NexJ Model Server enables flexible authentication that supports all third-party Single Sign-On (SSO) solutions including SPNEGO with Kerberos.

HTTP clients can pass identity information to an application server by using an authentication interceptor. You can develop a custom authentication interceptor that provides a mechanism by which your application server authenticates incoming requests.

Creating custom authentication interceptors

You can create custom interceptor classes to provide authentication for your application.

If you want to integrate with NexJ CRM through an HTTP channel, and the existing security for the application is insufficient, you can build a custom authentication interceptor to secure your HTTP channel.

Info

In the following example, the custom service is called Example_Service and the HTTP integration channel is called EXAMPLE_CHANNEL.

If you want to modify the default user domain group (nexjusers), see Creating a user domain group for NexJ applications.

To create a custom authentication interceptor:

Using the Resource perspective in NexJ Studio, locate the nexj.companyName.rpc.http package in your project's src folder.

Create a new Java class. This class should contain the custom authentication logic that specifies that the request is from a specific source, contains a specific identification header, validates a received token against an authentication server, and so on. The new class can reuse existing logic by extending core classes (for example, GenericAuthenticationInterceptor or BasicAuthenticationInterceptor). For example, create a class called ExampleAuthenticationInterceptor:

package nexj.companyName.rpc.http;



import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import nexj.core.runtime.InvocationContext;
import nexj.core.util.HTTP;
import nexj.core.util.Logger;



/**
* Example authentication interceptor.
*/
public class ExampleAuthenticationInterceptor extends
 GenericAuthenticationInterceptor
{
   // attributes
   // associations
   /**
    * The class logger.
    */
    protected final static Logger s_logger =
 Logger.getLogger(ExampleAuthenticationInterceptor.class);
    // operations
    /**
     * @see nexj.core.rpc.http.AuthenticationInterceptor#authenticate
 (javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse,
     * nexj.core.runtime.InvocationContext)
     */
     public boolean authenticate(HttpServletRequest request, HttpServletResponse
 response, InvocationContext context) throws IOException, ServletException
   {
       s_logger.debug("Using 'Example' authentication ...");
       // conditions for request to authenticated
       if (condition1 && condition2 && condition3)
       {
          login("UserA", "Example", context);
          return true;
       }
       // else reject request
       response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
       return false;
   }
}

In the Resources layer, click the Components tab and create a new component. Specify the following values:
- Activation: context
- Type: full name of the custom interceptor class
  For example, create a new component called System.Authentication.Example.comp with the following source:
```
<Component activation="context" description="Custom Authentication Interceptor
 for Example integration"
type="nexj.companyName.rpc.http.ExampleAuthenticationInterceptor"/>
```
  Info
  
  Additional properties can be added to the component for cases that require more complex logic, for example, you could add environment-specific properties.
You can set custom authentication for the HTTP channel or for the main application. For example, to update the environment file that contains the channel connection so that it references your custom interceptor:
1. In NexJ Studio, open the environment file.
  The file opens in the editor window.
2. In the editor window, click the Channel Connections tab.
3. In the Channel Connections area, select the required HTTP connection. For example, select EXAMPLE_CHANNEL.
4. In the Authentication Component field, enter the name of your component. For example, enter System.Authentication.Example.
5. In the Authentication drop-down list, select custom.
6. Click the Save button in the toolbar to save the changes to the environment file.

Incoming web service requests to the EXAMPLE_CHANNEL endpoint will now trigger the ExampleAuthenticationInterceptor class for custom authentication. All other incoming requests to the application will be unaffected, and, unless otherwise specified, will use the main security settings configured in the Security tab of the environment file.