Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The Ceptor Gateway supports a number of ways of extending it, either using custom Java code or scripts (e.g. javascript code).

...

An authentication plugin allows authenticating a user based upon information available in the request.

Tip

Do not confuse Gateway Authentication Plugins with Authentication Plugins for the Session Controller - despite the name they are 2 separate entities.

In the gateway, this plugin has full access to the request and response and can do anything with it - in the Session Controller which is a separate module, an Authentication Plugin is able to handle authentication from a number of sources - e.g. from standalone applications, from the Ceptor Gateway, or from Radius.

Often the gateway authentication plugin uses the Agent API to call an authentication plugin on the Session Controller to authenticate a user within a session.


Gateway Authentication Plugins must implement the interface io.ceptor.authentication.IAuthenticator which look like this:

...

Code Block
if (input.indexOf('Looks good to me') != -1)
  true;
else
  false;


IP Checker Script

Script must return true or false to indicate if it is ok to swith to the new IP address.

The variable input contains the new IP address the client is switching to. The variable state contains all information about the request.

...

Code Block
if (input == '127.0.0.1') true; else false;

Another example - here checking the original IP:

Code Block
if (input == '127.0.0.1' || context.gateway.getClientSourceIP(state) == '10.0.0.1') true;

...