[JDEV] adding authentication associated with a tranport.
Oliver George
oliver at littledevil.com.au
Thu Oct 19 19:15:30 CDT 2000
Hi JDEVers,
(in case anyone is interested i have successfully interfaced flash 5 with
jabber and hopefully i will integrate these changes to the jabber source
- thanks to all who helped)
My previous work has gotten me to the stage of having a 3k flash applet
for a online helpdesk chat session. Nothing tricky. It can successfully
talk to the jabber server.
My aim is to allow authentication to the server and restrict this
'anonymous' access to a particular transport.
With this in mind i want to do the following...
1. add a new authentication module associated with this function
2. add a filter on these sessions to only permit messages to be targetted
at the transport.
The filtering is easy, i just register a module on o_PRECOND and reject
packets based on the "to" and "from" attributes. Specifically, if the
sender is "troubleticketid at helpdesk-customer" then the destination must
be "troubleticketid at helpdesk-transport". You could even only permit
<message/> tags.
The authenticating is tricky. I have two possible solutions which i will
describe below, but generally the new authentication module will authenticate
if the following conditions are met:
a. the address is of the form "troubleticketid at helpdesk-customer"
b. a database lookup shows the troubleticketid is valid and active
c. the password matches the password associated with that troubleticketid
(if one exists)
If people accept that this sort of arrangement is an acceptable use of
jabber then a good generic solution is the best... this means option 2 is
the best solution.
OPTION 1: compile a new authentication module into jsm.so (ewww, yuck,
transports shouldn't need to be compiled into the server)
OPTION 2: add some kind of interface to jsm so that an external module
can signal that this session has been successfully authenticated.
Internally it seems that jsm associates some kind of state with a session,
and i assume it blocks packets until the session state is AUTHed. the only
issue with that is that an externally compiled module needs to communicate
with it.
This is all my best guess work, jsm is scary but very clever. StPeter
agrees with my ideas, but the question was without notice.
Anyhow this email is just to get my issue somewhere permenant. Any
hints, opinions or suggestions are welcome.
Thanks, Oliver (aka. Slimy).
More information about the JDev
mailing list