NexJ Logo

Configuring flexible authentication

NexJ Server enables flexible authentication that supports all third-party Single Sign-On (SSO) solutions including SPNEGO with Kerberos.

HTTP clients can pass identity information to an application server by using an authentication interceptor. You can develop a custom authentication interceptor that provides a mechanism by which your application server
authenticates incoming requests.

Creating custom authentication interceptors

You can create custom interceptor classes to provide authentication for your application.

If you want to integrate with NexJ CRM through an HTTP channel, and the existing security for the application is insufficient, you can build a custom authentication interceptor to secure your HTTP channel.


In the following example, the custom service is called Example_Service and the HTTP integration channel is called EXAMPLE_CHANNEL.

If you want to modify the default user domain group (nexjusers), see Creating a user domain group for NexJ applications.

To create a custom authentication interceptor:

  1. Using the Resource perspective in NexJ Studio, locate the nexj.companyName.rpc.http package in your project's src folder.
  2. Create a new Java class. This class should contain the custom authentication logic that specifies that the request is from a specific source, contains a specific identification header, validates a received token against an authentication server, and so on. The new class can reuse existing logic by extending core classes (for example, GenericAuthenticationInterceptor or BasicAuthenticationInterceptor). For example, create a class called ExampleAuthenticationInterceptor:

    package nexj.companyName.rpc.http;
    import javax.servlet.ServletException;
    import javax.servlet.http.HttpServletRequest;
    import javax.servlet.http.HttpServletResponse;
    import nexj.core.runtime.InvocationContext;
    import nexj.core.util.HTTP;
    import nexj.core.util.Logger;
    * Example authentication interceptor.
    public class ExampleAuthenticationInterceptor extends
       // attributes
       // associations
        * The class logger.
        protected final static Logger s_logger =
        // operations
         * @see nexj.core.rpc.http.AuthenticationInterceptor#authenticate
     (javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse,
         * nexj.core.runtime.InvocationContext)
         public boolean authenticate(HttpServletRequest request, HttpServletResponse
     response, InvocationContext context) throws IOException, ServletException
           s_logger.debug("Using 'Example' authentication ...");
           // conditions for request to authenticated
           if (condition1 && condition2 && condition3)
              login("UserA", "Example", context);
              return true;
           // else reject request
           return false;
  3. In the Resources layer, click the Components tab and create a new component. Specify the following values:

    • Activation: context

    • Type: full name of the custom interceptor class
      For example, create a new component called System.Authentication.Example.comp with the following source:

      <Component activation="context" description="Custom Authentication Interceptor
       for Example integration"


      Additional properties can be added to the component for cases that require more complex logic, for example, you could add environment-specific properties.

  4. You can set custom authentication for the HTTP channel or for the main application. For example, to update the environment file that contains the channel connection so that it references your custom interceptor:
    1. In NexJ Studio, open the environment file.
      The file opens in the editor window.
    2. In the editor window, click the Channel Connections tab.
    3. In the Channel Connections area, select the required HTTP connection. For example, select EXAMPLE_CHANNEL.
    4. In the Authentication Component field, enter the name of your component. For example, enter System.Authentication.Example.
    5. In the Authentication drop-down list, select custom.
    6. Click the Save button in the toolbar to save the changes to the environment file.

Incoming web service requests to the EXAMPLE_CHANNEL endpoint will now trigger the ExampleAuthenticationInterceptor class for custom authentication. All other incoming requests to the application will be unaffected, and, unless otherwise specified, will use the main security settings configured in the Security tab of the environment file.