Poco::RemotingNG

class Authenticator

Library: RemotingNG
Package: Transport
Header: Poco/RemotingNG/Authenticator.h

Description

The Authenticator interface is used for authenticating credentials.

Authenticators are specific to a transport and external authentication mechanism and must be implemented specifically for an application.

The design of the Authentication class allows for multi-request authentication schemes.

For multi-step authentication mechanisms, the Authenticator must be able to handle multiple authentication conversations simultaneously.

Inheritance

Direct Base Classes: Poco::RefCountedObject

All Base Classes: Poco::RefCountedObject

Known Derived Classes: Poco::RemotingNG::TCP::SCRAMAuthenticator

Member Summary

Member Functions: authenticate

Inherited Functions: duplicate, referenceCount, release

Types

Ptr

typedef Poco::AutoPtr < Authenticator > Ptr;

Constructors

Authenticator

Authenticator();

Creates the Authenticator.

Destructor

~Authenticator virtual

virtual ~Authenticator();

Destroys the Authenticator.

Member Functions

authenticate virtual

virtual AuthenticateResult authenticate(
    const Credentials & credentials,
    Poco::UInt32 conversationID = 0
) = 0;

Verifies that the given credentials are valid.

Returns an AuthenticateResult encapsulating the state of the authentication exchange.

Depending on the specific authentication mechanism, multiple calls to authenticate() may be necessary. In the first call, conversationID should be 0. In subsequent calls, conversationID must contain the conversationID returned in AuthenticateResult by the previous call.

Authenticators supporting multi-step conversations must be able to handle multiple simultaneous conversations. For that purpose, the conversationID is used to associate calls to authenticate with existing conversations.

As long as the state is AUTH_CONTINUE, the Credentials in the AuthenticateResult will be returned back to the client. If the state is AUTH_DONE, the credentials (if set) will be passed on to the Context and will be available to the Authorizer. However, the exact semantics are up to the specific Transport implementation.