All Packages  Class Hierarchy  This Package  Previous  Next  Index

Interface com.sun.server.realm.ChallengeResponseAuth

public interface ChallengeResponseAuth
This interface is used by authentication systems which build on the basic challenge/response protocol. Examples of such protocols include the IETF One Time Password (RFC 1938; closely related to the S/Key system) protocol, and the proprietary protocols used by a variety of security token cards.

Advantages of such protocols over passphrase (or password) based authentication systems include relative security even in the face of passive wiretapping, since someone who records a number of challenge and response pairs can't predict the next response or, commonly, the next challenge.

Entities (such as User objects) which support a challenge/response authentication protocol will implement this interface. When such objects are used in authentication protocols, the protocol driver will get the challenge, communicate it to the client, and validate the response with this object. There are commonly both timeout and recording mechanisms, preventing replay attacks. An entity which is in the middle of one challenge/response protocol interaction should not be expected to support another concurrent interaction.

See Also:
User, PassphraseAuth

Method Index

o authenticate(String, String)
Authenticates the user, using a given challenge and response.
o getChallenge()
Generates a challenge, which is to be presented to the user in order to generate a response.
o getChallengeType()
Identifies the type of challenge/response protocol being used.

Methods

o getChallenge 
 public abstract String getChallenge() throws NoAuthenticationException
Generates a challenge, which is to be presented to the user in order to generate a response.

Returns:
challenge string to be presented to the user
Throws: NoAuthenticationException
if authentication on this account has been disabled.
o authenticate 
 public abstract boolean authenticate(String challenge,
                                      String response) throws BadRealmException, NoSuchUserException
Authenticates the user, using a given challenge and response. In many common challenge/response systems, this operation requires updating persistent storage, which can increase the cost of such operations as well as exposing related failure modes.

Parameters:
challenge - as provided by the preceding getChallenge call.
response - as provided by the user, when presented the challenge.
Throws: BadRealmException
in the case of some errors such as inability to update the user's persistent storage.
Throws: NoSuchUserException
if the user was deleted from the database before the authentication operation completed.
o getChallengeType 
 public abstract String getChallengeType()
Identifies the type of challenge/response protocol being used. Common response values would be "One Time Password" (indicating use of the RFC 1938 OTP protocol) or the name of a particular token-based authentication card assigned to the user.

Returns:
user-meaningful identifier for the kind of response that is required. 
All Packages  Class Hierarchy  This Package  Previous  Next  Index