se puede desarrollar una extensión del autenticador de dispositivos Edge para utilizar requisitos de seguridad que se envían desde el dispositivo Edge.
En este ejemplo se realiza lo siguiente:
• Se extiende la clase SecurityClaimsAuthenticator de la API de ThingWorx Platform para implementar la lógica de procesamiento personalizada dentro de los métodos matchesAuthRequest y authenticate.
• Dentro del método matchesAuthRequest:
◦ Los requisitos de seguridad entrantes se comprueban para ver si se incluye un requisito secretTokenKey.
◦ Si en los requisitos se incluye un requisito secretTokenKey, el método devuelve verdadero a la plataforma, lo que indica que este autenticador se debe utilizar para validar los requisitos de seguridad.
• Dentro del método authenticate:
◦ Se obtiene secretTokenKey.
◦ Si secretTokenKey no es nulo y no está vacío, y si su valor coincide con el valor esperado de MySecretKey, el método devuelve el valor de whoTheySaidTheyWere, que es un usuario.
◦ Si existe el usuario proporcionado, se autentica en ThingWorx Platform.
package your.company.thingworx.authenticator;
import com.thingworx.communications.common.SecurityClaims;
import com.thingworx.security.authentication.AuthenticatorException;
import com.thingworx.security.authentication.SecurityClaimsAuthenticator;
/**
* Custom edge security authenticators are based around the "SecurityClaims"
* class. This class is at its essence a wrapper around a map. To use the
* map, one provides
*/
public class CustomEdgeAuthenticator extends SecurityClaimsAuthenticator {
private static final long serialVersionUID = 1L;
/**
* The matchesAuthRequest method is the indicator that this
* authenticator should be used to verify the SecurityClaims object
* presented. This method allows the author to make a determination
* about the claims provided by inspecting the information therein and
* decide if this authenticator
* should be used to try to verify the claims provided or not.
*
* @param SecurityClaims object containing the corresponding security
* information @return boolean indicating the authenticator should be
* used to verify the SecurityClaims provided
*/
@Override
public boolean matchesAuthRequest(SecurityClaims securityClaims) throws
AuthenticatorException {
//in this simple implementation we are looking for a 'secretTokenKey'
//claim. If one is present in the securityClaims object supplied -
//this SecurityClaimsAuthenticator should be used
return securityClaims.getClaims().containsKey("secretTokenKey");
}
/**
* This is the method that must be implemented to ensure the presented
* SecurityClaims are valid.
*
* @param SecurityClaims object containing the corresponding security
* information @return String indicating the corresponding user identity
* which the SecurityClaims represent.
*/
@Override
public String authenticate(SecurityClaims securityClaims) throws
AuthenticatorException {
String secretTokenValue = securityClaims.getClaims().get
("secretTokenKey");
if(secretTokenValue != null && secretTokenValue.trim().length() > 0)
{
//the secretTokenValue was provided - verify it is the proper
value!
if("MySecretKey".equals(secretTokenValue)) {
//Only when all these checks are complete will we consider
// the auth request to be valid. Here we have permitted the
// user to tell the platform "who" they are via the
// SecurityClaims
//This is a naieve example - and is for illustrative
// purposes only.
return securityClaims.getClaims().get("whoTheySaidTheyWere");
}
}
//throw a generic exception - and do not leak important information
//to the caller
throw new AuthenticatorException("The claims provided are incorrect");
}
}